Are you in compliance?

Don't miss out! Sign up today for our weekly newsletters and stay abreast of important GRC-related information and news.


Status message

Start your free, no obligation 5-day trial to continue exploring with full access.

Data Breaches And SOX: Where Your Worries Are

Dunn Christine | March 6, 2007

In January, retailer TJX Cos. joined the long list of businesses tarred and embarrassed by losing sensitive customer information. One mildly consoling thought for compliance executives: loss of customer data doesn’t really harm the integrity of financial statements, so a breach doesn’t necessarily plunge you into Sarbanes-Oxley difficulties.

Or does it?

Actually, experts say, breaches of customer data can cause companies to trip over the finer points of SOX compliance in at least three ways:

  1. A data breach is considered by many auditors a failure of internal controls that must be reported;
  2. Section 302 requires reporting any act of fraud; a data breach would require that it be included in a company’s annual and quarterly reports;
  3. If a potential fraud would be large enough to have a material effect on the financial statements, that would need to be reported as well.

And if all that weren’t enough...

Read this single article for $49, or click the subscribe button below to review subscription options.

Enjoy unlimited access to thousands of articles, browse five years of digital magazines, qualify for reduced admission to events, and more.