This firm often assists regulated entities with compliance-related concerns such as information security, due diligence, software licensing, and data breach notifications. As the universe of compliance obligations expands, so too does a company's exposure portfolio. This increase in liability may result from a software publisher audit, failure to provide notice to customers about a data breach, or governmental agency fines. Compliance, like many other aspects of the business world, is a balance of risks. Unfortunately, it often takes an organization being rebuked in some fashion before it realizes the importance of failure to be in compliance.
One of the most important tasks an organization can do with respect to compliance is to view its relevant policies and procedures as a living, dynamic set of documents. Compliance policies must constantly evolve with the changing environment for several reasons, but consider the following:
- First, the laws vary. Consider, for example, data breach notice laws. Almost every state has its own identify theft protection and notice statute. While they generally track the federal guidelines governing financial institutions and health care providers, they can vary substantially.
- Second, the laws may change or be preempted. Whether it is a state legislature's revising a consumer protection statute, or a federal law or agency regulation change, it is safe to say that these are changing literally all the time.
- Finally, the business may change. It may enter into new geographical markets, offer new products, or deal with concerns that implicate new laws.
These are only a few of the supporting reasons for reevaluating compliance obligations, but they also suggest that companies should consider these obligations as dynamic and worthy of continuous scrutiny.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
