Deloitte LLP   Deloitte LLP
Global > United Kingdom > News room > News releases    
UK companies ill-prepared for electronic data requests
Only 29% of companies know where their corporate data is held
Published: 26/10/07
Contact: Pamela Shabi
Deloitte
PR manager
+44 20 7303 0587

Deloitte, the business advisory firm, in association with Legal Week Intelligence has produced the first information risk benchmarking survey. The findings of the survey revealed that a worrying number of companies are not sufficiently prepared for a regulatory request for their electronic data.

Only 29% of corporate counsel who responded to the survey said they were fully aware of where their company’s corporate data was held, in the event that the regulator asked for it.  Sixty-six percent were ‘reasonably’ aware of where it was held, while 5% said they did not know.  The figures are particularly surprising amongst larger companies.  Only 20% of respondents at companies with a turnover of £1bn to £3bn were confident they were fully aware of where corporate data was held.

The survey of over 100 UK companies found that only 35% were confident that the risk of not having a robust internal process for the management of electronic data was fully appreciated at board level. Whilst 72% of respondents describe the risk as high or significant, 56% of the companies surveyed cited that there was nobody on the board with responsibility for electronic disclosure requests.

The rise of corporate data stored electronically and increased scrutiny of this data by regulatory bodies means that companies must address the challenge of how to review and disclose electronically stored information or face financial penalties and reputation risk. The penalties involved can run into millions of pounds for companies and the time frame for producing and storing electronic information depends on the regulatory body. Alleged price fixing and alleged financial irregularities are examples of activities that may trigger a regulatory request for electronically stored information.

In addition, more companies now have commercial interests in the US which mean additional legislation has to be observed. Of those surveyed, 47% have such interests, 89% of which admitting that this interest lent itself to the scrutiny of US regulators. US legislation would include acts such as the Foreign Corrupt Practices Act (FCPA) and The Sarbanes-Oxley Act 2002 which requires organisations to keep electronic business records for five years after an audit.

Commenting on the survey, Kelvin McGregor-Alcorn, Director in the Forensic and Dispute Services team at Deloitte, said: “When it comes to the reality of what companies have to produce, and the time and format they have to produce it in, they tend not to have a grasp of the breadth and depth of power of regulatory bodies.”

“There is a naivety on the Board that management of electronic data will be dealt with properly and efficiently and often an assumption made that the board will know all about it. Another assumption is that companies can conduct their own investigations. Regulators simply do not allow this. ”

Concluding on the results of the survey, Alcorn added: “A robust regulatory response process has to put a company into the position where it can answer basic questions about its corporate data – Where is it? What format is it in? Who is responsible for it at board level? The results of this survey indicate that the majority of corporates are not yet in this position”.


- Ends-

Notes to editor

About the Deloitte/Legal Week Information Risk Benchmarking Survey
Demographics of surveyed UK companies:
Annual Turnover

  • 34% over £3bn, 14% between £1bn and £3bn, 11% between £500m and £1bn and 16% between £100m and £500m and 25% have up to £100m

Industry sector

  • 24% in finance/banking, 18% in professional services, 10% in manufacturing, 9% in technology, 8% in transport, 6% in utilities, 5% in retail, 5% in media, 4% in natural resources, 4% in telecoms and 7% other sectors


About Deloitte
In this press release references to Deloitte are references to Deloitte & Touche LLP, which is among the country's leading professional services firms.  Deloitte & Touche LLP is the United Kingdom member firm of Deloitte Touche Tohmatsu ("DTT"), a Swiss Verein whose member firms are separate and independent legal entities.  Neither DTT nor any of its member firms has any liability for each other's acts or omissions.  Services are provided by member firms or their subsidiaries and not by DTT.  Deloitte & Touche LLP is authorised and regulated by the Financial Services Authority
Contact us for more information
 
Page Last Updated: 15 November 2007
Source: Deloitte LLP - United Kingdom (English)

Print This Page    Email To A Colleague
  Security | Legal | Privacy    

© 2009 Deloitte LLP. All rights reserved. Deloitte refers to one or more of Deloitte Touche Tohmatsu, a Swiss Verein, and its network of member firms, each of which is a legally separate and independent entity.

Please see About Deloitte for a detailed description of the legal structure of Deloitte Touche Tohmatsu and its Member Firms.

Email alertsMobile
Bookmark   (What's this?)