b. EU
This page is part of the compliance services which belongs to the compliance and risk management toolkit section of our services that includes compliance matters for CH, EU (you are here) and US as well as risk assessment, internal controls, risk management and the risk checklist.
Ever more in Europe – failure to comply may land you in court.
Governance and regulatory compliance today is primarily about data protection, information security and the organization’s general control environment.
Doing the right thing in the first places saves plenty of money and the firm’s reputation
With compliance initiatives such as BASEL II and III as well as stringent EU-wide data security breach laws on the horizon it has become imperative that a company models its controls to ensure a transparent audit trail.
Firms in particularly litigious industries such as financial services, healthcare, life sciences, construction, retail and manufacturing often face high numbers of legal matters, and need to retain, preserve and access relevant information contained in bodies of e-mail messages.
Firms have a duty to preserve electronic information for the purposes of discovery before litigation starts, at the point when litigation can be reasonably anticipated.
As well, changes in regulation regarding data security breach are expected to be forthcoming shortly and implementation by Member States is supposed to start by 2009
2 data security breach regulation – data theft: will EC bring new regulation that helps citizens?
| some compliance requirements (click on link – choose LogIn as Guest – click on this link again to get access) | |||
| regulations | who needs to comply | security – risk areas covered | compliance requirements |
| Gesetz zur Kontrolle und Transparenz im Unternehmensbereich (KonTraG) |
D listed firms | risk, internal controls, governance, principle-based standards | document and show board discussed and approved measures as being in compliance with the law |
| UK – the Combined Code of Governance | UK listed firms | risk, internal controls, governance, principle-based standards | best practices for security, governance and internal controls |
| EU data protection act and national privacy regulations | any organization storing or accessing personal data from consumers or organizations in the European Union | consumer privacy – security breach regulation in the making | all major best practices security and compliance areas |
| data security breach laws in most U.S. States including California SB 1386 | any company storing, accessing private consumer data | consumer privacy – security breach acts | all major best practices security and compliance areas |
- Example
In Europe, failure to comply may result in fines, damage to the firm’s reputation and soemtimes litigation. In the U.S. failure to comply can result in costly litigation. One recent example is the one from TJX that is paying dearly for the data security breach its customers had to experience. How much it might damage the firm’s reputation and customers’ trust in the firm’s way of handling their personal data including purchasing information remains to be seen:
5 data security breach regulation – judge is spelling out the exact costs for TJX
For more information about court cases and litigation including costs due to lack of risk assessment, risk management, governance and compliance, see her:
– At work, at rest, at play – protect data confidentiality and privacy or be ready to pay a large fine