5
1
Information Governance
Requirements for
Regulatory Compliance
Data Protection & Privacy
The regulatory landscape is experiencing an expansion of data privacy laws around the
world and each new version is more stringent than the last. Technology innovations
and unprecedented data volumes are pushing the limits of privacy and security beyond
current regulatory and legal requirements.
1
Security
2
Privacy
100+
There are more than 100 federal data
privacy laws around the world, regarding
the compliant collection, use, and
safeguarding of personal information.
What types of risk are of most concern
based on the potential impact they
could have on your organization?
AIIM Managing Governance, Risk and Compliance
with ECM and BPM survey and whitepaper, May 2015
2
Norton Rose Fulbright Global Data Privacy Directory
Regulatory Records Retention
Many industries—especially highly regulated sectors such as Energy,
Financial Services, and Life Sciences—are subject to regulations with requirements
to retain records and electronic communications for a minimum period of time.
>90%
More than 90% cite meeting regulatory records retention
requirements as the main reason their organization
has implemented, or is planned to implement, a records
and information management program.
IDC Information Management Compliance Survey
14,000+
There are over 14,000 US
regulations mandating how
long to keep records.
Challenges in Records Management and Retention for U.S. Domestic and International Organizations - Cadence Group
3
eDiscovery Requirements
Regulatory investigation matters are on the rise. There are a number of
regulations with mandated response times for information requests including
Freedom of Information (FOI) laws for government and those enforced by the
SEC, Dept of Justice and Environmental Protection Agency (EPA).
60%
100+
There are currently over 100 countries
that have FOI laws, giving citizens the
right to request and access information
from and about their government.
freedominfo.org
4
Approximately 60% of an organization’s
litigation budget is spent on discovery.
Hildebrandt Baker Robbins
Information Integrity & Authenticity
Business records provide the evidence to demonstrate compliance, and with
regulations such as 21 CFR Part 11, the Canada Evidence Act, and Foreign Corrupt
Practices Act, organizations must be able to attest to the integrity and authenticity
of its records. Companies, their stakeholders, and regulators need assurances that electronic records and signatures are as reliable as their paper versions.
Requirements for admissibility of electronic records as documentary evidence:
1. Authenticity of the record
2. Integrity of the electronic records system
3. Record made “in the usual and ordinary course of business”
4. Proof of the integrity of an organization’s records system
CGSB Electronic Records as Documentary Evidence Standard
5
Reporting Obligations
Regulatory reporting refers to the requirement for organizations to provide
an account of compliance, usually including raw or summary data, with mandated
frequency e.g. annually.
4.4
22%
Million
Only 22% companies required to
file Conflict Minerals reports by
June 2014 deadline did so, most citing
supply chain complexity
Schulte Roth & Zabel LLP and Conflict-Free
Sourcing Initiative Conflict Minerals Reporting
White Paper (September 2014)
# of paperwork hours
Dodd-Frank legislation
required in 2014
2014: Year of Action,
Year of Regulation–American Action Forum
Handling regulatory compliance with
Information Governance gains businesses
a competitive edge
For OpenText Compliance solutions visit us here:
www.opentext.com/EnsureCompliance
About OpenText
OpenText enables the digital world, creating a better way for organizations to work with information,
on premises or in the cloud. For more information about OpenText (NASDAQ: OTEX, TSX: OTC) visit opentext.com