Tuesday, July 10, 2007

S-Ox and digitization

{If you think this post is not for you, at least skip to the last paragraph.}

I received an email from a reader who asked a couple of questions, including:
During my day job, I work in IT change/project management and S-Ox [Sarbanes-Oxley] regulations play a large role in documentation decisions. Do you know if the S-Ox regulations also apply to the digitization field?
The Sarbanes-Oxley Act of 2002 is meant:
To protect investors by improving the accuracy and reliability of corporate disclosures made pursuant to the securities laws, and for other purposes.
According to the U.S. SEcurities and Exchange Commission (SEC):
The Act mandated a number of reforms to enhance corporate responsibility, enhance financial disclosures and combat corporate and accounting fraud, and created the "Public Company Accounting Oversight Board," also known as the PCAOB, to oversee the activities of the auditing profession.
The effect is that ordinary investors have access to better information about the public companies that have invested in (or want to invest in). Information is more readily available and presented in ways that makes it more intelligible. Sarbanes-Oxley -- or S-Ox or SOX or SARBOX -- definitely impacts the documentation that a company keeps and how it makes that information accessible. But how does S-Ox impact digitization? Or vice versa?

First, I must admit to not having read all of the S-Ox rules and regulations, so I'm going to think about this from a practical -- common sense -- point of view.

As I think about what S-Ox is meant to do, I can see it would impact what information is kept and how it is kept. In the "how", Sarbanes-Oxley impacts a company's IT department because most of the data used to generate the reports required for S-Ox resides in systems under IT's control. But would Sarbanes-Oxley impact what a public company digitized from its older records? No. The Act is a forward-looking act (from the date when it became effective going forward). It doesn't -- as far as I can tell from reading documentation -- affect the past (prior to 2002).

Now I can hear many people saying, "so what? We don't care about S-Ox." True, you don't. But many of us are in environments that are impacted by government regulations. As we think about digitizing and placing materials online, we need to think about those regulations and how they might affect what we're doing. There are privacy issues (especially when dealing with medical records or student records), copyright concerns, and other things we may need to talk into account. In some industries/companies, it may be concerns over providing information to a competitor or accidentally releasing a trade secret. So whatever your project, step back for a second and think about the government rules and regulations that your organization needs to follow, then think about whether you need to be concerned about them when you digitize materials. Taking that extra step in your thought process may keep you out of hot water.


Technorati tag:

No comments: