Proceed with confidence at home and abroad
Faced with suspected compliance violations, most multinationals have technologies to gather information quickly and efficiently from company servers, even individual laptops. But before launching an internal investigation, it’s wise to consider local privacy laws in all jurisdictions where the query may lead. A wrong step can expose the company, and those directing the investigation, to enforcement actions, even criminal penalties. Even someone later proven to have broken the law could gain rights to file legal claims for violation of their privacy rights.
Issues to consider
Here are issues to consider when conducting global internal investigations:
Be proactive before issues arise. A strong privacy program gives you maximum flexibility in conducting investigations. Review your program to see if you’ve sufficiently addressed compliance obligations. Do you have the needed consents, notifications, agency filings and transfer safeguards for international data exchanges in place?
Privacy and data protection. Many countries have restrictive rules that limit the collection, handling and transfer of information about employees, customers, contractors and other individuals. You need to have legitimate reasons for collecting and using data, notify affected individuals and in some cases, get their consent. In some countries, these protections apply to “sensitive” data that includes information about criminal behavior.
Wiretapping and electronic communications. Most countries restrict the interception and review of electronic or telephone communications. In Brazil, for instance, such correspondence may be reviewed only if an employee consents, or at a minimum, has been notified. The rules apply even if the conduct occurs wholly outside Brazil. Violations expose you to civil and criminal penalties.
Bank secrecy and common law confidentiality. Industry-specific secrecy regulations or professional confidentiality requirements may apply depending on the nature of the data needed and the jurisdiction involved. For example, Greece secrecy laws prohibit a bank from sharing certain consumer data with its parent company or affiliates even if consent is given.
“Blocking” statutes. Some countries have adopted “blocking statutes” that restrict or prohibit carrying out investigations in or affecting the local jurisdiction. For example, Swiss law prohibits investigative acts on Swiss territory in the interest or for the benefit of a foreign state authority. This can extend to accessing data on servers on Swiss soil or collecting data that another government, e.g., the US SEC, might request.
Labor and employment law. You may have to consult works councils or trade unions or address certain terms in collective bargaining agreements prior to gathering information. In Spain, an employee representative has to be present when you image an employee’s computer or search his workstation.
Other legal requirements. Some countries even oblige you to meet extra requirements. Specific Chinese laws restrict the collection and transfer of data and documents about senior government officials and may restrict the collection and transfer of such information to foreign jurisdictions.
Our experience and service advantages
A globally recognized practice. Our Global Privacy team is highly regarded for delivering exceptionally practical solutions to data protection challenges. We were among the first law firms to deliver comprehensive information management solutions to leading companies, helping them proactively manage information and avoid potential liabilities. Sharing ideas and best practices across jurisdictions, we can swiftly identify risks to help you act responsibly in conducting global internal investigations at home and offshore.
Right click and select "Save Target As" to download a
PDF version.