Databases and Regulatory Compliance Challenges Research Paper

Download this Research Paper in word format (.doc)

Note: Sample below may appear distorted but all corresponding word document files contain proper formatting

Excerpt from Research Paper:

Databases and Regulatory Compliance Challenges

The advent of technology has increased the popularity of database usage in firms, yet the legislation regulating the field has yet to be finalized. The changing nature of the IT sector, coupled with the legislative traits, creates several situations in which the companies find it difficult to comply with the regulations. This paper recognizes some of those difficulties, and also proposes some solutions.


Regulatory challenges for databases

No sector in the modern day society evolves as rapidly as the technologic domain. And the innovations developed at this level come to impact all aspects of life, from the spending of the leisure time to the completion of the most challenging professional tasks.

The applications of technology within the contemporaneous society are numerous and complex, one specific example in this sense being represented by superior capabilities for data management. The management of the information integrates the multitude of tools and process focused around the collection of information, its adequate usage and storage.

One notable application in the management of information is represented by databases, which are collections of information, preserved and presented so that they are easily accessible to the people needing the information stored in them. The usage of databases has been characterized by some challenges, such as the need to possess high technological skills of the need to respect legal regulations.

At the level of the skills, it is now noticed that the databases have been developed throughout the years and they are now more user friendly; they do not as such limit their usage to people with high technical skills. While this limitation has then been addressed, the challenge raised by compliance with regulations remains still valid. And the main reason for this is represented by the fact that the domain is a novel one, and the laws to regulating it are still uncertain and under continuous development. Furthermore, the database usage and management are focused on intellectual property issues, which have yet to be adequately regulated by the legislations.

2. Databases

In a general formulation, the database is understood as a collection of data, which stores information and the information can be accessed by the people authorized to access the database. According to Margaret Rouse,

"A database is a collection of information that is organized so that it can easily be accessed, managed, and updated. In one view, databases can be classified according to types of content: bibliographic, full-text, numeric, and images" (Rouse, 2006).

From a technological standpoint, databases can be classified based on their purposes within the entity in which they are utilized. For instance, there is the relational database, which is a tabular database that allows the users to reorganize the contained information in any way that is relevant for their queries. Then, there is the distributed database, which is a database that allows its users to disperse it or replicate it among various points in a network. Last, there are the object-oriented programming databases, which are congruent with the features of object oriented programming.

Within the organizational setting, the databases are normally controlled by the managers, who grant access to other employees; the employees usually have the right to retrieve information from the database and to put information in the database. Some examples of information which can be stored in databases include customer profiles, sales levels, product inventories and so on.

While the employees and the managers are essential in the management of the databases, it must also be noted that these individuals are integrant parties in a larger system of database management.

"Databases and database managers are prevalent in large mainframe systems, but are also present in smaller distributed workstation and mid-range systems such as the AS/400 and on personal computers. SQL (Structured Query Language) is a standard language for making interactive queries from and updating a database such as IBM's DB2, Microsoft's SQL Server, and database products from Oracle, Sybase, and Computer Associates" (Rouse, 2006).

Databases are as such complex constructions which help manage information in the modern day society in an effort to attain the pre-established business or non-business related objectives. Still, despite the benefits they generate for the entities, they also raise some notable challenges, viewed mostly at the level of regulations. These will be addressed throughout the following section.

3. Regulatory challenges for databases

Databases are relatively new tools used within the business and non-business communities, and this novelty is also revealed in terms of its regulations. In other words, similar to any other aspect of information technology, the legislation to manage it is still being developed and continually changed. This is due to the fact that not all dimensions of database usage are known, and not all implications are considered by law makers. These efforts are nevertheless occurring and they materialize in an ongoing process of legislative developments.

At this level then, the first regulatory challenge faced by database users is represented by legal uncertainties. For instance, a law regulating the usage of the databases could be ambiguous, as it was unclear for the policy makers how the technological dimensions of database usage are interrelated with the legal aspects. The database users then face uncertainties regarding what is legal and what is illegal in the usage of the database.

Aside from the challenges raised by legal uncertainties, the regulatory challenges also refer to the continually changing nature of the database regulations. As it has been mentioned before, this trend is due to the novelty of the topic and the need to continually research it, identify its dimensions and regulate them. Nevertheless, while this process is justified at the logical level, it also creates some notable shortages for the users of the databases. These include the following:

Uncertainties linked to the emergence of new laws, and the need for the firm to comply with legislations it did not even know existed

The need to implement new and continually changing regulatory compliance aspects, which may lead to operational inefficiencies as more time and resources are allocated to database regulatory compliance, in the detriment of the core activity within the firm

The need to constantly review the legislation and identify new changes, which often materializes in the need to employ -- or at least contract -- a legal specialist. This need also reduces operational efficiency and generates additional expenditures.

Currently, the database usage is regulated by three specific sets of legislations, namely the Sarbanes-Oxley (SOX), the Health Insurance Portability and Accountability Act (HIPAA) and the Gramm-Leach-Bliley Act (GLB). The scope of these legislations is that of protecting information and they essentially seek to attain this goal by instating the need for internal audits that safeguard the integrity, confidentiality, availability and accountability of the data. The table below reveals some of the more notable regulations addressed by the current legislation:


Risk area

Sarbanes-Oxley Section 302

Unauthorized changes to data

Sarbanes-Oxley Section 404

Modification to data, unauthorized access

Sarbanes-Oxley Section 409

Denial of service, unauthorized access

Gramm-Leach-Bliley Act

Unauthorized access, modification, disclosure

HIPAA 164.306

Unauthorized access to data

HIPAA 164.312

Unauthorized access to data

Basel II -- Internal risk management

Unauthorized access to data

Code of Federal Regulation Sec 11

Unauthorized access to data

Source: Altius IT, 2012

These regulations are commonly known by the auditors and accountants within the firms -- who nevertheless are familiar with audit processes, but may not know the insides of database auditing. Still, the internal controllers and accountants are better informed from the legal standpoint than the IT specialists. This is a notable problem within the different institutions, as they may come to situations when their IT staffs are unaware of the legal dimension of their activities, and they even come to break the law.

In order to avoid such situations, it is necessary for management to ensure legal training to the staffs in the Information Technology department and to as such ensure that the database operations completed by the firm are in full accordance with the legislations. To achieve this however, the firms have to allocate and invest additional sums of money, which increases their spending and may reduce their profitability. Nevertheless, it would be much costlier for the entities to risk legal infringements and the lawful and financial repercussions that come with them.

In such a setting, the firms normally seek to conduct their internal controls through which to ensure that they respect the legal stipulations. The focus of the controls in database usage normally falls on the following issues, all generative of challenges for regulatory compliance:

The storage of the database, referring specifically to the hardware devices and software applications, as well as the external services which may be used to store the documents

The creation of the database, understood as the ability of the database users to participate with information in order to create new documents within the database

The capture of data, understood as the metadata information that includes the date and time of the document, as well as its storage

The filing of the documents…[continue]

Cite This Research Paper:

"Databases And Regulatory Compliance Challenges" (2012, October 26) Retrieved December 11, 2016, from

"Databases And Regulatory Compliance Challenges" 26 October 2012. Web.11 December. 2016. <>

"Databases And Regulatory Compliance Challenges", 26 October 2012, Accessed.11 December. 2016,

Other Documents Pertaining To This Topic

  • Financial Managers & Compliance Managers

    Despite this fundamental difference, financial and compliance managers work together as healthcare organizations make decisions to lower cost, increase revenue, and improve care. The concept of lowering cost while improving care presents a complex demand, and requires both financial and compliance officers to possess fundamental management knowledge, and similar professional skills in order to implement accounting and ethical standards (Buelow, et al. 2010). For example, a legal requirement or

  • Systemic Challenges That Choicepoint Is

    As all these challenges pervaded not only ChoicePoint but all the companies comprising the industry, privacy advocates began to dissect the processes, systems and approaches that data providers were using to collect, analyze and sell information. What they found quickly became the foundation for congressional attention and focus on imposing heavy regulations on an industry that was suffering from a lack of process integration and no oversight or governance

  • Consumer Privacy Regulations and Ethics

    Conger, 2009). Recommendations for Organizations The many factors of data mining and their use for profiling customers and their needs also create opportunities for organizations to build greater levels of trust with their customers as well. And trust is the greatest asset any marketer can have today. The following are a series of recommendations for how organizations can address demographic influences that impact their marketing strategies in light of concerns surrounding

  • Nestle Is a Large Scale Multinational Corporation

    Nestle is a large scale multinational corporation engaged in manufacturing a wide variety of food, beverages, and health care products. It was incorporated in 1866 by Henry Nestle in Switzerland as a small food manufacturing company. At present, Nestle is present in all the corners of the world and serves its customers with thousands of food and beverage brands for all types of consumers. It manufactures products for all types

  • Occupational Safety and Health

    Occupational Health and Safety in Catering Industry in Hong Kong Occupational Safety and Health The incidence rate of workplace accidents in the catering industry in Hong Kong is higher than that of other sectors, even those associated with inherently high risk to workers. Despite corrective action within the catering industry, the accident rate remains stubbornly high. This research identifies causal factors in occupational accidents in catering companies and delineates effective strategies that

  • Crime Data Attorney General Has the Job

    Crime Data Attorney General has the job of collecting, analyzing, and reporting statistical data, which will be able to give valid evaluations of crime and the criminal justice procedure to government and the people of the various states. Crime in Birmingham, Corpus Christi and Anchorage are three places that are unique and have different crime rates. The communicating Criminal Justice Profiles generate web-based exhibitions of data on all three cities. All

  • Risk Management Tools the

    The SMART-Ra solution is characterized by the following: The formal assessment of the risks through the employment of the ISO 27005 standards and the OCTAVE techniques The systematic assessment of the risk through the PDCA model (plan, do, check, act) The automated risk assessment through the Fast Ra feature, which "provides fully automated risk assessment with a built in database of standard assets, threats, vulnerabilities and controls" (Website of SMART-RA) The creation of

Read Full Research Paper
Copyright 2016 . All Rights Reserved