DAP for Regulatory Compliance
The explosive and exponential growth of electronic documents, as well as the subsequent changes in regulations to include electronic documents as official “records” has forced organizations to re-evaluate their records management policies and procedures. In the US high profile corporate governance cases and unprecedented fines and legal damages associated with the (mis)management of records, highlight the potential risks associated with electronic records:
-
Pereleman vs. Morgan Stanley, a plaintiff`s verdict of $1.45 billion, due to the defendant`s inability to prove to the court they had handed over records of all e-mails requested by the plaintiff for their case
-
Zubulake vs. UBS Warburg, a plaintiff`s verdict of $29.2 million, due , in part, to UBS Warburg`s inability to produce critical e-mail
-
Arthur Andersen, a $9 billion company, was brought to its knees because it did not enforce the policy it had regarding corporate records
The risks to organizations go well beyond the immediate costs of non-compliance to operational effectiveness. Given the complexity of organizations today, with their varied data sources, storage locations and types, ranging from spreadsheets, PowerPoint presentations, Word documents, e-mails, instant messages to faxes, voice mails and scanned documents, many executives are unable to certify with complete confidence that policies are being adhered to throughout their organization. Nobody ever intentionally makes a bad decision, yet when information is inaccessible or untrustworthy, “good” decisions are undoubtedly being made on bad or incomplete information, placing the organization at a significant disadvantage.
Every organization, whether in a highly regulated industry or not, needs complete control over the management of its business records in accordance with internal policies and procedures. In the new era of corporate governance, simply having policies in place is no longer good enough. Organizations must be able to demonstrate their policies are enforced and their records are trustworthy. DAP allows organizations to “tick the box”.
It is our view that virtually every organisation in the US has a legislative imperative to consider DAP and as such is a potential client. Speed to market is indeed critical!
For More Information on the various Privacy and Data Security Regulations in your area – please see our Regulatory Information Page