c. US

0 comments 2.677 views

This page is part of the  compliance services which belongs to the compliance and risk management toolkit section of our services that includes compliance matters forCHEU and US (you are here) as well as risk assessmentinternal controlsrisk management and the risk checklist.

The US is a litigious society – failure to comply may land you in court if not in jail.

Governance and regulatory compliance today is primarily about data protection, information security and the organization’s general control environment.

With compliance initiatives such as the Sarbanes-Oxley Act (SOX), BASEL II and III, and California SB 1386 (as well as other data security breach laws) it has become imperative that a company models its controls to ensure a transparent audit trail.

Firms in particularly litigious industries such as financial services, healthcare, life sciences, construction, retail and manufacturing often face high numbers of legal matters, and need to retain, preserve and access relevant information contained in bodies of e-mail messages.

The discovery of electronic information in e-mail during corporate litigation is increasing, impacted by amendments to the US Federal Rules of Civil Procedure (FRCP) in December 2006.

Firms have a duty to preserve electronic information for the purposes of discovery before litigation starts, at the point when litigation can be reasonably anticipated.


In the U.S. failure to comply can result in costly litigation. One example is the one from TJX that paid dearly for the data security breach its customers had to experience.

How much it might damage the firm’s reputation and customers’ trust in the firm’s way of handling their personal data including purchasing information remains to be seen:

5 data security breach regulation – judge is spelling out the exact costs for TJX

For more information about court cases and litigation including costs due to lack of risk assessment, risk management, governance and compliance, see her:

US court cases – data security breaches, non compliance, inproper controls, etc.