Compliance with
data protection laws is one of the biggest challenges facing
multinational companies because of inconsistencies in legal
frameworks around the world, says mail management company
Pitney Bowes.
The company has taken three years to develop a global risk
management programme to deal with the differences and conflicts
between data protection laws in about 30 countries.
Andy Harper, vice-president risk management, said Pitney Bowes
tracks compliance of all its offices with local and
international data protection laws, as well as regulations on
finance, business continuity, health and safety and insurance.
"This is an extremely difficult and expensive exercise, but it
has to be done because any failure to comply with data regulations
can have a significantly detrimental effect," he said.
Harper will tell next week's annual
international
data protection conference in Cambridge, hosted by
consultancyPrivacy Laws & Business, that good
governance structures are the key to success.
"Having these structures in place is the only way of being sure
management is aware of their responsibilities and that these
responsibilities are being met," he added.
Pitney Bowes has a comprehensive set of local, regional and
international governance groups to train and monitor staff,
including a data protection officer for each country.
The officers advise the company's US-based IT administration
department, which centrally manages the IT systems and IT-related
codes of practice aimed at protecting data.
"I would appeal to international regulators to work towards
achieving a greater consistency between data protection laws to
make compliance easier for multinational companies," said
Harper.
He suggested it would be useful, for example, if companies could
submit one data protection compliance strategy document that would
be accepted by across Europe without having to go through the
approval process with every country in the region.