For enterprises and businesses, compliance is a term that shows the company is following laws and regulations concerning business, personnel and clients. For businesses, compliance is not optional. In fact, it is obligatory for organizations and divergence to this act results in form of penalties.
Accounting scandals of a number of corporations made it necessary to establish an act therefore the Act Sarbanes Oxley was passed against such companies. As a result, non compliant enterprises have to face penalties such as loss of D & O insurance, imprisonment, heavy fines and lose exchange listing. It is given that investors do not have an interest to invest in non-compliant organizations. In case, CFOs or CEOs give fake certifications, they will face charges of one million dollars fine for their un-willful wrong doing. On the other hand, charges for willful doings are up to five million dollars. In addition to penalties, CEOs and CFOs can be imprisoned for up to ten to twenty years based on the evidence presented.
HIPAA is an act concerning health insurance portability & accountability. HIPAA is applied to service providers dealing with health care departments. The act also equally applies to health care associates. If service providers are unable to meet the demands of HIPAA Act, they will be fined severe penalties. Health care providers are castigated when they ignore standard of HIPAA. In such cases, the Secretary has the right to charge $100-$50,000 for each violation, up to a maximum of $1.5 million for identical provisions during a calendar year.
Another important part of HIPAA is its relation to personal health information (PHI). When sensitive information such as PHI of patients is disclosed, health care providers are penalized for their carelessness. In case this infringement is willful, up to $50,000 penalty, with a year imprisonment or both is imposed on the wrong doer. Conversely, if the violation is done with false pretences, an amount of $100,000 is imposed, with five years imprisonment or both. However, if such violation is for to get commercial benefits, a fine up to $250,000, with 10 years of imprisonment or both is imposed.
Punishments related to PCI-DSS and data protection act impose charges of up to $500,000 for data breaches. Non-compliant companies not only get charged fines, but also have to face long lasting penalties, such as credit card activity shut down, loss of business, staff cost during recovery process, detailed and increased audit requirements, charges of printing clients’ notification, printing costs, emailing costs, as well as loss of clients’ trust.
Controllers of non-compliant data are also punished by Data Protection Act. They are required to get registration and follow data protection act to become qualified for processing sensitive information of customers. If data controllers do not get registration, they can face litigation and penalties. On the other hand, data controllers and agents who misuse personal client information in other ways that are not mentioned in the act, they could be charged under the civil or criminal act sanctions.
In short, non compliance can be terrible and costly for companies.