Electronic data protection, data privacy are top business ethics and corporate compliance risks

By LRN

Increased global competition, economic downturn and tighter regulation brought greater pressure on business and with it, greater risk. Both companies and governments worldwide had to make adjustments to cope with these changes in the business climate.

Enterprises worldwide cite electronic data protection and data privacy as their top two business ethics and corporate compliance risks, according to LRN's 2008 LRN Ethics and Compliance Risk Management Practices Report.

Banking, financial, insurance, and healthcare industries have more rules and regulations regarding data privacy than other industries. Compliance with these electronic data protection and privacy laws is more complex and has migrated beyond traditional IT functions into legal compliance and ethics areas since the legal issues extend beyond the traditional file cabinet. Companies doing business in the U.S. have had to respond to the new eDiscovery rule that went into effect in 2007, requiring them to account for and maintain all their internal electronic records including emails, instant messages, and electronic documents that might prove critical in investigations. New European regulations regarding electronic data privacy and data protection have affected companies doing business on the continent.

The increased concern about electronic data risk is the result of the growing amount of electronic data generated organization-wide, combined with new, more stringent regulations and requirements regarding the management and security of data. Businesses have had sound policies and procedures on processing, storing and protecting printed documents, many of them developed throughout decades. They have had to protect their trade secrets, customer data, and employee records, but now they must also comply with the eDiscovery Rule which went into effect in 2007.

The eDiscovery Rule now requires companies to manage and maintain all electronic data, including e-mails and instant messages, which might be relevant in future legal disputes. Global enterprises have to comply with new data privacy laws and regulations imposed by European governments. Germany, for example, has instituted specific new laws on data protection that go beyond existing EU data protection laws as well as the older German Federal Data Protection Act. In the U.S., 47 states have ratified separate data privacy laws protecting individuals from fraud and malicious use of their data.

Our research shows that many companies made good progress in managing their ethics and compliance risks programs by conducting holistic business risk assessments. The most successful programs share the responsibility of risk assessment with Information Technology, Human Resources and Legal, and share results with their Board of Directors and Executive Leadership.

Holistic approach
Strengthening each of the five key steps of enterprise risk management and intensifying executive risk management training. [jpg attached to e-mail]

About the research
In mid-2008, LRN surveyed over 460 senior ethics, compliance, legal, and risk and audit professionals. All respondents were involved in some aspect of their company's ethics and compliance programs, with 50 percent having primary responsibility for their organizational initiatives. A wide spectrum of industries is represented in the survey with 40 percent of respondents from companies with 10,000 or more employees, and 47 percent with less than 5,000 employees. Two-thirds of respondents have operations in two or more regions of the world.

Download report »

About LRN
We are dedicated to elevating human behavior by inspiring principled performance in business. We provide education and communication offerings; assessments, analytics and resources; and advisory services that help companies create cultures of sustainability, where corporate values guide how their people behave, relate and innovate in the workplace, communities and environment.  LRN delivers critical knowledge and frameworks for corporate governance, leadership and corporate culture that help companies ensure compliance, inspire ethical leadership and develop social and environmental responsibility. Founded in 1994, LRN operates in more than 120 countries, with headquarters in Los Angeles and offices in New York, London, and Mumbai. For more information, visit www.lrn.com.