Faced with the responsibility of complying with a myriad of global regulations governing business, companies are increasingly turning to technology to help with the task.
At the NetworkWorld Conference in Toronto on Monday, a panel of legal professionals discussed not only the role of technology in legislative compliance but also the importance of creating sound corporate policy to deal with new legislation.
For those organizations that do business with the higher levels of government, Kenneth Frankel, a Toronto-based lawyer with Hodgdon Russ LLP, said many companies “bite the bullet” and buy what is often very expensive software to guarantee sensitive data is not unintentionally disseminated within and outside an organization.
There is also often a need for companies to monitor what it is that sells and where it is sold. This is particularly important for those organizations that are under the jurisdiction of the U.S. Export Control Act. It dictates what can and cannot be sold to a given country. For example, some encryption technology can not be sold to Iran, Cuba or North Korea, or their nationals. Non-compliance can mean prison, Frankel said.
One large manufacturer, which he did not name, knows the origin of every piece of every product it manufactures, he said. Technology helps simplify a process that would be impossible to do manually.
Bruce Macdonald, senior product manager with Calgary-based M-Tech Technology Inc., agrees that technology is playing an increasingly important role in companies’ ability to comply with government regulations. His company makes compliance management software.
Before, when customers approached him it was all about saving money on the helpdesk by better managing passwords, he said. Then security was a driver for companies to buy M-Tech’s technology. Now it is coming from the C-level, he said. When executives are on the hook, as they are with the likes of Sarbanes-Oxley “you wouldn’t believe how money is freed up,” he said.
M-Tech’s compliance management software solutions are modular, Macdonald said. This allows companies to react quickly to ever-changing regulations because they can change processes in only those areas of the organization affected, he added.
On the policy side, John Wilkinson, a lawyer with Toronto-based WeirFoulds LLP, told attendees not to use another company’s privacy policies as the basis for its own. If it is not grown organically there is a tendency to overstate what can actually be achieved, he said. If a company can’t even meet its own standards it opens itself up to lawsuits, he said.
One attendee, who didn’t want his company’s name used since it is about to launch an IPO, referred to compliance as a “very painful” experience. “It is a huge challenge,” he said.
But as with most problems, even those where technology can play an important role in risk reduction, awareness is the foundation for success. “My experience with Canadian companies,” Frankel said, “is that they really don’t understand (U.S.-mandated) compliance.” Silently supporting his statement was the fact that the talk was sparsely attended.