25 January 2006 CIOs have been warned that they must take on the responsibility of dealing with risks arising from new regulations and cannot abdicate responsibility to legal departments.
Too many CIOs behave as technology officers and do not take enough of a lead on legal issues, said Michael Colao, director of information management at banking group Dresdner Kleinwort Wasserstein.
Relying on legal departments to manage corporate exposure to risk from increasing regulation is a wildly optimistic approach, he told delegates at the Effective IT Summit: Legal departments invariably base their approach on local laws, but this is ineffective in a global economy. “My service delivery follows the sun and is not limited to any one country.”
This has transformed local laws, such as the Data Protection Act, into global laws. And even basic definitions – such as how to define a person – can differ from country to country. The Italian equivalent, the Disciplinare Technico, sets rigid standards for password length; if its less than eight characters long, the CIO can face a jail term of three years.
But it doesn’t matter what the law says, but how it’s enforced, said Colao. And this is why the legal department fails, he argued.
Coloa also argued that CIOs can, too often, get caught up in focusing on technology to the detriment of the business. This has created ‘infrastructural gardens’ where vendors dominate the system architecture. CIOs are managing devices and not information, he added.
Coloa criticised corporate IT policies that ban technologies such as iPods and PDAs, arguing that the IT department should be technologically “agnostic”: “If we are there to provide a flow for information, then why does it matter what devices we use?”