Don’t Panic, It’s Only Sarbanes-Oxley


      Bookmark and Share

BEST PRACTICES SERIES

For decades, the econtent world had been rather unaffected by changes in laws and regulations—at least in the U.S. Mostly, it's been business as usual…but no more. In recent years, a slew of actions mean content producers and consuming organizations alike face fresh challenges…and opportunities. For some companies, the new laws have produced an overreaction of panic and fear. Sure, landmark regulation such as Tasini, Sarbanes-Oxley, The Patriot Act and Regulation Fair Disclosure raise critical issues and you need to be prepared. But beware: The fly-by-nights and the dregs of the econtent business are ready to prey on your fears.

Several years ago, our industry grappled with the landmark case of Tasini et al. v. The New York Times et al. The lawsuit, brought by members of the National Writers Union, charged copyright violation around the electronic re-use of work produced and sold on a freelance basis. Writers complained that their work sold to one publication was appearing in econtent databases like LexisNexis without any additional payment or purchase of electronic rights.

Tasini panicked many econtent professionals. Primary publishers worried about the stories they sold for electronic databases; aggregators and syndicators feared for their livelihood; and consuming organizations wondered if they could continue to rely on services they enjoyed. Lawyers were called and conferences organized.

Of course the Tasini case is important. Those of us who scribble magazine articles are now paid for the electronic versions under a separate clause in our agreements. That's a good thing. I'd argue that one of the most important lessons our industry learned was that the original panic of Tasini was overblown. But now organizations are forgetting those lessons and some are succumbing to pressure around new rules and regulations.

The Sarbanes-Oxley Act of 2002 was passed in response to the accounting scandals of companies such as Enron and WorldCom. The Act includes requirements for public companies (as well as those who aspire to be public) and the deadlines for compliance are upon us. Provisions of Sarbanes-Oxley include Section 404, requiring various internal controls and procedures for financial reporting such as the retention of documents (including email). Corporations must document their internal management controls, and the company's independent auditor must sign off on their effectiveness.

Section 301, the so-called "Whistleblower Provision" of Sarbanes-Oxley requires companies to have a secure and anonymous system for employees to report fraud and other questionable practices to the company's audit committee.

Many CIOs are saying: "Holy Cow! We've got to do that? And it must be operational now? HELP!" Enter any number of upstart econtent companies offering turnkey solutions to the unsuspecting and the distressed. A Google search implies there must be close to 100 companies offering Sarbanes-Oxley services. Sure, many new companies may be good and their services effective. But it's highly likely that many won't be around for the long run, so be careful before you sign up. Established vendors are carefully considering if their services comply with the new regulations. If you're one of them, please tell your existing clients so you can put them at ease.

CIOs and those charged with looking after public company information infrastructures should take a deep breath and evaluate where they already are in terms of compliance. Before bringing in a new Sarbanes-Oxley compliant service, quiz existing providers to see if they can help. Vendors including Oracle, IBM, Documentum, SAP, and PeopleSoft have all announced solutions for Section 404 compliance while Investor Relations leaders including Thomson and Shareholder.com are providing turnkey Whistleblower Hotlines for Section 301 compliance.

The Sarbanes-Oxley threat might best be viewed as a mini version of Y2K. Of course it's important to get right. Check with your auditors and legal counsel for best practices. Evaluate and work with your existing vendors early and be wary of too-good-to-be-true quick fixes from brand new start-ups.

We're not done yet. New bills that are working their way through the U.S. Congress point towards additional turmoil on the horizon. A good example is proposed legislation called the Database and Collections of Information Misappropriation Act, covering the production of databases of factual information. Congress is looking at stronger copyright protection for collections of factual data such as directories. As database producers apply more technology to their products, the facts become less important than how they are organized and presented and therefore should fall under copyright protection. Sounds logical to me. Of course, many readers of this publication, both producers and consumers, are affected by this proposed legislation. Don't panic: If you're prepared and do your research it should be no trouble to comply.