|  | | 2005 News and Press Releases | | |
HEADLINE NEWS:
Sarbanes-Oxley Act: Causing Confusion?
Staff Writer – Financial Express
Securities Mosaic. November 20, 2005
_________________________________________________________________________
EXCERPT: The third anniversary of the Sarbanes-Oxley Act (SOX), is a good time to take stock of the impact of the law on American business. While the spirit of data-driven regulations like SOX were created with the best of intentions, they have had a tremendously burdensome impact on US enterprises because they have imposed requirements that are complex, costly, confusing and often contradictory. And SOX is not the only Act companies have to address. There are separate data regulations created under the Health Insurance Portability and Accountability Act, Securities and Exchange Commission 4, Department of Defense, Check 21-and the many other laws and regulatory vehicles that have sprung up like kudzu in recent years. The sheer volume of data regulations alone makes full compliance in each industry a formidable challenge. According to a 2003 study by the Enterprise Storage Group, the worldwide capacity of compliant records will have a compounded annual growth rate of 64% from 2003 to 2006. In the life sciences industry alone, the worldwide capacity of compliant records will have a growth rate of 86% during that same time; and in health care, a 52% growth rate is expected. Are US businesses and government agencies fully prepared to comply with the complexities of data regulation laws? Based on what we have learned from our customers in key vertical markets-financial services, government and defense, health care and life sciences, we know that businesses are making good-faith efforts to comply with new regulations that require them to safely store larger volumes of sensitive information, located in disparate systems, for longer periods of time, and be able to retrieve that data quickly and easily in multiple formats. At any given time, companies and agencies may need direct access to digitised paper records or e-mails for a government inquiry. For example, in the life sciences area, they may need instant access to drug trial results, while health care providers may need to immediately retrieve patients' records regarding a specific treatment from ten years ago. Compliance is also problematic because many of the existing regulations conflict with each other. In many instances, the same business or vertical industry can face multiple and conflicting regulations at the federal, state and global level. Needless to say, this adds costs that in some cases are very difficult to meet for small and midsize companies. Confusing and contradictory regulations also mean that businesses are either complying with the broadest regulation or taking a piecemeal approach and complying regulation by regulation. Using the former approach may result in inefficiencies or noncompliance, while the latter may result in businesses facing higher costs in the form of complex and expensive data retention systems, reduced business investment and inhibited growth. The burden can be especially great for small and midsized businesses lacking the big IT staffs, resources and experience of larger companies. |
|
|
