Thanks a bunch, Enron.The past five years have seen a swell of high-profile stories in which some top corporate executives were found to be thieving jackasses. You got your Enron, your Tyco, your WorldCom. You got your revenue-cramming, your expense-hiding, your stock-dumping. You got, all in all, an ethical code that would embarrass a guy selling $10 Rolexes out of his trench coat.The U.S. Congress reacted to this corruption predictably: It passed a massive, vague, loophole-ridden set of regulations that will add another expensive administrative burden on the backs of all U.S. businesses. I speak of the Sarbanes-Oxley Act of 2002, generally called SOX or Sarbox.The appeal of SOX is that it seeks to make business accountability personal by threatening to throw corporate officers in the clink if their companies behave badly. This is pretty cool, I concede, but let\u2019s face it: in practice, the CEO of Humongo Corp., who pulled down $12.5 million last year, won\u2019t be bused to Rikers Island. Rather, he will fight a long, enervating court battle that will end in a fine or 90 days in a country-club prison.You\u2019ve been reading about SOX recently because an important compliance deadline for big companies has passed, and because at least one provision of the act is not vague: SOX states that all business records, including electronic records and electronic messages, must be saved for "not less than five years."Given this data-storage mandate, it\u2019s no surprise that SOX has had a major effect on corporate IT departments\u00a0- and less of a surprise that software vendors and consultants have built a mini-industry around SOX compliance.But what about us? I keep reading that SOX is a big deal to small and midsize businesses, but that covers a lot of ground - a company with 50 employees is deemed an SMB, but that\u2019s gargantuan by my standards. I haven\u2019t seen persuasive evidence that SOX will be a big deal to one-man bands like my business or yours.Don\u2019t get me wrong: the basic tenet of SOX, and of its cousin\u00a0 the Health Insurance Portability and Accountability Act (HIPAA) is that companies must do a better job of storing and safeguarding information, and I\u2019m all for that.But need you worry about SOX just yet? Doubtful. For starters, compliance is mandatory only for publicly held companies; for those that are privately held, it\u2019s voluntary.Section 404, one of SOX\u2019s key areas, mandates that by April 15, 2005, the CEO, CFO and \u201coutside auditors\u201d of small and foreign-owned businesses attest to the effectiveness of internal controls (including computer systems) that affect their financial reporting process.What that means for home-based businesses - in which the CEO and CFO are one and the same, and the nearest thing to an outside auditor is the UPS guy\u00a0- is unclear, even to analysts specializing in SOX.However, it never hurts to be prepared:* Ask your clients. In the short term, you\u2019re most likely to feel the effects of SOX if you have a publicly held company as a client; that company may \u201cincreasingly demand from private business partners accurate financial information,\u201d according to the Yankee Group, a Boston research firm. Talk with your contact to see whether such a demand is in the pipeline and, if so, exactly what information they may need.* Discard nothing. As I wrote in a recent Home Base, it\u2019s worth considering a remote data-storage service; recent cases have shown that even the most trivial of e-mails may someday be demanded in a civil or regulatory proceeding.* Stay tuned. As we speak, SOX is being defined on the fly by an army of bureaucrats. The act\u2019s impact on home-based businesses will be far better defined in six months.