Rules, Rules, Rules - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Business & Finance
11:03 AM

Rules, Rules, Rules

Sarbanes-Oxley, the Health Insurance Portability and Accountability Act, Gramm-Leach-Bliley, the USA Patriot Act, the California Security Breach Law, Securities and Exchange Commission rule 17a-4 -- these are but a few of the compliance challenges companies face today.

If Guardian Life Insurance Co. executive VP and CIO Dennis Callahan ever takes up tennis, he'll probably be thoroughly bored. Just a single ball, and only one person trying to sneak it past him? Callahan, whose main job the past 3-1/2 years has been to try to change the culture of the company's technology organization, spends a good chunk of his time--and more than $4 million a year--swatting back compliance balls flying in from securities regulators and California lawmakers.

Sarbanes-Oxley, the Health Insurance Portability and Accountability Act, Gramm-Leach-Bliley, the USA Patriot Act, the California Security Breach Law, Securities and Exchange Commission rule 17a-4 --these are but a few of the compliance challenges he faces. That's along with his day job of managing a $150 million annual IT budget to help salespeople be more productive, simplify operations, improve customer service, and diversify the lineup of insurance products.

To say regulatory compliance is a distraction for business-technology executives is an understatement. Four out of five say it's a challenge just tracking whether their organizations have met compliance goals, according to an InformationWeek Research survey of 200 business-technology professionals last month. A third say complying with government regulations has had a negative impact on productivity. And 59% say their spending on compliance will go up this year, while only 6% predict a decline. That's a bit less than in September, when InformationWeek Research conducted its first compliance study; then, 71% said they'd spend more and only 2% predicted less spending.

Guardian Life Insurance Co. executive VP and CIO Dennis Callahan

Regulations have put pressure on Guardian Life's technology budget, Callahan says.

Photo by Ken Schles
Yet considering that many companies are actually cutting their overall IT budgets--54% were cutting or holding level in an InformationWeek survey at the beginning of this year--compliance is clearly a burden. "The substantial increase in regulatory requirements in the past few years has put added pressure on the technology budget," Callahan says.

Guardian Life spends 3% of its IT budget directly on compliance and another 2% on somewhat related functions such as business continuity and risk management. Some of that money is being spent to create a dedicated system around EMC Corp.'s Centera software for data-life-cycle management, working in tandem with iLumin Software Services Inc.'s Assentor E-mail-retention software, to meet SEC rule 17a-4. That rule requires financial companies to retain, monitor, and analyze electronic communications.

The insurer also is using Centera to manage its storage area networks, where transaction and customer data are kept. The company is increasing the capacity of those SANs in part to accommodate compliance with the Sarbanes-Oxley Act, which holds business directors and managers accountable for the veracity of financial statements. While Guardian is a mutual insurer and not a public company, and is therefore not subject to Sarbanes-Oxley, Callahan says it's only a matter of time. "Insurance regulators are looking at it and so are we," he says.

Spending Less

The company has received some business value in return, such as improvements in record-keeping related to the "know your customer" requirements of the Patriot Act. But that's a minority opinion--only 38% of companies say they've benefited from complying with regulations, while 22% say it has hurt them, and 40% say it has had no impact. Guardian treats compliance issues as "helping IT and the business focus on issues they ought to be addressing anyway," Callahan says.

Sarbanes-Oxley and HIPAA are the most far-reaching of the relatively new regulations, with more than half of InformationWeek Research respondents saying their companies are taking steps to comply with them. HIPAA sets standards that affect any company handling medical records, requiring certain standards for privacy and security of patient information that affect a broad swath of companies: employers, insurance companies, and health-care providers.

And there are new regulations coming all the time. Just last month, the federal government--under authority of the 65-year-old Fair Labor Standards Act--significantly changed how overtime must be calculated. The feds also enacted the Can-Spam law, which affects direct marketers such as major E-retailers, as well as the Do Not Call Registry. California state senators have passed a bill proposing to regulate the use of radio-frequency identification tags on individual consumer goods. No wonder that a third of companies say they're less productive because of government regulations.

One of the first reactions to new regulatory requirements has been to restrict access to company data, though the impulse to limit information flow isn't as strong as it used to be. Last year, 75% of companies said they were more closely restricting access to certain data; now that's 66%. Thirty-nine percent were providing less information to partners or customers; now just 26% are.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
1 of 3
Comment  | 
Print  | 
More Insights
The State of Cloud Computing - Fall 2020
The State of Cloud Computing - Fall 2020
Download this report to compare how cloud usage and spending patterns have changed in 2020, and how respondents think they'll evolve over the next two years.
2021 Outlook: Tackling Cloud Transformation Choices
Joao-Pierre S. Ruth, Senior Writer,  1/4/2021
Enterprise IT Leaders Face Two Paths to AI
Jessica Davis, Senior Editor, Enterprise Apps,  12/23/2020
10 IT Trends to Watch for in 2021
Cynthia Harvey, Freelance Journalist, InformationWeek,  12/22/2020
Register for InformationWeek Newsletters
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you.
White Papers
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll