One of the more troubling issues that globalization has inadvertently imposed on organizations is compliance with a complex set of international data protection and privacy laws. Such laws present an enigmatic and novel challenge to American companies, which enjoy fewer domestic restraints on collecting and storing the personal data of employees and consumers. The ability of organizations to solve this cross-border data protection puzzle through careful and proactive information governance could be the difference between seizing and losing business opportunities. This article discusses a variety of such laws that may affect U.S. organizations and offers some best practices for solving these conundrums.
Cross-border data protection and privacy laws
The treatment of personal information in litigation
Another area of complexity facing organizations with respect to the governance of personal information concerns the treatment of that data in European and cross-border litigation. In domestic European litigation, personal data could be subject to discovery if it supports the claims of the parties or a court requires its disclosure. That could place an organization in the difficult position of having to produce personal data that may very well be protected by privacy laws. While legal exceptions do exist for these situations, the person whose data is subject to disclosure may nonetheless seek to prevent its dissemination on privacy grounds. Furthermore, company works councils and data protection officers may also object to these disclosures.