The CIO's Wish: "Star light, star bright, the first star I see tonight. I wish I may, I wish I might, have the wish I wish tonight ... I wish to not get sued if our IT systems fail and we don't comply with all of the regulatory requirements we were supposed to meet, um, last year ... and I wish for more money to replace these aging systems that we're running into the ground that can't help us meet regulators' demands. And little star, if I might, I also wish for the courage tell the executive board that I don't have the resources to meet all of these demands and I'm getting mixed signals on things like E-mail retention ... or is that E-mail destruction? And what about inconsistent data definitions? What if there's a discrepancy in the actual data? I can't afford to spend more on this because we've already spent millions on disclosure efforts in hopes of figuring out what data is where and who has access to it.

Oh, little star, forget my wishes, I'm going to get my own private counsel to make sure my butt is covered. I'm doing everything I can do with the resources I have, but I'm not going to jail.

Regulatory mandates have dominated time, energy, and money for many CIOs over the past few years. And while some deadlines have come and gone, CIOs are still nervous about undefined legal areas, or antiquated systems that can't really keep pace, or limited dollars to make needed changes. According to one source close to the subject, CIOs are having to become "minilawyers" themselves. They've got to let their CEOs or their corporate boards know where potential weaknesses still lie. And for some, maybe the best thing to do is to hire their own lawyers to protect themselves. How about you? Are you struggling with compliance issues you thought would be resolved a long time ago?

Stephanie Stahl
Editor-in-chief
[email protected]

To discuss this column with other readers, please visit Stephanie Stahl's forum on the Listening Post.

To find out more about Stephanie, please visit her page.