Numerous laws and regulations directly affect data security, traceability and archiving in a company and affect the responsibility of the managers.
Confidentiality
Confidentiality
In France, the meaning of confidentiality is defined by article 17.1 of the law “Informatique et Liberté”. This little known aspect connected with “Sécurité du traitement” touches on the actual responsibility of managers if information confidentiality is not respected.
Data encryption and access control solutions (based on user authentication) constitutes a satisfactory technical response.
Archiving
Traditional document archiving is gradually being replaced by electronic archiving systems.
There is no law imposing electronic document archiving, but the law states that a document in electronic form may be admitted as evidence or cancellation of a right or an obligation, in the same way as a written document.
As proof, particularly in a fiscal or legal situation, it is therefore imperative to archive securely vital company electronic data (documents, accounting reports, data exchanges, etc.).
Traceability
Solutions allowing traceability of information flow and access to data meet the requirements of the numerous rules governing such actions:
- The Sarbanes Oxley Act applies to companies registered in the USA, their branches and their sub-contractors and regulates the accuracy and availability of information (Section 404 / Audit and Section 802 / Archiving).
- The “Loi de sécurité financière” (Loi LSF) requires the Chairman of the Board of Directors to set up an internal control audited by external auditors. The external auditors are obliged to verify the processing of financial and accounting information.
