News

IDC: Departments Must Work Together to Tackle Compliance

• By Kathleen Ohlson
• September 29, 2005

Sarbanes-Oxley, HIPAA and other regulatory requirements are causing massive headaches for companies. But these headaches may get worse—and expensive—if companies’ departments don’t start working together.

That was the message drummed into attendees by Randolph Kahn, founder and principal of Kahn Consulting, a firm that specializes in legal, compliance and policy issues of IT and information lifecycle management.

Companies are dealing with new laws and massive amounts of data volume, so there’re major downsides for legal, records management, compliance and IT, Kahn says. “It’s a new world,” he says, “If you’re missing one of these components, it will [lead to] failure.”

The problem is many companies lack budgets for discovery, lawsuits and missing ubiquity. “I don’t care how much information you have,” he says, “What’s the point to have it if you can’t access it.”

One of Kahn’s clients learned this lesson the hard way. A financial services company could have settled a lawsuit for $20 million to $30 million, but the company didn’t. The company misplaced electronic files and lost the suit because of failure to disclose. It proved to be an expensive loss—the jury came back with a $1.5 billion verdict for the plaintiff. The financial services firm later fired its general counsel, Kahn added.

Figuring out the ramifications of metadata, data encryption, electronic signatures and other measures to protect the company are causing strife among the IT, legal, business and record management departments.

For example, a company may want to implement electronic signatures to confirm transactions and payroll. IT’s concerns range from more calls to the help desk to additional software coming from its budget. Legal departments wring their hands over the veracity of the document, and question if these signatures will be sufficient at the state and federal level. Business departments want to keep customers happy and ensure operations grow, while records management departments must know how to classify and retain this relevant information.

“In the real world, these conversations are…bloody,” Kahn says.

Kahn recommends companies create information nation warriors to deal with these different worlds. These warriors are employees who share responsibility to develop, implement, manage and administer information management policies or programs. For example, an IT system administer drafts an e-mail, privacy or security policy, while an information security officer audits data security practices. Warriors know their roles and responsibilities, how their skills and expertise will help, and the best way to communicate their needs and solve problems.