Complying with new company legislation and regulations such as Sarbanes-Oxley Act, 2002 or the Data Protection Act, 1988 can be turned from being a headache into a help for doing business better, a conference heard yesterday.
Speaking at the Info Ireland information and document management event in Dublin, Ciarán Kelly, leader of technology advisory services at PricewaterhouseCoopers, said: “Regulations are forcing us to change our business processes. The challenge is to translate the regulations into good business sense. Data protection is a good example of that. Data accuracy and security — ensuring the information you have about someone is correct and is kept safely — is just common sense business practice.”
Paddy Roberts, director of information security with Elan, argued that regulations could be the spur to help organisations to improve their systems. Acknowledging that the current regulatory environment is “a minefield”, with ever-increasing amounts of data exacerbating the problem, he said “the big challenge is that we learn to swim, not drown in this environment”.
Seán Sweeney, senior compliance officer with the office of the Data Protection Commissioner, pointed out that the Data Protection Act of 1988, which was amended in 2003, creates rights for individuals and responsibilities for users of personal data. He emphasised the importance for businesses to have a clear data protection policy, including regular security review that is communicated to staff. “The act is not intended to be a snoop’s charter, it’s there to make sure that commercial organisations are processing data in a responsible manner.”
The best attitude to adopt was to accept that the regulations are in place and move on, said Roberts. “My practical advice is, don’t deny your regulator. In risk management, look for the upside. Let’s look for potential business benefits. Our competitors are operating in the same environment so let’s look at it as a way to change, to do things better.”
Roberts also stressed the important role IT can play in achieving compliance. “The reality is, IT [staff] are custodians of the data and business relies on IT for solutions.”
He gave the example of a company that had to comply with the Sarbanes-Oxley legislation. Previously it had stored data across 40 different sites, with all of the management headaches and overheads that entailed. By centralising this information the company was able to realise significant savings. “When it looked at the figures, they were staggering; there was less complexity and the total cost of ownership was reduced dramatically,” said Roberts. In addition, by “cleaning” data such as duplicate entries, a business could improve its customer service.
The growth in the volume of information makes this a difficult task, he admitted. “Embedding quality control in the processes of how we manage IT and how we manage information is something a lot of organisations are struggling with,” he said.
Speaking afterwards, Roberts said IT could play a key role in helping an organisation to become compliant, but company culture can shape how technology is perceived. “The more progressive companies see IT as an enabler, but the more traditional companies see it as a utility — ‘fix the desktop’ or ‘give me a mobile phone’. To react the business pressures, technology can be a huge enabler it it’s embraced, but a lot depends on management support,” he said.
By Gordon Smith