Law.com reports today on how the U.S. Federal Trade Commission (FTC) is “imposing a generalized duty to establish information security via the Federal Trade Commission Act.”  Previously, the FTC only prosecuted companies who lied about their data security – those who claimed to have it but really didn’t.  More recently, the FTC has pursued companies whose data security was breached regardless of whether the company made any security claims.  That’s a new development and, depending on your point of view, a potentially disturbing one.
 

    The prior lack of federal oversight has meant that the threat posed by identity and information theft has been addressed through a patchwork of inconsistent state laws.  That was complicated enough and increased the cost of doing business.  “The price of failure can be high,” according to Law.com, “including significant penalties as well as unfavorable press coverage.”
 

     Now business leaders have an extra layer of compliance to deal with, a generalized federal duty to maintain data security.  When read in conjunction with my posting yesterday, it looks like Sarbanes-Oxley has ushered in a new era of legal compliance, one where the spirit of the law becomes as important as the letter of the law.
 

     The February Management Alert issued by the law firm of Seyfarth Shaw calls the January 19, 2006 decision in Smith v. Hewlett Packard part of a disturbing trend that stretches Sarbanes-Oxley (SOX) principles of financial transparancy into the realm of employment discrimination.  Excuse me?  Employment discrimination?  What does that have to do with financial disclosure?

     Under the right circumstances, plenty.  The Administrative Law Judge in the case recognized that SOX protects employees who blow the whistle on fraudulent business conduct.  But instead of limiting the notion of fraud to creative accounting practices, the court adopted a “mean what you say, say what you mean” approach and looked behind the balance sheet processes to the behaviors that generate misrepresentations: 

“Fraudulent disclosures to shareholders about a company’s diversity or opportunities for those within protected classes could very well impact a company’s value on the public market.  Socially responsible investors may move their money upon learning of a company’s discriminatory practices.” 

     When you look at it that way the nexus between these hidden costs and the bottom line becomes clear and the application of SOX whistle blower protections for employees who blow the lid off such deception isn’t as far fetched as it first seemed.  On the contrary, what’s disturbing is the lack of legal literacy that continues to generate needless legal risk, whether in the form of blatant criminal behavior or toothless, albeit superficially, politically correct policies.