Privacy and Information Security Law Client Advisory

June 6, 2006

Global Outsourcing and Legal Compliance

By: Jane Hils Shea

Over the past twenty years, the outsourcing of business functions by U.S. companies has evolved from a revolutionary business idea to a key model business strategy. While global outsourcing provides a number of benefits for companies struggling to manage costs and to streamline operations, it also produces new risks that companies have not previously had to address.  Companies that outsource core business functions must now rely upon third party service providers (TPSPs) to maintain the security of the data that they have transferred as a part of the outsourced functions.  In addition to data security, outsourcing companies must also depend upon TPSPs for legal compliance with applicable state and federal privacy and data protection laws and regulations.  When the data is located overseas, the host country’s privacy and data protections laws must be added to the legal compliance burden.

Click here for the full article.


The Clash of Global Privacy and Whistleblower Rules
How to implement a lawful whistleblowing system in EU countries

By: Joseph J. Dehner and Mathilde Croze

Some businesses, including public companies that must meet US Sarbanes-Oxley (SOX) requirements, have established ways for employees to report suspected improper internal activity on an anonymous or confidential basis known as whistleblowing systems.  Whistleblower hotlines are one way for companies to channel internal suspicions and gripes, both to catch and address improper activity if it is occurring and to provide employees with an in-house way of considering complaints and questions about activity that appears suspicious or improper.

Click here for the full article.


Federal Trade Commission Increases Scrutiny Of Customer Data Security In Matter of DSW, Inc.

By: Robert W. Dibert

Since 2001, the FTC has filed more than 10 enforcement actions alleging that businesses failed to design, implement or maintain adequate security standards for handling customer data. The actions involved companies involved in mortgage lending, data brokering, internet retailing, credit/debit card processing, and email information subscription services. Most of the actions included alleged violations of specific federal statutes such as the Gramm-Leach-Bliley Act (regulating financial services), or specific representations made in consumer agreements or advertising. However, in Matter of DSW, Inc., No. 052-3096, dkt. C-4157 (Mar. 7, 2006) the FTC based an enforcement action squarely upon the premise that inadequate customer data security could constitute an “unfair trade practice” in and of itself. In specific, the FTC alleged that “failure to employ reasonable and appropriate security measures to protect personal data and files caused or is likely to cause substantial injury to consumers that is not offset by countervailing benefits to consumers or competition and is not reasonably avoidable by consumers. This practice was and is an unfair trade practice.”

Click here for the full article.


RFID Working Guidelines Issued

By: Joseph A. Tomain

On May 1, 2006, a collaboration of consumer privacy advocates and industry organizations under the leadership of the Center for Democracy and Technology (CDT) issued an interim draft of Privacy Best Practices for Deployment of RFID Technology.[1]  These guidelines are a first step in balancing the concerns of consumer privacy and industry’s use of radio frequency identification (RFID) technology.  While privacy is the focus of the guidelines, another major consideration in the use of RFID technology is also touched upon – security.

Click here for the full article.


Information Privacy Protection in Australia

By: Jane Hils Shea

For more than five years Australian business groups, including the Business Council of Australia and the Australian Chamber of Commerce and Industry, have been lobbying the Australian Government to use its Senate majority to substantially overhaul the company tax law regime in Australia.  Combined with efforts by the Australian government to promote Australia as a financial center and its government’s friendly relations with the US, Australia has increasingly become an appealing location for international expansion by U.S. businesses.  Additionally, the Australian Treasury Department is said to be considering offering tax breaks to foreign multinationals in order to encourage them to establish regional headquarters in Australia.

(See http://www.lowtax.net/lowtax/html/offon/australia/aus_reform.html)

Click here for the full article.



[1]These guidelines are available at: http://www.cdt.org/privacy/20060501rfid-best-practices.php

Additional Documents:

Attorneys

Practices

Top