BANGALORE, INDIA: The magnanimous growth in volume and the complexity of digital information generated and replicated globally has fetched novel challenges and legal boundaries, which companies have become subjected to, in many ways. Among other implications – information management has an emerged as a critical aspect of compliance.

With time, compliance has witnessed its transition from just being a buzzword that the whole world was talking about, into becoming an imperative survival issue for the corporate world today. Fines, penalties, legal hassles and worst of all; loss of reputation for non-compliance are driving companies to pay heed to this issue on a serious note.

Almost all the corporate regulatory bodies, both in India and abroad have been emphasizing to introduce mechanisms which will force the business houses to commit to better corporate governance.

I am sure you are familiar with the much quoted and highly publicized corporate disasters. The most recent one being the national fiasco in a large developed country - The government lost computer disks containing detailed personal information on 25 million citizens, including an unknown number of bank account identifiers, in what analysts described as potentially the most significant privacy breach of the digital era.

In India recently, SEBI has initiated adjudication proceedings against 20 companies for non-compliance with Clause 49 (which deals with corporate governance) norms under their listing agreement with the stock exchanges.

Globally, there are a staggering 16,000 regulations that businesses need to comply with, including significant legislation such as IT Act, SEBI Clause 49, Sarbanes-Oxley, HIPAA and BASEL–II. According to an IDC Survey, the worldwide information management for compliance market will cross the $20 billion mark in 2009 growing at a compound annual growth rate of 22 percent through the 2005-2009 forecast period.

Moreover, each of the international and national regulations mandates specific guidelines for data management, retention, protection and authentication which will make adoption of information infrastructure solutions for compliance acutely essential for organizations across the world and in India.

Almost all the Indian companies doing business with NASDAQ listed companies fall under the purview of SOX (Sarbanes Oxley Act). BPO companies in India are legally obliged to abide by the regulations that their clients follow-Sarbanes Oxley Act, Gramm Leach Bliley act, EU Data Protection Act, HIPAA etc. Specific regulations in India mandate how companies need to manage and store their information.

These include- The IT ACT, The Indian Evidence ACT and SEBI Clause 49. Each of these regulations has specific guidelines on the way "data" or "information" has to be managed, retained or protected.

The Indian IT Act

The Information Technology Act, 2000, is India's first Cyber law and provides various provisions that impact data or information in the electronic form. By virtue of Section 4 of this Act, legal recognition has been granted to all electronic records.

The Indian Evidence ACT

The Indian Evidence Act emphasizes that archiving or retaining of electronic records must be capable of being produced as legal evidence in a court of law or in any legal proceedings.  Section 65A & 65B of the amended Indian Evidence Act deal with evidence related to electronic records and the admissibility of electronic records. 

SEBI CLAUSE - 49

Clause 49 emphasizes on Risk Management Disclosures. Whenever any company submits its quarterly compliance report to the stock exchanges under the amended Clause 49, the said report must be based upon the compliance of its electronic records, in accordance with the requirements of the Indian Information Technology Act, 2000 as also the Indian Evidence Act, as amended.

These regulations have made information management and its security, an issue of prime concern. The indispensability of efficiently addressing this issue can be better understood if we take a closer look at the volume of information being created and how much are the enterprises contributing to it.

An IDC study, The Expanding Digital Universe: A Forecast of Worldwide Information Growth Through 2010: puts forth certain facts that clearly assert the exponential information growth that the world is witnessing and the way it is going to change the entire way businesses and individuals operate.

As per IDC report; information that is created or captured and replicated in digital form amounted to 161** exabytes in 2006 and is forecasted to touch 988 exabytes mark by 2010, representing a CAGR of 57 percent. Just to get a fair idea of this volume, it is equivalent to approximately three million times the information in all the books ever written. 30 percent of this digital information today is potentially subject to security applications and 20 percent is subject to compliance regulations.

Asia Pacific excluding Japan will contribute 30 to 40% more to this volume as compared mature economies. As per the report, while nearly 70% of the digital universe will be generated by individuals by 2010, most of this content will be touched by an organization along the way – on a network, in a data center, at a hosting site, at a telephone or Internet switch, or in a backup system.

The startling fact is that organizations – including businesses of all sizes, agencies, governments, and associations – will be responsible for the security, privacy, reliability and compliance of at least 85% of the information.

Compliance will drive the next wave of IT investment by organizations in India. The factors which are going to propel this trend are:

·    Increasing globalization of businesses, one world of businesses which in turn is making business processes, policies very stringent.
·    A host of regulations define specific codes of conduct/policies to be followed while engaging with multiple stake holders
·    In the recent past the Indian BPO/ITeS has been plagued with multiple data theft scandals
·    Increasing terror attacks have also compelled organizations to introduce measures/policies to protect their business data

Judging by the prevalent trends, regulatory compliance will require organizations to look at their information resource throughout its entire lifecycle and how it impacts various aspects- right from retention period, to retention policy to data authenticity. Industry spending on compliance is forecasted to increase across all verticals- BFSI/IT-ITES, Telecom, retail etc, in near future.

As organizations in India prepare themselves to compete in the global economy, they will have to focus on building intelligent information infrastructures to extract maximum business value for their information assets, improve service levels, position their organizations for growth and change, comply with regulations, protect key information assets and attain newer watermarks of efficiency, security and productivity.

Organizations need to ensure that the required people process and technology are in place to enable compliance. The good news is that, companies have begun to realize the importance of building efficient information infrastructure and have started investing in the requisite technology. However, there is a long way to go.