Down To Business: Time To Regulate The Regulations? - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

04:50 PM
Rob Preston
Rob Preston
Connect Directly

Down To Business: Time To Regulate The Regulations?

Most people never met a regulation they didn't like. A growth company you hold stock in found cooking its books? Make it so that no public company can lift its head without establishing absolute financial accountability. Your insurance or health-care provider expose some of your personal information to the public? Demand laws that require every data collector to meet stringent guidelines on storage, security, and handling. Someone unwittingly send you a worm or virus in an E-mail attachment? Push for mandatory courses on security and etiquette for all Net newbies. Hamstring the masses for the sins of a few. We'll worry about the direct and indirect costs later.

When it comes to the mother of all regulations, Sarbanes-Oxley, CEOs of most fast-growing privately held companies like what they see. In a recent survey by PricewaterhouseCoopers, 73% of private company CEOs said SOX has done at least a decent job of improving financial governance and transparency for public companies. One in four of those private companies has voluntarily adopted SOX "best practices." So should Sarbanes-Oxley be applied broadly to their companies, not just to public ones, at the state or federal level? Uh, no. That would be overkill, they say. In fact, more than a third of those same CEOs believe that private companies enjoy a competitive advantage over publicly traded companies precisely because they don't have to run the same gauntlet of regulations.

Those who manage information technology for a living can relate. You're becoming slaves to compliance, not just with the SOXs and HIPAAs, but also with tech-oriented guidelines like ITIL and COBIT. These regs certainly do some good, ensuring uniformity, quality, transparency, privacy, and proficiency, but as they take on lives of their own, they instill a false sense of accomplishment. And they can chew up resources that would otherwise be driving new business. By one estimate, organizations will continue to spend as much as 10% of their IT budgets for the foreseeable future on information security, storage, archiving, content and data management, business process management, disaster recovery, and other upgrades related to regulatory compliance.

"There are weeks, even months, that go by when I don't feel like I'm doing anything for my company because all I'm doing is complying with Uncle Sam," says one frustrated VP of IT. In this post-9/11, post-Enron, post-ChoicePoint world, he and his colleagues are doing a lot of retrenching, rationalizing, and track covering. They're safeguarding "sensitive" digital assets no one covets, storing and archiving terabytes of data no one will ever access. "It's just insane," the VP says.

Says another IT exec: "I'm not driving jack. I'm being driven. We're all being driven by lawyers."

The heavy lifting isn't over. Back to SOX: In a separate survey by PricewaterhouseCoopers last July, nearly half of the executive respondents said their public companies made only satisfactory use of information technology in year one of their Sarbanes-Oxley 404 financial compliance efforts, citing "lots of room for improvement." Three-quarters of those execs expect their companies to make significant IT changes in year two.

SOX is just one of scores of regulations business-technology managers must grapple with. We received an E-mail last week on guidelines from the Federal Financial Institutions Examination Council that stipulate how financial companies must prevent identity theft through use of strong authentication. Evidently, these guidelines are creating "markets and jobs," according to the E-mail, by spawning a cottage software and services industry.

Now, we can all agree that preventing ID theft is a laudable goal, but to position a set of regulations as a kind of New Deal jobs program is more than a little over the top. We can see the 2008 political party platform now: Prosperity Through Regulation.

Rob Preston,
VP/Editor In Chief
[email protected]

To find out more about Rob Preston, please visit his page.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
The State of Cloud Computing - Fall 2020
The State of Cloud Computing - Fall 2020
Download this report to compare how cloud usage and spending patterns have changed in 2020, and how respondents think they'll evolve over the next two years.
Why 2021 May Turn Out to be a Great Year for Tech Startups
John Edwards, Technology Journalist & Author,  2/24/2021
How GIS Data Can Help Fix Vaccine Distribution
Jessica Davis, Senior Editor, Enterprise Apps,  2/17/2021
11 Ways DevOps Is Evolving
Lisa Morgan, Freelance Writer,  2/18/2021
Register for InformationWeek Newsletters
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you.
White Papers
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll