In an effort to be more compliant with mounting privacy and health regulations, Canadian companies are finding the task of data management to be a daunting one, attendees were told at a content management seminar.
If companies don’t manage their information, they can be exposed to both criminal and civil liability, said Andrew Pery, chief marketing officer with Hummingbird Ltd. He said a study from AIIM.org found that 53 per cent of organizations do not have formal electronics record management systems.
Governments that traditionally used the carrot approach to some corporate regulatory malfeasance are moving to the stick, said Constantine Karbaliotis, practice lead, GTA Security and Privacy Practice with CGI Group Inc. “The atmosphere has changed,” he said. In the past government privacy commissioners tended to act as a mediator in disputes, he said, but are now quicker to fine companies.
- 53 per cent of organizations do not have formal electronics record management systems
- Companies are losing $US158 billion annually due to ineffective management of contracts
- Canadian firms with US operations are often faced with with conflicting regulations imposed by both countries
For Canadian companies, especially those with American operations, data management can be especially overwhelming when compliance to a Canadian privacy act like PIPEDA (Personal Information Protection and Electronic Documents Act) runs counter to disclosure required by and American law such as the U.S. Patriot Act.
Sears Canada Inc., 54 per cent owned by U.S-based Sears, Roebuck and Co., solves the problem by making sure Canadian data stays in Canada, said John Jager, national manager, corporate compliance. In fact, customer data has always been stored and backed up north of the 49th parallel, thus reducing the risk of a U.S court order to access its data.
Systems back-ups are an entire snapshot of a corporation, Karbaliotis warned, so companies have to pay attention to the jurisdictions of not only the main servers but the back-ups as well. Several recent cases have emerged where stored data was found to be under different privacy and regulatory compliance jurisdiction than the original data.
But Jager said the tougher issue for Sears Canada is just storing and accessing run of the mill data. For example, though Sears Canada is not required to keep customers’ product warranties on file, it does so as a value added service. So the company stores some warranties that span decades. “How do I keep one that is 25 years (roofing) and another that is one year?” Jager said.
Increasingly, companies are turning to the likes of Hummingbird (other players include IBM Corp. Open Text Corp. and EMC Corp.) to manage their content. This could include everything from an auditable trail of some email (required by Sarbanes-Oxley) to a complete list of all contracts signed.
In fact, Pery said the average large corporation has between 20,000 and 40,000 outstanding contracts at any given time, a statistic Jager said is a fair assessment of Sears Canada. Pery said a Gartner Inc. study found that ineffective management of contracts costs companies $US158 billion annually. Losses could be due to anything from not stopping an automatic renewal to failing to gain price reduction when a commodity’s value drops from one year to the next, Pery said.
And when it comes to protecting the privacy of Canadians, we are apparently on our own. Alan Weintraub, senior director with Hummingbird, said he recently sat down with six U.S. Fortune 50 CIOs and asked them who had policies to deal with Canadian customers’ data privacy. No one said yes. “They were so distracted by other compliance issues,” he said, that Canadian customer privacy “hasn’t gotten down there.”