Story image

Six common compliance challenges A/NZ businesses face today

03 Aug 17

Hitachi Data System has released the findings of a new report prepared by technology law firm, Fieldfisher LLP.

The researchers reviewed data retention obligations in Asia Pacific and the principles that have influenced a rise in common requirements for data capture, storage and management.

New global legislation, such as the Markets in Financial Instruments Directive II ("MiFID2"), Dodd-Frank and, looking ahead to 2018, the General Data Protection Regulation ("GDPR"), further extend the influence and power of regulators, the report claims.

Paul Bruton, business director, data intelligence, Hitachi Data Systems, Asia Pacific says that regulators today have an even more sophisticated understanding of the power of technology in advancing the compliance agenda.

As the report explains, this results in increasing regulatory requirements, for example mandating more and faster reporting, real-time data capture, and strict management of the deluge of data introduced by digital transformation.

“Businesses in A/NZ face a significant challenge with the GDPR changes coming into effect next year, and let’s not forget the far-reaching consequences of Australia’s new data breach laws,” adds Bruton.

“Now is the time to determine the roles and responsibilities in the creation and management of data within the organisation, factor these requirements into an effective data strategy, and turn the compliance conundrum into an opportunity for digital transformation and innovation.”

The paper identifies six key compliance challenges that enterprises and government agencies need to address:

1.    Capture and management
2.    Access and availability
3.    Privacy and security
4.    Integrity and authenticity
5.    Retention and preservation
6.    Disposal and defensibility

The Fieldfisher report also looks at the implications of legal frameworks for Australian and New Zealand enterprises, including the Australian Privacy Principles (“APP”) and the Information Privacy Principles (“IPP”) in New Zealand.

Simon Briskman, partner at Fieldfisher comments, “In comparison with many countries in Asia Pacific, Australia is well advanced in access and disclosure requirements. Australian law in the area has a long evolution.”

“For example, the Australian Corporations Act 2001 lays down extensive obligations for the preparation of financial reports. Regulators such as the Australian Securities and Investments Commission and the Office of the Australian Information Commissioner ensure Australia meets broad international standards on information security, data management, record keeping, disclosure and data quality.”

He says both Australia and New Zealand have legislation allowing electronic communications to be admitted in evidence in court, and there have been significant changes to the privacy laws in both countries.

“Overall, the landscape is one of increasingly sophisticated regulation that requires specific compliance solutions. Technology has become a vital part of those solutions.”

In data retention and record keeping requirements, Australia and New Zealand are in the middle bracket, with the Australia Corporations Act 2001 and the New Zealand Companies Act 1993 requiring records to be kept for at least seven years.

The period of retention varies widely across the Asia Pacific region; in Singapore the minimum is five years, in Hong Kong and India 10 years, and in China records can be required to be retained permanently, depending on the nature of the record.

GCSB welcomes Inspector-General's report on intelligence warrants
Intelligence warrants can include surveillance, private communications interception, searches of physical places and things, and the seizure of communications, information and things.
Corelight and Exabeam partner to improve network monitoring
The combination of lateral movement and siloed usage of point security products leaves many security teams vulnerable to compromise.
SailPoint releases first identity annual report
SailPoint’s research found that many organisations are lacking maturity in their governance processes over identities.
Disruption in the supply chain: Why IT resilience is a collective responsibility
"A truly resilient organisation will invest in building strong relationships while the sun shines so they can draw on goodwill when it rains."
The disaster recovery-as-a-service market is on the rise
As time progresses and advanced technologies are implemented, the demand for disaster recovery-as-a-service is also expected to increase.
Apax Partners wins bidding war for Trade Me buyout
“We’re confident Trade Me would have a successful standalone future," says Trade Me chairman David Kirk
Avnet to boost AI/IoT solutions with acquisition
The acquisition of Softweb Solutions adds software and artificial intelligence to Avnet’s ecosystem and bolsters its IoT capabilities.
The key to financial institutions’ path to digital dominance
By 2020, about 1.7 megabytes a second of new information will be created for every human being on the planet.