Legal Contracts & Compliance (LCC) Archives - Latest News from Backup Technology

For enterprises and businesses, compliance is a term that shows the company is following laws and regulations concerning business, personnel and clients. For businesses, compliance is not optional. In fact, it is obligatory for organizations and divergence to this act results in form of penalties.

Accounting scandals of a number of corporations made it necessary to establish an act therefore the Act Sarbanes Oxley was passed against such companies. As a result, non compliant enterprises have to face penalties such as loss of D & O insurance, imprisonment, heavy fines and lose exchange listing. It is given that investors do not have an interest to invest in non-compliant organizations. In case, CFOs or CEOs give fake certifications, they will face charges of one million dollars fine for their un-willful wrong doing. On the other hand, charges for willful doings are up to five million dollars. In addition to penalties, CEOs and CFOs can be imprisoned for up to ten to twenty years based on the evidence presented.

HIPAA is an act concerning health insurance portability & accountability. HIPAA is applied to service providers dealing with health care departments. The act also equally applies to health care associates. If service providers are unable to meet the demands of HIPAA Act, they will be fined severe penalties. Health care providers are castigated when they ignore standard of HIPAA. In such cases, the Secretary has the right to charge $100-$50,000 for each violation, up to a maximum of $1.5 million for identical provisions during a calendar year.

Another important part of HIPAA is its relation to personal health information (PHI). When sensitive information such as PHI of patients is disclosed, health care providers are penalized for their carelessness. In case this infringement is willful, up to $50,000 penalty, with a year imprisonment or both is imposed on the wrong doer. Conversely, if the violation is done with false pretences, an amount of $100,000 is imposed, with five years imprisonment or both. However, if such violation is for to get commercial benefits, a fine up to $250,000, with 10 years of imprisonment or both is imposed.

Punishments related to PCI-DSS and data protection act impose charges of up to $500,000 for data breaches. Non-compliant companies not only get charged fines, but also have to face long lasting penalties, such as credit card activity shut down, loss of business, staff cost during recovery process, detailed and increased audit requirements, charges of printing clients’ notification, printing costs, emailing costs, as well as loss of clients’ trust.

Controllers of non-compliant data are also punished by Data Protection Act. They are required to get registration and follow data protection act to become qualified for processing sensitive information of customers. If data controllers do not get registration, they can face litigation and penalties. On the other hand, data controllers and agents who misuse personal client information in other ways that are not mentioned in the act, they could be charged under the civil or criminal act sanctions.

In short, non compliance can be terrible and costly for companies.

Software audit is usually carried out by large scale companies. When customers pay for software, it is their right to ask questions and get satisfactory response. There are basically two kinds of audits, known as:

Software Assessment Management or SAM
Legal Contracts & Compliance or LLC

SAM is a kind of audit that makes certain whether customers are in compliance or not. If the answer is negative, the company is expected to work with its customers to achieve the target. SAM is also known as “self-audit”, as customers are directed to fill forms to provide detail of software and evaluate it with other software they have purchased earlier.

Many companies are given licensing agreements or deals to fulfil their compliance mandate. Customers, who have used SAM audit process, state that it is supportive when they make fair attempts to becoming compliant. Your contribution in self audit is voluntary; however, if you choose not to participate, an alternate form of audit is offered.

LLC is activated when customers reject SAM. As compared to self-audit, LLC is not free and is taken seriously as someone has accused your business for software piracy. It is your right to consult with an attorney if LLC is issued to your company. Such type of audit is controlled by Business Software Alliance (BSA), which is an anti-piracy leading group that can be hired by software companies to carry out all-encompassing audits. It is something serious as penalties per title violation are more than $150,000.

What are Effective Practices?

Don’t Postpone
If you realize that your company is getting out of compliance, it is good to start the audit process as early as possible. Software audit becomes more considerate when customers are serious about compliance issues.

Do not Presume Authenticity
There are many fraudulent sellers that get benefits from companies by selling pirated software. It is more critical that customers do not even know they are using pirated software till audit exposes the truth. It is necessary to select only certified resellers to avoid such situations.

Keep Record of Receipts
Always keep record that you have purchased laptops or other devices with specific software. During an audit, you need to give proof that your software is legally purchased, and covers retail and OEM licenses.

Software Inventory
In some cases, you might not be able to get record of all of your software in use in the company. If so, you must perform inventory process to find out installed software. It helps in finding breaches in compliance.

Work with Sellers
It happens that companies do not keep all software in full compliance. Auditors understand this and they do not take it seriously and anticipate that your company starts working with sellers to become fully compliant.

Software audits are very important and help companies to become compliant and avoid legal suits. For instance, Microsoft assumes that if customers have Volume Licensing contracts or Enterprise Agreement, they are considered as complaint. Usually audits for small and medium sized companies are issued through Selection or Open licensing agreements.