Link Search Menu Expand Document
Virtues

Legal and Binding Compliance

urn:js:virtue:aspire:principle:6.1

TL;DR

Data stores must comply with all relevant laws, policies, regulations and standards of good practice regarding the storing, processing, sharing and viewing of data.

Rational

Data stores must comply with all relevant laws, policies, regulations and standards of good practice regarding the storing, processing, sharing and viewing of data.
In addition, the data stores must also comply with any restrictions to data usage that have been imposed by the data supplier via a Service Level Agreement (SLA) and/or Memorandum of Understanding (MoU).

The key drivers are:

  • Compliance is compulsory – There is generally a mandatory requirement to comply with all relevant laws, policies, regulations and standards of good practice.
  • Avoid the consequences – Compliance can be extremely challenging particularly where there are conflicts between opposing requirements – for example, the regulatory requirement to store detailed information versus an individual’s right to anonymity. However, the consequences of noncompliance are severe and therefore should be taken seriously. They are as follows:
    • Investigation by the relevant authorities.
    • Risk of prosecution, claims for damages or other civil proceedings.
    • Incurring fines, penalties and even custodial sentences.
    • Loss of reputation and public confidence.
  • Provides indirect benefits – In addition to avoiding the unpleasant scenarios outlined above, implementing a good compliance approach can also result in the following indirect benefits:
    • Data quality and efficiency improvements.
    • Instils trust in the Sainsbury’s brand.
    • Improvements in general risk management.
    • Getting to “know the customer” better.

Implications

The implications of implementing a robust compliance approach are as follows:

  • Compliance training – Both technical staff and business users must be made aware of the compliance rules and regulations regarding the storage, processing, sharing and viewing of the data.
  • High implementation cost – Implementing the appropriate processes to meet the compliance requirements can be very complex, time consuming and hence costly.
  • Compliance specialists – There may be a need to recruit specialist consultants or provide training for the existing staff.