Recent legislation is having a negative impact on risk management. That was the claim made by Michael Colao, director of Information Management, Dresdner Kleinwort Wasserstein.
Speaking at the Axis Action Forum, sponsored by RSA Security, in Barcelona, Colao’s comments on recent legislation bring into focus the widening gulf between the demands of legislators and the ability of companies to cope with the new regime of compliance, according to RSA.
The need to comply with requirements such as Data Protection, Sarbanes-Oxley, Basel 2 and Governance reports such as Turnbull, have put chief information officers under personal pressure. In many cases, the law has made them legally responsible and Colao says that this may not necessarily be a good thing.
"CIOs are now relying on convoluted processes rather than using sound business judgement based on years of experience. A process is easier to defend in court than personal judgement. This means that in many cases unnecessarily cautious decisions are being taken because the CIO is focusing on their own personal liability, rather than what is best for the business."
Colao cited, as an example, the different implementations of the European Data Protection Directive: "This legislation was brought in as part of the EU common market and was supposed to provide clarity and harmony across Europe. Because each country implements legislation in very different ways, the result is a very fragmented and disjointed approach which causes all sorts of problems, particularly for global organisations." Tim Pickard, strategic marketing of EMEA at RSA Security, said: "The nature of implementation of EU directives in member states means that it is almost impossible for today’s global CIO to be fully compliant and is therefore likely to be breaking the law in at least one member state." For more information, visit
