LISTSERV - RECMGMT-L Archives - LISTSERV.IGGURU.US

RECMGMT-L Archives

Records Management

RECMGMT-L@LISTSERV.IGGURU.US

	LISTSERV Archives
	RECMGMT-L Home

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Forum View Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: E-Mailing of Company Financial Data
From:	Rick Wolf <[log in to unmask]>
Reply To:	Records Management Program <[log in to unmask]>
Date:	Thu, 4 Oct 2007 10:32:40 -0400
Content-Type:	text/plain
Parts/Attachments:	text/plain (157 lines)

Dear Steve,

 

I saw your email and thought I would give you a quick response.  I would
suggest you engage a qualified lawyer (in-house or private) or a legal
business process consultant to provide a more thorough analysis upon which
you can rely.  I do provide such advice as an outside consultant these days,
but this email is intended for informational purposes only, not legal
advice.

 

There are regulations that likely apply and common law duties that could
apply indirectly to the situation you describe.  Indeed, this is a typical
issue for companies when circulating content for their quarterly earnings
statement or when obtaining explanations from the field for journal entries.
At common law, there is a duty of care to protect sensitive corporate
information from being accessed by third parties and your corporate officers
could be deemed in breach of that duty if care is not taken to protect such
information.  That is a somewhat extreme case, however it is conceivably
applicable in these circumstances.  The most applicable regulation is likely
Sarbanes Oxley section 404, if you are publicly traded, which requires
management and your outside auditors to report periodically on the adequacy
of the company's internal control over financial reporting. In my former
role as compliance officer for a public company, we dealt with these
controls and helped our external reporting folks in finance with their
business process and controls.

 

One consideration might be to analyze and re-engineer the business process
so that the sensitive data resides within your firewalls and to the extent
there are email to others about that data, it is merely a link to the
repository based on permissions to see the data.  This way the information
is not floating in cyberspace, your internal controls are sound for SOX 404
purposes, as you would be able to document and test such automated controls
and attest to their soundness.  This can be achieved at a relatively low
cost, inasmuch as you likely own licenses already to the right collaboration
tools and merely need to configure them and re-engineer your business
process to suit your business requirements.  I would be happy to elaborate
further offline.

 

Best regards,

 

 

Rick Wolf

 

LEXAKOS_LOGO_160pxRGB

347 Mt. Pleasant Avenue

Suite 204

West Orange, NJ 07052

(973) 324-0050 (direct)

(973) 324-0052 (fax)

(201) 602-9486 (cell)

 <http://www.lexakos.com/> www.lexakos.com

 

 

 

 

-----Original Message-----
From: Records Management Program [mailto:[log in to unmask]] On Behalf
Of Stephen A. Smith
Sent: Thursday, October 04, 2007 9:58 AM
To: [log in to unmask]
Subject: E-Mailing of Company Financial Data

 

Dear Colleagues:

 

My name is Stephen A. Smith and I have been a list subscriber for only 3

months.  I work for QVC in West Chester, PA.  QVC is currently migrating

from our existing e-mail platform (Notes) to an Exchange environment.

During this process we have been looking at various data security issues,

especially with regard to sending e-mail outside of our existing network.

QVC's CEO oftentimes has to report financial information to our parent

company via E-Mail.  This is probably very similar to what other companies

are doing.  However, the issue raised during one of my meetings yesterday

specifically addressed sending that financial data over the internet in an

unsecured manner.  It also appears that our parent company is not

interested at this time in securing the path between our CEO and their

office.  My questions to the list are as follows:  Are there any specific

regulations or laws that govern the sending of financial data over the

internet that is unsecured?  Other than common sense saying that this

information should be protected, what laws specifically apply in this case?

I appreciate everyone's feedback.

 

Thanks,

Stephen A. Smith, MLIS, CDIA+

Records Manager

QVC, Inc. Information Services

Phone - (484) 701-1559

Fax - (484) 701-1984

[log in to unmask]

 

List archives at http://lists.ufl.edu/archives/recmgmt-l.html

Contact [log in to unmask] for assistance

To unsubscribe from this list, click the below link. If not already present,
place UNSUBSCRIBE RECMGMT-L or UNSUB RECMGMT-L in the body of the message.

mailto:[log in to unmask]


List archives at http://lists.ufl.edu/archives/recmgmt-l.html
Contact [log in to unmask] for assistance
To unsubscribe from this list, click the below link. If not already present, place UNSUBSCRIBE RECMGMT-L or UNSUB RECMGMT-L in the body of the message.
mailto:[log in to unmask]

ATOM RSS1 RSS2

LISTSERV.IGGURU.US