Although this is a United States federal law, UK and european companies trading with American entities should be aware of the requirements, as they may impact compliance with the Act.
The law was driven by corporate and accounting scandals, causing major losses for investors. Therefore the act does not apply to private companies.
SOX defines which records a company should keep and how long they should be stored for (Not less than 5 years).
These records include electronic messaging (emails), which provided I.T departments with additional logistic and security challenges.
In summary the 11 parts of the act require particular levels of auditor independence, accountability for Directors and Boards, criminal/civil penalties for violations and increased disclose.
Further information and the fullt ext of the act can be found from U.S. Government Printing Office: http://www.gpo.gov/
entry110308-130022