Monday, 5 May 2008

The Impact of US law in .AU

The Gramm-Leach-Bliley Act[1], the Sarbanes-Oxley Act[2], and the USA PATRIOT Act[3] have an effect on security administration within Australia for a number of reasons. The least of which is that many multinational firms with Australian and US foundations are subject to the number of US jurisdictional controls.

Gramm-Leach-Bliley Act has effect due to its impact on the international financial community. Not only banks and financial institutions based in the US are impacted, but those institutions which wish to deal with the US are also included in this net. Due to the size of the US economy, this legislation has to at least a limited extent impacted security administration of all Australian financial institutions.

Sections 302 and 404 of the Sarbanes-Oxley Act (not to mention Sections 802, 1102 and others)have an impact which covers multinational firms. This act effects of financial regulations of not only US companies but any that raise funds through the US. Such means would be a U.S.-based institutional bond raising or issue.

The USA PATRIOT Act again has some influence, but to a limited extent. As many telecommunications companies, health care companies and defense contractors (just to name a few examples) deal extensively with the US, they are impacted by this legislation.

Lastly, through international trade agreements and government alliance, the advance of these legislative instruments has a political effect within Australia. The promotion of these Acts has resulted in similar changes to Australian legislation. Changes to the evidence act, antiterrorism laws and accounting changes such as ASSB and “force of law” auditing standards have resulted from a direct international influence.

Although these rules have created compliance concerns, in many instances they have done little to promote increased computer security. Their focus on selected areas such as financial data and privacy has created or promoted many gaps within the other areas of an organisation's control structure. In some cases and to the ideal the advancement of computer security has been achieved. However, for the most part the addition of a compliance regime has created an industry of tick-box will it is more concerned with the letter of the law then the intent.

[1] Gramm-Leach-Bliley Act 15 USC, http://www.ftc.gov/privacy/glbact/glbsub1.htm
[2] Sarbanes-Oxley Act 2002 http://www.legalarchiver.org/soa.htm
[3] The Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001 (Public Law 107-56), commonly known as the USA PATRIOT Act or simply the Patriot Act, http://thomas.loc.gov/cgi-bin/bdquery/z?d107:HR03162:%5D

No comments: