compliance

Unstructured data compliance costs firms an average of $2.1 million annually | Infosecurity (USA)

July 1, 2011 By Global EDD Group Leave a Comment

The average cost of compliance associated with storing unstructured data is $2.1 million per year, according to a report prepared by the Ponemon Institute for software firm Novell.

The average compliance cost of unstructured data varies with the size of the organization. Companies with fewer than 5,000 employees have an average compliance cost of $1.23 million, while companies with more than 75,000 employees have an average compliance cost of $2.71 million, indicating that smaller businesses pay six times more per employee than larger businesses, according to the report.

Heavily regulated industries, such as financial services, pharmaceuticals, communications, and healthcare, have higher average compliance cost, incurring an average of $2.5 million annually, according to a review of 94 large US firms.

Ponemon breaks down compliance costs into the following activities: access governance, configuration management, assessment and audit, policy management, e-discovery, monitoring and scanning, backup and disaster recovery, specialized equipment cost, and specialized software costs.

A number of these activities include implementation of information security policies and regulations. For example, “access governance” includes cost associated with identity, authentication, provisioning, and access rights, which all have an information security component.

“Assessment and audit” includes compliance cost associated with review, evaluation, and verification of data storage based on the organization’s data security requirements, including regulatory compliance audits. “Policy management” includes cost associated with development, implementation, and enforcement of a company’s data storage policies, including those specified by laws and regulations. E-discovery involves the cost associated with discovery of electronic documents for litigation, data breach investigation, and compliance with the Health Insurance Portability and Accountability Act privacy rules.

The most expensive compliance cost associated with the storage of unstructured data are e-discovery, access governance, and internal auditing activities. Together, these activities cost businesses over $1.9 million on average annually.

via Infosecurity (USA) – Unstructured data compliance costs firms an average of $2.1 million annually.

Filed Under: Tech Bytes Tagged With: access, compliance, compliance costs, cost, Ponemon, security

KPMG survey: corruption still hampering UK business abroad | info4security

June 6, 2011 By Global EDD Group Leave a Comment

The majority of UK compliance executives quizzed for the latest KPMG survey have suggested that bribery and corruption remain part of doing business in some countries. Brian Sims reports.

With the introduction of the UK Bribery Act now less than a month away, nearly three quarters (73%) of UK senior compliance executives have told KPMG researchers that corruption is endemic in certain areas of the world.

According to the latest KPMG International Survey, nearly a third (32%) of those respondents acknowledge that not doing business in those countries is a way of avoiding bribery and corruption risks.

Despite their obvious concerns, most companies continue to operate in such places and have chosen to take precautions that include improved internal controls, enhanced due diligence and employee training to enable them to do so.

The KPMG survey was conducted last October and November, involving 214 executives in the UK and US who had anti-bribery and corruption responsibilities in companies with 200 or more employees and more than $300 million in revenue (in the United States) and £200 million in the UK.

Representatives questioned all work for companies subject to regulations such as the FCPA or the US Bribery Act.

via Security system management for end users – KPMG survey: corruption still hampering UK business abroad.

Filed Under: From The News Tagged With: Act, bribery and corruption, compliance, corruption risks, KPMG, majority, security

Autonomy Gains Compliance, e-Discovery, Analytics with Acquisition from Iron Mountain

May 16, 2011 By Global EDD Group Leave a Comment

Autonomy (news, site) announced today that it is acquiring Iron Mountain’s archiving, e-discovery and online backup business for US$ 380 million in cash. This acquisition makes Autonomy big. How big? According to company statistics, Autonomy is now responsible for 25 petabytes of customer data and over 25,000 customers, who will now have Autonomy’s advanced technology for information governance in private clouds.

Autonomy Now with Compliance, e-Discovery, Analytics

Iron Mountain had indicated last month that it was considering selling the digital business. Apparently it wasn’t kidding.

IDC recently recognized Autonomy as having the largest market share and fastest growth in the worldwide search and discovery market. Today’s news means the organization is expanding even more.

Autonomy has been working with Iron Mountain for some time to finalize the recently announced deal. Autonomy cites processing customer data in the cloud as a strategic component of its information governance business. Now, the company is adding regulatory compliance, legal discovery and analytics to its capabilities. Iron Mountain will also enable Autonomy to support collection and processing of non-regulatory data from multiple channels including distributed servers, PCs and millions of mobile devices.

Autonomy will also offer Connected, its digital data protection product, to current Iron Mountain customers across enterprise server, PC and mobile devices. Inclusion of this product drives non-regulatory and structured data into the companies cloud-based information processing platform.

via Autonomy Gains Compliance, e-Discovery, Analytics with Acquisition from Iron Mountain.

Filed Under: From The News Tagged With: autonomy, compliance, information, information governance, legal discovery, news, today

10 Misconceptions That Increase the Likelihood of FCPA Violations | SDCExec.com

April 14, 2011 By Global EDD Group Leave a Comment

With the increase in litigation over the last four years around the 30-year-old Foreign Corrupt Practices Act (FCPA) putting a spotlight on bribery among public officials in foreign jurisdictions, consultancy Grant Thornton has teamed with enterprise risk specialist EthicsPoint to create a paper that looks at 10 common misconceptions that can increase the likelihood of corporate FCPA violations.

“The large number of FCPA cases and the formation of specialized FCPA units within Federal agencies, suggest that this is a long-term initiative for regulators,” said Bill Olsen, Grant Thornton economic advisory service principal and the firm’s FCPA practice leader. “While working with our clients to address issues in this area, we have observed that many multinational organizations are especially interested in tactics that will fully address their FCPA risks.”

“Organizations doing business globally usually have a robust ethics and compliance program in place,” said David Childers, president and CEO of EthicsPoint. “Having a management-supported program visible in the organization helps show a company’s commitment to conducting business correctly — and can reduce potential penalties.”

The two firms offered the following 10 common misconceptions that companies should address to stay in compliance with the FCPA and potentially avoid penalties:

1.”Based on our company profile, we don’t have any FCPA risks.”

If a company has even a few interactions with overseas markets, assessing potential FCPA or other anti-corruption risks is highly recommended.

2.”We are a private company so we don’t have to be concerned with the FCPA”

Although many of the highly publicized FCPA enforcement actions have been against public companies, private companies are just as likely to come under review by government enforcement agencies.

3.”Our employees know our position on ethics because our policies spell it out.”

Assuming that a company’s code of conduct ensures adequate conveyance of management’s position on ethics may be a misplaced perception; the tone at the top must be emphasized throughout the company on an ongoing basis to be effective.

continued: SDCExec.com – Article – 10 Misconceptions That Increase the Likelihood of FCPA Violations.

Filed Under: From The News Tagged With: com, compliance, corruption risks, enforcement, position, Violations

FCPA Compliance: Documentation is a Key | Thomas Fox – JDSupra

April 14, 2011 By Global EDD Group Leave a Comment

Paul McNulty, former United States Deputy Attorney General has provided perspective that there are three general areas of inquiry the Department of Justice (DOJ) would assess regarding an enforcement action. First: “What did you do to stay out of trouble?second: “What did you do when you found out?” and third: “What remedial action did you take?” He also discusses that as a key component, a company must document its overall compliance efforts. Former federal prosecutor Stephen Martin, currently the General Counsel of Corpedia, discusses the key component of documentation when he and I speak across the country on current compliance best practices in our World-Check sponsored Foreign Corrupt Practices Act (FCPA) events. To respond to any of these inquiries a company must document what it does for its compliance efforts. However, more than simply the ability to document the results of your company’s compliance efforts is the ability of a company to quickly and efficiently respond to a prosecutor’s request for information in a timely manner.

via FCPA Compliance: Documentation is a Key | Thomas Fox – JDSupra.

Filed Under: From The News Tagged With: compliance, deputy attorney general, former federal prosecutor, key, prosecutor, thomas fox

J&J Pays $70M To Settle Bribery Allegations – WSJ.com

April 9, 2011 By Global EDD Group Leave a Comment

Johnson & Johnson (JNJ) agreed to pay $70 million to settle U.S. and U.K. allegations that it paid bribes to doctors in three European countries, as well as kickbacks to Iraq to illegally obtain business under former leader Saddam Hussein.

The health-care giant also agreed to enhance its compliance with U.S. antiforeign bribery laws and other requirements. If it meets these enhanced standards for three years, it may avoid criminal charges.

The news is the latest black eye for J&J, which has been grappling with a series of product recalls because of manufacturing-quality lapses, as well as government investigations of its U.S. marketing practices. J&J recently agreed to heightened government oversight of manufacturing in its McNeil Consumer Healthcare unit, the source of recalls of millions of bottles of over-the-counter medicines including Tylenol since 2009.

The settlement, which resulted from a known multiyear investigation, also highlights U.S. authorities’ stepped-up enforcement of the Foreign Corrupt Practices Act, or FCPA, which bars U.S. companies from bribing foreign officials. Other U.S.-based drug makers, including Eli Lilly & Co. (LLY) and Merck & Co. (MRK), have received inquiries from the government in recent years regarding their activities in foreign countries.

via 4th UPDATE: J&J Pays $70M To Settle Bribery Allegations – WSJ.com.

Filed Under: From The News Tagged With: bribery allegations, com, compliance, corrupt practices act, government investigations, news

The future of IT, security, privacy, compliance and e-discovery | TechJournal South

April 5, 2011 By Global EDD Group Leave a Comment

Given that we are living in a time in which businesses are still being asked to do more with less, but with electronic information multiplying at an ever-increasing rate, the potential benefits of management convergence struck me — as perhaps the lone generalist in the room – as rather obvious.

Nevertheless, the discussion indicated that many businesses are still using a “silo” mentality, in which, for example, the compliance professionals work separately from the e-discovery professionals and there are multiple fiefdoms.

Upon further reflection, the predominance of the silo mentality is not surprising. Silos reflect the all too human characteristic of preferring to build and control a small empire rather than serving as a part of a larger organization. In addition, for many companies, silos simply reflect the way that business has always been done. Sometimes, for example, silos are adopted as a way to assuage the competing egos of executives.

Businesses continuing with a silo approach, however, are likely missing the boat both with respect to both minimizing costs potential liability. In many respects, a company using the silo approach is in a situation much like the U.S, intelligence agencies found themselves after 9/11: They did not talk to each other and share information, and hence no one “connected the dots.”

The common thread in all of these disciplines is the management and control of electronic information. The proper management of information is especially critical in the financial institution and healthcare sectors, but, in reality, it is important in almost any industry.

The benefits of management convergence would appear to be obvious:

Compliance and security personnel would almost certainly benefit from tools developed for e-discovery.

E-discovery personnel would benefit from understanding compliance and privacy concerns, which could lead to proper protection of sensitive information in discovery.

Compliance personnel need to understand privacy issues in performing their jobs.

Risk management personnel need to understand all of this and to make sure that risks are properly assessed and that insurance and risk controls are in place.

via The future of IT, security, privacy, compliance and e-discovery | TechJournal South.

Filed Under: From The News Tagged With: compliance, compliance professionals, healthcare sectors, information, privacy

An FCPA Compliance Defense? No Way, Breuer Says – Corruption Currents – WSJ

April 1, 2011 By Global EDD Group Leave a Comment

The chief of the Justice Department’s Criminal Division flatly rejected the need for a compliance defense in the FCPA, saying “we can’t engage in some sort of formalistic solution from a script that says if you check the following six boxes you’re guaranteed this outcome.” His comments came two days after the U.K. government issued six principles for complying with the country’s Bribery Act.

via An FCPA Compliance Defense? No Way, Breuer Says – Corruption Currents – WSJ.

Filed Under: From The News Tagged With: Breuer, bribery, compliance, Currents, justice, Justice Department, need, sort, WSJ

An FCPA Compliance Defense? No Way, Breuer Says – Corruption Currents – WSJ

April 1, 2011 By Global EDD Group Leave a Comment

via An FCPA Compliance Defense? No Way, Breuer Says – Corruption Currents – WSJ.

Filed Under: From The News Tagged With: Breuer, bribery, compliance, Currents, justice, Justice Department, need, sort, WSJ

The Swiss Compliance House: a Model for FCPA Compliance? | Thomas Fox – JDSupra

January 18, 2011 By Global EDD Group Leave a Comment

In an article in the January/February issue of the ACC Docket entitled “Five Fundamentals for Taking Management Compliance Seriously”, author Daniel Lucien Buhr discusses a model for a compliance system which he describes as the “Compliance House”. The Compliance House is a model which has been developed by Swiss businesses to use as the foundation of effective compliance management by ensuring that by “binding values and appropriate compliance management they can safeguard their integrity, and avoid or contain breaches of the law.” Buhr believes that it is the basic legal responsibility of any company board of directors to make certain breaches of law are either avoided or, if they occur, are detected early enough so that the company may remedy the situation.

Buhr begins with a very basic understanding of the term compliance, which he defines it as “ensuring law abidance.” However, the author goes on to expand this definition by noting that both private and public stakeholders of a company will expect that the company shall comply with applicable standards, therefore compliance may also be defined as “the state of integrity expected by stakeholders on the basis of civic responsibility of the companies.” This is a far different version than most US companies would state. Most US companies would try and obey the law but not include a complete culture of integrity.

via The Swiss Compliance House: a Model for FCPA Compliance? | Thomas Fox – JDSupra.

Filed Under: From The News Tagged With: compliance, Integrity, law, management, model, thomas fox

Unstructured data compliance costs firms an average of $2.1 million annually | Infosecurity (USA)

KPMG survey: corruption still hampering UK business abroad | info4security

Autonomy Gains Compliance, e-Discovery, Analytics with Acquisition from Iron Mountain

10 Misconceptions That Increase the Likelihood of FCPA Violations | SDCExec.com

FCPA Compliance: Documentation is a Key | Thomas Fox – JDSupra

J&J Pays $70M To Settle Bribery Allegations – WSJ.com

The future of IT, security, privacy, compliance and e-discovery | TechJournal South

An FCPA Compliance Defense? No Way, Breuer Says – Corruption Currents – WSJ

An FCPA Compliance Defense? No Way, Breuer Says – Corruption Currents – WSJ

The Swiss Compliance House: a Model for FCPA Compliance? | Thomas Fox – JDSupra

Similar Posts

Recent Posts

Categories

Archives

Similar Posts

Recent Posts

Follow Us

Categories

Archives

Tag Cloud