GRC Roll-up: Legal Ramifications of the Cloud, SMBs Sweat Compliance

3 minute read
Marisa Peacock avatar

In the GRC world this week, we examine electronic records legislation, the need for compliance in the cloud and how small businesses need to implement strategies to reduce risk.

Does Cloud Have a Boss?

In a recent article, Richard Adhikari asked Who's the Boss in Cloud Land? Adhikari nicely sums up the pros and cons of cloud computing and the legal ramifications of storing data outside one’s jurisdiction.

Businesses may flock to the cloud because of its flexibility, but it could also be the very thing that causes the most problems. Adhikari contemplates the following situation:

What happens if servers D and E run virtual machines with data that's under strict governance, such as medical data? If you consolidate these onto servers running virtual machines holding less-strictly regulated data during off-peak times, you could be in breach of compliance.

In this case, as it is with most others, companies can prepare themselves by paying more attention to governance and control, and must be transparent with information shared with compliance officers and auditors.

Small Businesses Sweat Compliance, Too

Nancy Mobley of INC. Magazine advises companies to “sweat the small stuff” in a recent article. She says that small businesses “can't afford to overlook federal and state compliance policies” and encourages business owners to support HR needs as best they can. Developing best practices and strategies can impact business growth, reduce risk and ensure compliance.

A recent survey of small businesses in New England found that small businesses are planning to increase hiring and benefits to employees, but are also watching costs. As well, new health care legislation will impact small businesses and the benefits they can begin to offer employees.

Mobley says that companies must “figure out best way you can continue to grow, be in compliance and create a workplace that will attract and engage star performers.”

Learning Opportunities

Amending the Electronic Message Preservation Act

Healthcarewasn’t the only legislation making news this week. The House also passeda measure that would amend federal records law to ensure thegovernment properly preserves electronicmessages and deploys the necessary information technology to do so.

Thebill aims to increase the National Archives and RecordsAdministration’s (NARA) authority over the oversight of federal andpresidential record keeping practices.

Without a statutoryprescription for maintaining electronic records, agencies can continueto print and file records as they would paper documents, making theprocess outdated and ineffective.

The amendment would allow thehead of NARA to establish standards for the capture, management andpreservation of electronic messages that are presidential records andannually certify the management controls put in place by theadministration.