Why is it that knowledge workers in government as well as private enterprises are fighting a culture of control driven by management focused on FRCP, Sarbanes-Oxley, eDiscovery and other regulatory compliance requirements?
The social media tools like Facebook, Myspace and Twitter are already being used by teams in many governmental agencies and private firms because they help knowledge workers “get the job done”.
However these tools are often a nightmare for the Chief Security Officer (if such a “C” level position exists). Regulatory compliance continues to be the main driver for security spending in most industry segments and a substantial financial burden for governmental agencies.
Sarbanes-Oxley for the USA came about after the Enron scandal and with the current financial meltdown for sure new regulations will emerge. Current US regulation is a patchwork of local, state and federal regulation.
The complexity of all the existing US regulations is such that it hinders small and medium sized businesses’ expansion into national or even multi-national market coverage even if that is exactly what the internet offers smaller businesses – the ability to source and operate like big multinational.
Most regulations deal with privacy and accountability. Sarbanes-Oxley for publicly traded firms is the big accountability regulation but smaller firms often trade with publicly traded companies and therefore indirectly will be required to comply with Sarbanes-Oxley.
Privacy is a hodgepodge of regional, national and industry segment specific laws. Obviously you cannot pretend these regulations don’t exist or hope they go away. Non-compliance may present a very real legal and financial risk to your organization.
Every bit of information exchange within the organization and with outside stakeholders must be auditable, i.e. there must be an audit trail and the kitchen sink approach to archiving of all information exchange and subsequent use of fancy search tools to retrieve information deemed to be material in a lawsuit will not work or at least be very, very expensive.
Often organizations are opting not to go to court and instead just settle because litigation is becoming too expensive. Settlements are still expensive.
In the USA the Better Business Bureau shows 34 federal privacy laws that apply to business – industry specific, consumer protection, etc. Add the EU, Canada and the Far East and you are looking at 100+ privacy laws that could affect a company doing business globally.
Social media tools as we know them today do not provide an audit trail of information exchange with an easy way to access it. If you are ever the subject of an eDiscovery audit from a lawsuit, you may need to produce reports on hundreds or thousands of document transactions and other information exchanges from social media tools like Facebook and Twitter.
Enterprise 2.0 tools emerging as “social media tools for the enterprise” are as far as I can see not addressing these issues.
For the Enterprise 2.0 conference in Boston this coming week – June 22-25, 2009 – I see very few, if any reference to the issue of regulatory compliance! I see no mentioning of FRCP, Sarbanes-Oxley, HIPAA, eDiscovery, etc. or discussion of audit trails and archiving of information exchanges or “record management” in the context of a business process.
These are issues we deal with when implementing process applications like our Knowledge Worker Desktop for government or private enterprises.
I will be at the conference next week trying to find out how all these powerful emerging enterprise 2.0 tools could provide synergy to our process applications.
I believe in the future we will see a movement toward self-supported definition and ownership of processes by business stakeholders and project teams. Simple interconnected utilities (enterprise 2.0+) rather than comprehensive suites (SharePoint, OpenText, etc…) will emerge.
This will help to improve the orchestration of teams, people, content and collaboration, BUT someone must be the driving process engine.
I look forward to the Enterprise 2.0 conference!