ICC urges government consultation to counter information compliance overload
To help avoid laws regulating business information systems from becoming too cumbersome and potentially counter-productive, the International Chamber of Commerce has issued a set of principles for governments to follow when drafting these procedures.
Terrorist attacks, accelerating globalization, a wave of corporate scandals, and the dramatic growth in business-to-business Internet transactions have led to a steep rise in the number of laws that require businesses to beef up controls in their IT systems and automated processes.
These laws – coined "information compliance" rules by ICC – on tax, labour, environment, corporate governance, money laundering, data privacy, consumer protection, supply chain traceability and e-contracting all require different safeguards using different terminology. With the added dimension of dissimilar approaches in regional, national, provincial and state laws, an extremely complex "compliance matrix" emerges that companies find increasingly difficult to manage.
"Most companies do not have the resources to monitor, analyze and maintain compliance with all these different requirements. Better consultation between governments and the business community could turn today's burdensome situation into something which could promote greater compliance and business efficiency," said Christiaan van der Valk, compliance vice president of TrustWeaver, and co-chair of ICC's Task Force on Security and Authentication.
"The ramp-up in the number and complexity of information compliance rules is making it increasingly difficult and expensive for business to operate – especially for businesses operating globally – and it is creating headaches for IT and legal departments," said Chris Kuner, chair of ICC's Task Force on Privacy and Protection of Personal Data.
One single set of business information may be subject to tax, environmental, privacy and anti-money laundering rules – yet there is a limit to the number of different safeguards a company can apply to the same bits and bytes. In some extreme cases, legal requirements conflict, leaving businesses with the impossible choice to decide which law to violate.
To help address these problems, ICC urges governments to pass any future laws through its 14 important principles, including: avoid conflicts and be flexible when conflicts occur; consider the economic impact before enacting new laws; ensure requirements do not create barriers to international trade; avoid creating competitive disadvantages within and across borders; do not stifle technological innovation; set compliance objectives rather than prescribe specific standards; use internationally accepted IT terms; and avoid supplying information compliance solutions.
"These ICC principles make a valuable contribution to thinking systematically when crafting policy on information compliance," said Scott Blackmer, a US lawyer and well-known expert on information privacy and security.
ICC has long been one of the principal voices of international business on data protection, security and policies affecting information and communications technologies. Because of its substantial experience in dealing with issues such as jurisdiction, contracting and corporate governance, ICC has a unique perspective on the evolution of laws and public policy that affect businesses' use of information technologies.
ICC is the world business organization, a representative body that speaks with authority on behalf of enterprises from all sectors in every part of the world. ICC promotes an open international trade and investment system and the market economy.