Company directors will need to ensure their businesses have the right IT systems in place to store and retrieve data to comply with the new Companies Act.
The Companies Act 2006, which will come fully into force by October 2009, sets requirements for directors to ensure that they look after the interests of company shareholders. The retrieval of documents and data is essential for directors to prove this is the case.
The new rules will build on the existing Companies Act 1985, and take into consideration modern electronic communications, which were not widespread when the original act became law.
The act makes it an offence for an officer of a company to destroy, mutilate or falsify company documents. Anyone found guilty could face imprisonment of up to seven years or a fine. This includes IT directors, making the management of digital information a priority.
Geoff Yates, a partner at law firm Addleshaw Goddard, said, "You could be regarded as a shadow director if you influence the board." People with such responsibilities could face the same scrutiny as board-level executives, he said.
Businesses will have to put in place storage and data retention policies, and will need to ensure their computer networks and IT systems are not vulnerable to security attacks that could damage the business and the interests of shareholders.
The quantity of electronic information stored by companies has increased significantly in the 20 years since the 1985 act was introduced. It is important that companies are able to make this information available to auditors, if required.
Dale Vile, managing director at analyst group Freeform Dynamics, said smaller companies could find it hard to retrieve the right information unless their electronic records are managed properly. "Many smaller companies have been quite relaxed in the past about keeping records," he said.
Vile said individual staff often take ownership of data within the company IT systems, such as the sales manager looking after sales data. He said this needs to change. "Someone in the business needs to make charge of data."
Vile said smaller companies should adopt an information life-cycle management plan, which would allow the company to specify how data is retained and stored.
Lars Davies, chief executive at Kalypton, a company specialising in helping businesses meet their compliance obligations, said that a blanket policy on data retention would not be enough to keep the regulators happy.
He said businesses must keep the IT department fully informed so they can prioritise which information to retain. "A vague requirement to 'keep records' or 'make us compliant' is just not good enough. IT directors and managers must insist that they are given the information they need."
Another major change that the act brings is allowing directors to communicate with shareholders electronically.
This means websites will have to be robust and electronic communications with shareholders will need to be secure. Prior to the act, firms could only make official communications to shareholders by post.
Paul Claydon, a partner at law firm Morrison & Foerster, said the challenge for IT directors would be to ensure websites are able to cope with the increased traffic coming from shareholders. "You will want to make your website as robust as possible to cope with the increase in traffic," he said.
An IT failure that prevents shareholders from accessing the company's website would breach shareholder rules, he said.
Tim Jennings, research director at analyst firm Butler Group, said, "There will be a requirement for secure communications with shareholders, which means using encrypted e-mail and digital signatures."
IT directors may need to evaluate the feasibility of providing secure e-mail for shareholders. Jennings said companies will need to extend their document management systems to support the electronic distribution of company documents and reports to shareholders using the Acrobat PDF file format.
● The Companies Act 2006 simplifies the previous 1985 act to clarify director responsibilities.
● Companies will be able to make greater use of electronic communications with shareholders.
● Companies will be required to publish their full registration details, registered office, registration number, e-mail addresses and websites in all correspondence.
● Directors could be imprisoned for as long as seven years and face an unlimited fine for destroying company documents.
● Directors and managers, including IT directors, could be liable if they fail to comply with the act.