Increased global competition, economic downturn and tighter regulation brought greater pressure on business and with it, greater risk. Both companies and governments worldwide had to make adjustments to cope with these changes in the business climate.
Enterprises worldwide cite electronic data protection and data privacy as their top two business ethics and corporate compliance risks, according to LRN’s 2008 LRN Ethics and Compliance Risk Management Practices Report.
Banking, financial, insurance, and healthcare industries have more rules and regulations regarding data privacy than other industries. Compliance with these electronic data protection and privacy laws is more complex and has migrated beyond traditional IT functions into legal compliance and ethics areas since the legal issues extend beyond the traditional file cabinet. Companies doing business in the U.S. have had to respond to the new eDiscovery rule that went into effect in 2007, requiring them to account for and maintain all their internal electronic records including emails, instant messages, and electronic documents that might prove critical in investigations. New European regulations regarding electronic data privacy and data protection have affected companies doing business on the continent.
The increased concern about electronic data risk is the result of the growing amount of electronic data generated organization-wide, combined with new, more stringent regulations and requirements regarding the management and security of data. Businesses have had sound policies and procedures on processing, storing and protecting printed documents, many of them developed throughout decades. They have had to protect their trade secrets, customer data, and employee records, but now they must also comply with the eDiscovery Rule which went into effect in 2007.
The eDiscovery Rule now requires companies to manage and maintain all electronic data, including e-mails and instant messages, which might be relevant in future legal disputes. Global enterprises have to comply with new data privacy laws and regulations imposed by European governments. Germany, for example, has instituted specific new laws on data protection that go beyond existing EU data protection laws as well as the older German Federal Data Protection Act. In the U.S., 47 states have ratified separate data privacy laws protecting individuals from fraud and malicious use of their data.
Our research shows that many companies made good progress in managing their ethics and compliance risks programs by conducting holistic business risk assessments. The most successful programs share the responsibility of risk assessment with Information Technology, Human Resources and Legal, and share results with their Board of Directors and Executive Leadership.