CIO Compliance Management Role

CIO Compliance Management Role - CIOs must understand the importance of implementing and enforcing litigation readiness processes and policies. Successful e-discovery relies on a balanced mix of people, process and technology. If a proactive process isn't established, employees' expertise and advanced technology capabilities will have significantly less impact. Also, to reduce the chance of employees sharing damaging or classified communications, CIOs should implement guidelines for the dissemination of sensitive knowledge.

CIOs should have a data discovery plan as that can reduce risk and expenses. Poor litigation preparation can consume large amounts of time and lead to higher attorney fees, as well as missed court deadlines, fines and courtroom losses. The CIO should compare the costs associated with proactive litigation readiness to the expense of unprepared discovery. Sometimes, settling a lawsuit is the most cost-effective solution, and establishing a discovery process can help facilitate the right business decisions.

CIOs should encourage active data mapping to quickly identify information and organizational systems, and to locate important data while working with the legal department to assess litigation readiness. But only 35 percent of senior executives realize that records management is vital to risk mitigation, according to a 2009 survey by management consulting firm Cohasset Associates.

Inadequate records management contributes to misplaced documents, potential discovery negligence and increased discovery costs. There's no "easy" button: Buying a tool will not single-handedly solve discovery and litigation problems. Digital forensics experts can be a valuable asset to the defensible collection and analysis of data.

Together, the CIO and the legal department have the greatest power to improve litigation processes. They should drive the message to employees: A data map is absolutely essential, and the company must be litigation-ready at all times. The legal department should reinforce the need for processes and policies and ensure that they're enforced by the human resources department and IT. Most important: When a lawsuit is anticipated or occurs, counsel must immediately establish a litigation hold, suspending all normal data destruction to prevent any chance of spoliation (withholding or destroying evidence) and subsequent lost cases.

Federal and state government regulations (see state compliance requirements) can be a big problem for today's organizations. There are more than 100 such regulations in the U.S. alone, and that number continues to grow. These are in addition to industry-specific mandates. They are all designed to safeguard the confidentiality, integrity, and availability of electronic data from information security breaches. So, what are the consequences if your organization fails to comply? Heavy fines and legal action. In short, it's serious.

Exposure for non-Compliance

Regulation	Penalty	Fine
GLBA	10 Years Prison	$1,000,000
HIPAA	10 Years Prison	$100 per occurrence maximum of $25,000 per year
SOX	10 Years Prison	$15,000,000
Sec Rule 17a-4	Suspension	$1,000,000
GDPR	none	€10 million, or 2% of the worldwide annual revenue to €20 million, or 4% of the worldwide annual revenue
CCPA	none	$7,500 per record no cap

Compliance Management Toolkit Versions

Janco offers a full range of tools to help enterprises of all sizes to address these issues. The Compliance Management kit provides the infrastructure tools

In addition to the Compliance Management White Paper we provided the The Compliance Management tool kit in three (3) versions: Silver, Gold, and Platinum.

Order Compliance Management Kit  Download Selected Pages Compliance Kit