> Data Destruction Topics > Media Sanitization Scenarios
Sarbannes-Oxley Act
STATUS: Enacted July 30, 2002
FULL NAME: Public Company Accounting Reform
and Investor Protection Act (Senate)
Corporate and Auditing Accountability and and Responsibility
Act (House)
TARGET: Publically traded companies
DESCRIPTION: The Sarbanes-Oxley Act introduced significant legislative changes The Sarbanes-Oxley Act to financial practices and corporate governing regulation for publically traded companies. The intent of the Act is to force publicly held companies to promptly make
available and maintain all meaningful business related information in order to protect
the investing public. While the primary focus of this act is to make corporate finances
more transparent, it also specifies best practices for the disposal and documentation
of financial records. Because of the Sarbanes-Oxley Act, intentional document
destruction is now a process that must be carefully monitored. Because the legislation
is concerned with financial transparency, it has created a Catch 22 for electronic
records management and security. Many legal firms recommend establishing a data
destruction protocol which provides for methodical and verifiable destruction of data, which
may create a legal safe harbor.
AGENCIES: Securities and Exchange Commission
(SEC))
DATA SECURITY FACTORS:: Section 404 of the Sarbanes-Oxley (SOX) Act requires you to create and monitor controls of systems that affect your ability to deliver accurate financial reports. It also makes company management responsible for this “internal control” over financial reporting.
ENFORCEMENT / PENALTIES: Violations of this Act are accompanied with very strict fines and jail time. The severest of fines could get up to as high as $5,000,000 and up to 20 years in prison.
Complete listing and links for data security regulations and legislation.
