Thank the Enron and WorldCom scandals for the tough new disclosure regulations handed down this year by the federal government. As a consumer, you might welcome the tighter restrictions, but as an IT pro, the changes probably feel more like a stranglehold.
Yet it's not just new rules required by the Sarbanes-Oxley Act, which seeks to ward off accounting misdeeds, that have IT managers in a dither. From legislation such as the "do not call" list, which has forced marketers to rethink how they solicit consumers, to the threat of VoIP regulation, to the privacy requirements demanded by the Health Insurance Portability and Accountability Act (HIPAA), American IT departments are faced with numerous new rules that will have a huge impact on businesses well into the New Year.
Here're a few that have IT managers reaching for the Tylenol.
The Sarbanes-Oxley Act
U.S. companies are expected to spend more than $2.5 billion to comply with new accounting rules detailed by the Sarbanes-Oxley Act, with a significant chunk going to IT projects -- and some experts say that's just the tip of the iceberg. The law is intended to make companies' business practices more transparent to investors and regulators. As the Sarbanes-Oxley deadlines loom, companies are scrambling to update their business systems with new reporting and compliance solutions, which could spur more corporate IT spending.
SEC Rule 17a-4
At the center of the compliance regulatory hoopla is SEC Rule 17a-4. Rules regulating the management of business documents are not new. The government has required businesses to maintain business records for some time. What's different now is that electronic records, such as e-mail and instant messages, are part of those regulations. Consequently, the sheer volume of data that needs to be archived is daunting. The job is overwhelming, or at least a pain in the neck, users say. But stiff fines for businesses not in compliance have got many IT departments scrambling to get things in order.
'Do not call' list
Is it a lot more quiet around your house during dinnertime? The national "do not call" list essentially put the nix on telemarketers calling consumers at dinnertime, or anytime, for that matter -- if the consumer is part of the "do not call" registry. Hung up in courts for a while, the law is now in effect and forcing companies to look for other ways to get people to buy their products, specifically by marketing to people when they make inbound calls to the company.
The federal government is taking a crack at regulating unwanted e-mail with a new national law that takes effect Jan. 1. Already critics are having a field day with it. While the Can-Spam law gives the feds the ability to create an antispam registry, even the FTC's chairman admits that such a list would be nearly impossible to enforce. Marketers can flee offshore to dodge penalties. Plus, the national law supersedes tougher state regulations, like an antispam measure passed in California.
Viewed by some as an unnecessarily heavy-handed regulatory stance toward voice over Internet Protocol (VoIP), the proposed FCC regulations are not popular among wireless provides. Critics contend that any regulation would stifle innovation, boost costs and protect traditional phone companies from the challenge that low-cost or free Internet calling service could bring. Unfortunately, the biggest challenge to the total adoption of VoIP isn't the complex technology, or the lack of experienced implementers. It's regulatory hoopla. VoIP is illegal in an astonishing number of countries, while the rest are mired in enough red tape to cut into or negate the cost savings.
Wireless number portability (WNP)
This piece of legislations lets cell phone users in the country's 100 largest markets switch cell phone service providers while keeping their phone numbers. But the new law is plagued by controversy and criticism -- particularly for wireless telcos. The law means huge technology investments for carriers. The cost to the industry could be as much as $1 billion just to make portability a reality across networks, and $500 million a year to support it.
More painful than a shot in the rear, health care providers are now required to comply with the data collection and privacy portion of the Health Insurance Portability and Accountability Act (HIPAA). HIPAA establishes standards and requirements for securing patient information. Although compliance could be an ongoing battle for many health care and insurance providers, some experts say the HIPAA rules simply legislate good business practices.HIPAA legislates good business practices
The USA Patriot Act
The USA Patriot Act was passed in response to the September 11 terrorist attacks. In essence, the act gives federal law enforcement officials speedier access to private communications, like e-mail and phone conversations. As more tenets of the act come into effect, more concerns are being raised about the potential for government abuse and loss of civil liberties, and more questions are being raised about the act's ability to prevent terrorism. The issue has presented ethical as well as technical dilemmas for privacy and security officers.The USA Patriot Act: A matter of too much security?
FOR MORE INFORMATION: