Forces for regulatory change –examining the rise of the compliance colossus Anthony Wong ICT Counsel, Aequitas Attorneys L...
Introduction <ul><li>Origins of the corporate form  </li></ul><ul><li>Incorporation creates a legal persona </li></ul><ul>...
Regulation is Industry & Jurisdiction specific <ul><li>No simple universal formula for governance rules, regulation  and p...
Regulation is Industry & Jurisdiction specific <ul><li>US approach tends to be prescriptive and rules-based </li></ul><ul>...
Set of Governance Principles for federal government agencies created by the Information Management Strategy Committee (IMS...
Regulation is Industry & Jurisdiction specific <ul><li>The two common themes that run through these regulations are: </li>...
Corporate Governance  <ul><li>Self regulation has been undermined by recent collapses in US: Enron and WorldCom and in Eur...
Corporate Governance  <ul><li>Technology is now so pervasive and critical to the execution and delivery of many organisati...
Corporate Governance > IT Governance  <ul><li>Definition of IT Governance is more than: </li></ul><ul><ul><li>ensuring a r...
Corporate Governance > IT Governance > IT Compliance <ul><li>Definition of IT Governance includes: </li></ul><ul><li>Compl...
<ul><li>IT Governance an integral  and essential part of </li></ul><ul><li>Corporate Governance </li></ul>IT Compliance an...
Some Key Observations <ul><li>The challenge for CIOs is no longer just to keep the IT systems running but to ensure that e...
Some Key Observations <ul><li>In many instances, using IT solutions may be the only way an organisation can meet regulator...
IT plays a major role in: <ul><li>Internal Controls on Financial Reporting & Disclosure for companies </li></ul><ul><li>Op...
Internal Controls on Financial Reporting & Disclosure <ul><li>US Sarbanes Oxley Act 2002 </li></ul><ul><li>Corporations Ac...
US Sarbanes-Oxley Act 2002 (SOX) <ul><li>Act was passed by US Congress July 2002 to restore investor confidence in compani...
1 st  CEO and CIO charged under SOX <ul><li>CEO Richard Scrushy, HealthSouth Corporation was indicted on more than 85 coun...
US Sarbanes-Oxley Act 2002 (SOX) <ul><li>Section 404:  Evaluation (governance, measurement and recordkeeping)  which deals...
The importance of IT in the Design, Implementation and Sustainability of internal control over finanical reporting and dis...
What are some of the IT controls required? <ul><li>Mapping the IT systems that support internal control and the financial ...
Corporate Law Economic Reform Program (CLERP 9)   <ul><li>Corporate Law Economic Reform Program (Audit Reform and Corporat...
Corporate Law Economic Reform Program (CLERP 9)   <ul><li>Section 295A: requires CEO/CFO sign off; that the financial reco...
ASX  –  Principles of Good Corporate Governance <ul><li>Contain 10 core principles and practice recommendations </li></ul>...
Operational Risks in the Banking Sector <ul><li>Basel II or “New Basel Capital Accord” covers three type of risks – credit...
Basel II  –  APRA Implementation <ul><li>“ Operational risks” broadly defined as “The risk of loss resulting from inadequa...
Basel II  –  APRA Implementation <ul><li>National Australia Bank have survived significant operational risk events recentl...
Basel II  –  APRA Implementation <ul><li>One of the key IT implications is the collection and management of historical dat...
Basel II  –  APRA Implementation <ul><li>Improving IT Risk Management:  taking risk out of the IT component as problems in...
Protection of Electronic Information <ul><li>The increased efficiency, capacity of computers and the interconnectivity of ...
Protection of Electronic Information From Unauthorised  Access From Unauthorised  Use & Disclosure From Interception From ...
Impact of the Misuse of Electronically Stored Information Has a range of consequences that depends on the sensitivity and ...
Protection of Electronic Information Using Privacy Laws Using Technical & Physical Means Using Common Law Using  Copyright...
Protection of Electronic Information Using Technical & Physical Means IT Governance Compliance & Risk Management
Guidance to Australian Government agencies on protecting their information systems Australian Communications Electronic Se...
Protection of Electronic Information Using Privacy Laws IT Governance Compliance & Risk Management
JetBlue Airways Corporation and Acxiom Corporation <ul><li>JetBlue and Acxiom disclosed 5 million passenger records to a m...
Privacy Compliance <ul><li>The Privacy Act 1988 (Cth) sets out 11 Information Privacy Principles (IPPs) protects privacy o...
Privacy Compliance <ul><li>There are 10 National Privacy Principles (NPPs) of application in the private sector. The follo...
Other Privacy laws including: Applies personal privacy to the public sector in NSW Privacy and Personal Information Act 19...
Other Privacy laws including: Regulates data matching between particular Federal departments eg. Tax Office and Social Sec...
Industry Privacy Codes: <ul><li>The NPPs set the baseline standards for privacy protection </li></ul><ul><li>Organisations...
Industry Privacy Codes: Protects customer privacy by contract as adjunct to the banker-customer relationship Code of Banki...
Cybercrime <ul><li>There are at least 13 Federal Acts which have some relevance to cybercrime </li></ul><ul><li>States and...
Cybercrime <ul><li>Generally, the Australian provisions make it an offence for a person to do or attempt to do the followi...
Spam Act 2003 <ul><li>Australian Spam Act 2003 came into effect 11 April </li></ul><ul><li>An article covering “The impact...
Records Retention & Managment <ul><li>Records Retention and Management </li></ul><ul><ul><li>State and Commonwealth Archiv...
Other IT related Compliance Legislation <ul><li>Electronic Transactions Act 1999 </li></ul><ul><li>Trade Practices legisla...
Thank you Anthony Wong ICT Counsel Aequitas Attorneys
Upcoming SlideShare
Loading in …5
×

Session One Forces For Regulatory Change Anthony Wong

506 views

Published on

Forces for Regulatory Change

Published in: Business, Economy & Finance
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
506
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • Session One Forces For Regulatory Change Anthony Wong

    1. 1. Forces for regulatory change –examining the rise of the compliance colossus Anthony Wong ICT Counsel, Aequitas Attorneys LLB, LLM (Technology), BSc (Computer Science), MACS email: [email_address] This presentation is intended to provide a summary of the subject matter covered. It does not purport to render legal advice. Professional advice should be sought before applying the information to specific circumstances. Opening Presentation IntegrIT 2005 26 May 2005
    2. 2. Introduction <ul><li>Origins of the corporate form </li></ul><ul><li>Incorporation creates a legal persona </li></ul><ul><li>Unlike a natural person, a company relies on corporate actors to carry out and manage the operations of the company </li></ul><ul><li>Regulators going behind the “Corporate Veil” to protect investors and employees from unscrupulous management </li></ul>
    3. 3. Regulation is Industry & Jurisdiction specific <ul><li>No simple universal formula for governance rules, regulation and practices </li></ul><ul><li>Differs between countries </li></ul><ul><li>Sources include statute law and case law </li></ul><ul><li>Includes duties of directors </li></ul><ul><li>Australian companies need to adhere to a complex network of compliance rules and regulations </li></ul><ul><li>Which are designed to fulfil specific roles in a given industry and sector </li></ul>
    4. 4. Regulation is Industry & Jurisdiction specific <ul><li>US approach tends to be prescriptive and rules-based </li></ul><ul><li>Australia has relied on a principles approach using a mixture of hard law-regulation, self regulation and soft laws </li></ul><ul><li>Numerous soft laws – standards, guidelines and collections of best practices are available to best assist IT Compliance of organizations </li></ul>
    5. 5. Set of Governance Principles for federal government agencies created by the Information Management Strategy Committee (IMSC) supported by the CIO Committee (CIOC) Australian Government Use of Information and Communications Technology: A New Governance and Investment Framework report Implemented by Australia as a member of OECD OECD Corporate Governance Principles 2004 Compliance Programs AS 3806 Corporate Governance of ICT AS 8015 Corporate Governance Standards Set AS 8000 Scope Standards & Principles
    6. 6. Regulation is Industry & Jurisdiction specific <ul><li>The two common themes that run through these regulations are: </li></ul><ul><ul><li>Accuracy, Transparency and Reliability of information or data </li></ul></ul><ul><ul><li>Processes </li></ul></ul><ul><li>Presentation is not intended to raise every statutory and common law provision that could apply in a given situation </li></ul><ul><li>Focus here is only on the regulatory sections which are of particular relevance to IT Compliance </li></ul>
    7. 7. Corporate Governance <ul><li>Self regulation has been undermined by recent collapses in US: Enron and WorldCom and in Europe Parmalat </li></ul><ul><li>To restore shareholder and investor confidence, regulators worldwide have reacted by introducing a profusion of legislation and regulation </li></ul><ul><li>US Sarbanes Oxley Act 2002 have implications in other economies and nations </li></ul><ul><li>With impacts on related groups of companies in different countries </li></ul><ul><li>Australia is not immune with corporate collapses including One.Tel, Ansett and HIH </li></ul>
    8. 8. Corporate Governance <ul><li>Technology is now so pervasive and critical to the execution and delivery of many organisations’ product and services </li></ul><ul><li>Organisations are becoming more reliant on IT even for the most basic business functions </li></ul><ul><li>Few businesses can exist effectively and competitively today without an effectively managed IT environment </li></ul>
    9. 9. Corporate Governance > IT Governance <ul><li>Definition of IT Governance is more than: </li></ul><ul><ul><li>ensuring a return on IT investments </li></ul></ul><ul><ul><li>the strategic alignment of IT with business </li></ul></ul><ul><ul><li>performance of IT projects </li></ul></ul><ul><ul><li>identification and management of IT risks </li></ul></ul><ul><ul><li>IT resource management </li></ul></ul>
    10. 10. Corporate Governance > IT Governance > IT Compliance <ul><li>Definition of IT Governance includes: </li></ul><ul><li>Compliance of the increasing varieties of IT related legislation and regulations which are paramount to achieve IT Governance </li></ul>
    11. 11. <ul><li>IT Governance an integral and essential part of </li></ul><ul><li>Corporate Governance </li></ul>IT Compliance an aspect of
    12. 12. Some Key Observations <ul><li>The challenge for CIOs is no longer just to keep the IT systems running but to ensure that every piece of business information is maintain with integrity and transparency </li></ul><ul><li>Executives who initially view compliance as a business/ finance issue are recognising that it is also an IT systems issue </li></ul><ul><li>It is not “just an auditor’s problem” but impacts the whole of the organisation as IT is now so pervasive and critical to the competitive success and survival in the business environment </li></ul><ul><li>C-suite executives - CEOs, CFOs, COOs, CIOs, board members, directors, officers, staff, accountants, auditors all have roles to play </li></ul>
    13. 13. Some Key Observations <ul><li>In many instances, using IT solutions may be the only way an organisation can meet regulatory and legal compliance cutting the risks of error rather than relying on manual processes </li></ul><ul><li>IT professionals will need to develop: </li></ul><ul><ul><li>a solid understanding of proper control theory and structure </li></ul></ul><ul><ul><li>an ongoing risk assessment process in IT management </li></ul></ul><ul><ul><li>and bringing business and IT practices and processes into a cohesive whole! </li></ul></ul><ul><li>It is a myth that there is a IT “solution” to compliance out-of-a-box </li></ul>
    14. 14. IT plays a major role in: <ul><li>Internal Controls on Financial Reporting & Disclosure for companies </li></ul><ul><li>Operational Risks in the Banking Sector </li></ul><ul><li>Protection of Electronic Information </li></ul><ul><ul><li>Security Management </li></ul></ul><ul><ul><li>Privacy </li></ul></ul><ul><ul><li>Cybercrime and Spam </li></ul></ul><ul><ul><li>Records Retention & Management </li></ul></ul><ul><li>Other IT related Compliance legislation </li></ul>
    15. 15. Internal Controls on Financial Reporting & Disclosure <ul><li>US Sarbanes Oxley Act 2002 </li></ul><ul><li>Corporations Act 2001 (CLERP 9) </li></ul><ul><li>Australian Stock Exchange (ASX) Listing Rules & ASX Corporate Governance Principles </li></ul><ul><li>Statements of Accounting Practice </li></ul><ul><li>Financial Services Reform Act (FSRA) e-Compliance hub </li></ul><ul><li>Investment and Financial Services Association (IFSA) Guidelines on Corporate Governance </li></ul>
    16. 16. US Sarbanes-Oxley Act 2002 (SOX) <ul><li>Act was passed by US Congress July 2002 to restore investor confidence in companies registered with the US Securities and Exchange Commission (SEC) after a series of business scandals and lapses in corporate governance </li></ul><ul><li>Applies to US subsidiaries operating in Australia and also Australian companies listed in the US </li></ul><ul><li>Penalty for non-compliance is not just significant fines – it is jail time! </li></ul>
    17. 17. 1 st CEO and CIO charged under SOX <ul><li>CEO Richard Scrushy, HealthSouth Corporation was indicted on more than 85 counts that include fraud and signing off on false corporate statements that overstated earnings by at least US$1.4 billion </li></ul><ul><li>CIO Kenneth Livesay has pleaded guilty </li></ul>
    18. 18. US Sarbanes-Oxley Act 2002 (SOX) <ul><li>Section 404: Evaluation (governance, measurement and recordkeeping) which deals with management’s assertion regarding the operating effectiveness of its internal control over financial reporting </li></ul><ul><li>Section 302: Control (internal controls) requires CEO/CFO to do more than simply pledge that the company’s finances are correct; they have to vouch for the processes used to add up the numbers; personally sign off on the financial statement </li></ul><ul><li>Section 409: Disclosure (reporting and certification) requires “rapid and current” disclosure of material changes to the internal control structure or financial condition </li></ul>
    19. 19. The importance of IT in the Design, Implementation and Sustainability of internal control over finanical reporting and disclosure <ul><li>Impact on the IT department is immense as material change in operational state of the organisation has to be reported in a timely manner </li></ul><ul><li>IT is inherently tied to the manner in which accounting transactions are initiated, recorded, processed and reported </li></ul><ul><li>IT is crucial to establish, evaluate and monitor the effectiveness of internal control over financial reporting </li></ul><ul><li>Act demands a greater transparency not only in reporting financial figures but also showing how these figures were arrive – the audit trail </li></ul><ul><li>It demands ongoing risk measurement process into IT management activities </li></ul>
    20. 20. What are some of the IT controls required? <ul><li>Mapping the IT systems that support internal control and the financial reporting process to the financial statements </li></ul><ul><li>Ensuring that IT controls are updated and changed to correspond with changes in internal control of financial reporting processes </li></ul><ul><li>A key control objective is the authorisation and safeguarding of assets and access to IT systems to ensure security, confidentiality and privacy </li></ul><ul><li>Possible IT control methodologies and framework: </li></ul><ul><ul><li>Control Objectives for Information and related Technology (COBIT®) </li></ul></ul><ul><ul><li>Information Technology Infrastructure Library (ITIL) </li></ul></ul>
    21. 21. Corporate Law Economic Reform Program (CLERP 9) <ul><li>Corporate Law Economic Reform Program (Audit Reform and Corporate Disclosure) Act 2004 (CLERP 9) became law on 1 July 2004 </li></ul><ul><li>CLERP 9 amends a number of Acts including Corporations Act 2001 </li></ul><ul><li>Introduces significant changes to the regulation of corporate governance in Australia to give effect to reforms aimed at restoring public confidence in corporate Australia </li></ul><ul><li>Australia had already been moving down that direction – not just because of US Sarbanes Oxley Act </li></ul>
    22. 22. Corporate Law Economic Reform Program (CLERP 9) <ul><li>Section 295A: requires CEO/CFO sign off; that the financial records of the listed entity: </li></ul><ul><ul><li>gives a “true and fair view” </li></ul></ul><ul><ul><li>have been properly maintained </li></ul></ul><ul><ul><li>in accordance with applicable laws; and </li></ul></ul><ul><ul><li>complies with Accounting Standards </li></ul></ul><ul><li>CIO parallels the CFO to ensure that technology is in place to support the financial reporting to enable the CEO/CFO to provide declarations </li></ul>
    23. 23. ASX – Principles of Good Corporate Governance <ul><li>Contain 10 core principles and practice recommendations </li></ul><ul><ul><li>Principle 4: Safeguard integrity in financial reporting – have a structure to independently verify and safeguard the integrity of the company’s financial reporting </li></ul></ul><ul><ul><li>Principle 7: Recognise and manage risk – establish a sound system of risk oversight and management and internal control </li></ul></ul><ul><li>Recommendation 7.2: the CEO/CFO to provide written assurance to the board that risk management and internal compliance systems were operating effectively </li></ul>
    24. 24. Operational Risks in the Banking Sector <ul><li>Basel II or “New Basel Capital Accord” covers three type of risks – credit, market and operational risks to ensure a more stable global financial system and greater protection for depositors </li></ul><ul><li>Australian Prudential Regulatory Authority (APRA) is the regulator of the Australian financial services industry </li></ul><ul><li>In Australia, all authorised deposit-taking institutions ( ADIs) will be required to implement the Basel II Framework </li></ul><ul><li>Proposed implementation starting point from year end 2007 </li></ul>
    25. 25. Basel II – APRA Implementation <ul><li>“ Operational risks” broadly defined as “The risk of loss resulting from inadequate or failed internal processes, people and systems, or from external events” </li></ul><ul><li>Operational risk centres around breakdowns in internal controls and corporate governance </li></ul><ul><li>Such breakdowns can lead to financial loss through error (manual or IT) and fraud, or cause the interests of the bank to be compromised, through staff exceeding their authority </li></ul><ul><li>Some of the other events that could lead to operation risk include: </li></ul><ul><ul><li>Damage to physical assets </li></ul></ul><ul><ul><li>Business disruption </li></ul></ul><ul><ul><li>Legal risks </li></ul></ul><ul><ul><li>Events and security </li></ul></ul><ul><ul><li>Transaction risk </li></ul></ul>
    26. 26. Basel II – APRA Implementation <ul><li>National Australia Bank have survived significant operational risk events recently with foreign currency losses of $360 million but the events have been quite damaging to the bank, as well as resulting in significant loss to shareholders </li></ul><ul><li>Others like Barings have not been so lucky </li></ul><ul><li>Improvements in technology have allowed banks to better identify, measure and manage operational risks </li></ul>
    27. 27. Basel II – APRA Implementation <ul><li>One of the key IT implications is the collection and management of historical data required to implement Basel II </li></ul><ul><li>Historical data will have to be pooled from disparate systems, cleaned and stored in a central repository to be used by a system with the updated risk model </li></ul>
    28. 28. Basel II – APRA Implementation <ul><li>Improving IT Risk Management: taking risk out of the IT component as problems in one can be quickly transmitted to other institutions due to the inter-networking of global financial systems </li></ul><ul><li>Business Continuity Planning: to ensure that the institution can continue to function and meet its obligations – regulatory or otherwise – in the event of a disruption </li></ul><ul><li>AS/NZS 4360  Risk Management Set </li></ul><ul><li>HB 221 Business Continuity Management </li></ul>
    29. 29. Protection of Electronic Information <ul><li>The increased efficiency, capacity of computers and the interconnectivity of computer systems especially with the Internet has allowed easier access to electronic information </li></ul><ul><li>Electronic information is now pervasive if not vital for the essential operation of a modern day organisation </li></ul><ul><li>CIO has increasing accountability for integrity and consistency of information within the organisation </li></ul><ul><li>To secure information effectively, it needs to be secured from all perceivable threats </li></ul>
    30. 30. Protection of Electronic Information From Unauthorised Access From Unauthorised Use & Disclosure From Interception From Piracy & Copying From Unauthorised Modification (alteration, deletion or addition)
    31. 31. Impact of the Misuse of Electronically Stored Information Has a range of consequences that depends on the sensitivity and nature of the information
    32. 32. Protection of Electronic Information Using Privacy Laws Using Technical & Physical Means Using Common Law Using Copyright & Other IP Legislation Using Spam & Cybercrime Laws
    33. 33. Protection of Electronic Information Using Technical & Physical Means IT Governance Compliance & Risk Management
    34. 34. Guidance to Australian Government agencies on protecting their information systems Australian Communications Electronic Security Instruction 33 by the Defence Signals Directorate Commonwealth protective security policies, principles, standards and procedures Protective Security Manual issued by the Attorney-General's Department Information Security Management Information security risk management guidelines AS 7799 HB231 Guidelines for the management of IT Security AS ISO/IEC 13335 Code of practice for information security management AS/NZS ISO/IEC 17799 Scope Security Management Standards (not exhaustive)
    35. 35. Protection of Electronic Information Using Privacy Laws IT Governance Compliance & Risk Management
    36. 36. JetBlue Airways Corporation and Acxiom Corporation <ul><li>JetBlue and Acxiom disclosed 5 million passenger records to a military contractor at the request of the US Department of Defense without the knowledge or consent of the affected passengers </li></ul><ul><li>Military contractor specializes in information mining and developed pattern recognition technology </li></ul><ul><li>Prior to September 2002, military contractor was hired to determine how information might be analyzed for an antiterrorism study to track high-risk passengers or suspected terrorists </li></ul><ul><li>JetBlue faces class-action lawsuits filed by outraged customers </li></ul><ul><li>CIO had unwittingly assumed the role of privacy compliance </li></ul><ul><li>One of the lessons learned: CIOs would be wise to play a central role in the proactive shaping and enforcing of data privacy policies as guardians of data </li></ul>
    37. 37. Privacy Compliance <ul><li>The Privacy Act 1988 (Cth) sets out 11 Information Privacy Principles (IPPs) protects privacy of person dealing with the Federal Government </li></ul><ul><li>It has also been extended to regulate the way private sector organisations can collect, use, keep secure and disclose personal information stored whether electronic or not </li></ul><ul><li>It only protects “Personal Information” and NOT Commercial Information </li></ul>
    38. 38. Privacy Compliance <ul><li>There are 10 National Privacy Principles (NPPs) of application in the private sector. The following are more pertinent to the “Protection of Electronic Information”: </li></ul><ul><ul><li>NPP2 – the use and disclosure of personal information </li></ul></ul><ul><ul><li>NPP 4 – data security; where reasonable steps to protect personal information from misuse and loss and unauthorised access, modification or disclosure </li></ul></ul><ul><ul><li>NPP 7 – prohibit the use of Federal government identifiers in the private sector eg. Tax File Number </li></ul></ul><ul><ul><li>NPP9 – the transfer of data to another country </li></ul></ul><ul><ul><li>NPP 10 – the use and disclosure of sensitive information (about individual racial, political or religious beliefs, health, membership etc) </li></ul></ul>
    39. 39. Other Privacy laws including: Applies personal privacy to the public sector in NSW Privacy and Personal Information Act 1998 (NSW) Where telecommunications service providers are required to maintain confidentiality ( eg. ISPs in relation to internet logs of access to websites and time of access, copy of web contents accessed) where disclosure may be permitted with a subpoena Telecommunications Act 1991 (Fed) – Part 13 Protects privacy by prohibiting interception of communications passing over telecommunications systems. Interception may be permitted under warrant issued to eg. Police and ASIO Telecommunications (Interception) Act 1979 (Fed)
    40. 40. Other Privacy laws including: Regulates data matching between particular Federal departments eg. Tax Office and Social Security Data-Matching Program (Assistance and Tax) Act 1990 (Fed) Governs the handling of health information in both the public and private sectors in NSW including hospitals doctors, and other health care organisations Health Records and Information Privacy Act 2002 (NSW) Covers privacy of personal information collected from Health Medicare claims and Pharmaceutical benefits National Health Act 1953 (Fed)
    41. 41. Industry Privacy Codes: <ul><li>The NPPs set the baseline standards for privacy protection </li></ul><ul><li>Organisations can create their own codes </li></ul>For participants in Communications Industry Protection of Personal Information of Customers of Telecommunications Providers Code of Practice (PPIC) For the Internet Industry Internet Industry Association (IIA) Provisions Code of Conduct
    42. 42. Industry Privacy Codes: Protects customer privacy by contract as adjunct to the banker-customer relationship Code of Banking Practice Applicable to privacy, security, loss and misuse of smart cards Asia Pacific Smart Card Industry ATM, EFTPOS, telephone or internet banking, credit card, stored value smart cards Electronic Funds Transfer For participants in Direct Marketing Australian Direct Marketing Association Provisions Code of Conduct
    43. 43. Cybercrime <ul><li>There are at least 13 Federal Acts which have some relevance to cybercrime </li></ul><ul><li>States and territories have their own legislation which is not uniform, either in offence provision or in penalties </li></ul><ul><li>The State and Territory offences apply within each jurisdiction and Commonwealth offences target unlawful access to Commonwealth computers and data, and offences committed using a telecommunications service or carrier </li></ul><ul><li>The main legislation includes Cybercrime Act 2001 (Federal) and Crimes Amendment (Computer Offences) Act 2001 (NSW) </li></ul>
    44. 44. Cybercrime <ul><li>Generally, the Australian provisions make it an offence for a person to do or attempt to do the following: </li></ul><ul><ul><ul><li>unauthorised access to a computer system </li></ul></ul></ul><ul><ul><ul><li>unauthorised access or modification of data </li></ul></ul></ul><ul><ul><ul><li>impairment of electronic data and communication </li></ul></ul></ul><ul><ul><ul><li>impeding access to computers; and </li></ul></ul></ul><ul><ul><ul><li>possession of data with intent to commit serious offence </li></ul></ul></ul>
    45. 45. Spam Act 2003 <ul><li>Australian Spam Act 2003 came into effect 11 April </li></ul><ul><li>An article covering “The impact of Australia's anti-spam legislation” is available from the ZDnet website on http://www.zdnet.com.au/insight/business/0,39023749,39116020,00.htm </li></ul>
    46. 46. Records Retention & Managment <ul><li>Records Retention and Management </li></ul><ul><ul><li>State and Commonwealth Archives Acts </li></ul></ul><ul><ul><li>AS ISO 15489 - Records Management Standard </li></ul></ul><ul><ul><li>State and Commonwealth Evidence Acts </li></ul></ul><ul><ul><li>Freedom of Information legislation </li></ul></ul><ul><ul><li>Tax Obligations </li></ul></ul><ul><ul><li>Other record retention obligations imposed by various legislation depending on the organisation environment in which it operates </li></ul></ul>
    47. 47. Other IT related Compliance Legislation <ul><li>Electronic Transactions Act 1999 </li></ul><ul><li>Trade Practices legislation (eg. eCommerce & Websites) </li></ul><ul><li>Occupational Health & Safety </li></ul><ul><li>Workplace Surveillance Bill 2005 (NSW) </li></ul><ul><li>Other State and Commonwealth laws </li></ul>
    48. 48. Thank you Anthony Wong ICT Counsel Aequitas Attorneys

    ×