International Corporate Compliance, Fourth Edition
This Field Guide is not about ‘roughing it’. This book guides you through an increasingly complex field of laws, regulations and technology. Generalists in corporate legal departments and private practice, privacy officers, data scientists, information security specialists, product developers, marketing managers, recruiters, human resources specialists and others are confronted with data privacy and security issues more and more frequently. Tons of information is publicly available, much of which is free of charge. Still, it can be difficult to get a handle on a practical problem quickly without getting lost in details.
This is where this Field Guide is meant to come into play. It is designed to help identify issues, provide a brief practical overview, shape questions and lead to solutions. Where the Field Guide cannot provide an answer that is detailed enough, it contains directions to further resources that are easily accessible – by providing key terminology that can be easily looked up. Footnotes with citations in ‘Bluebook format’ have consciously been omitted; this book is for use in the field, not in a library.
For example, in this Field Guide you will find checklists with key compliance requirements and practical suggestions on how to go about satisfying them in an efficient manner. You will also be presented with examples of jurisdiction-specific details that global companies are most likely to encounter in the field, selected for illustrative purposes, but never for all 190+ countries. Once you have your bearings and you want to determine applicable details by country and situation, for example, whether you have to appoint a data protection officer in China, this Field Guide will refer you to other resources, listed at the back of the book, including Baker McKenzie’s Global Privacy Handbook (available free of charge, the 2019 Edition covers 50+ jurisdictions).
Consider a few suggestions on how to use the Field Guide: If you got this book because you are tasked with designing or implementing a new data privacy compliance program, you could start with the following overview of ‘Key Terms’ and ‘Key Concepts’ for orientation, and then use the main five Chapters of the Field Guide for navigation. If you just want to get a quick read on a particular issue, you could look up buzz words in the Index at the end of the book to zoom in on a topic that concerns you. Or, if you are faced with a particular task, you could also try one of the following paths:
|Task or Issue||Guidance|
|Respond to data security breach||Ch. 5 – Breaches of Data Security|
|Buy or sell cloud computing services||Ch. 5 – Cloud Computing; Vendors Ch. 3.66|
|Appoint data privacy officer||Ch. 1.11 et seq.|
|Achieve compliance re. international data transfers||Ch. 2|
|Conduct due diligence on M&A targets, vendors||Ch. 4|
|Select network/employee monitoring tools||Ch. 5 – Employee Data and Monitoring; Wiretapping|
|Deploy cookies, tracking technologies legally||Ch. 5 – Advertising, Tracking|
|Comply with anti-spam laws||Ch. 5 – Unsolicited Communications|
|Develop product, process or service||Ch. 5 – Privacy by Design|
|Gather management support||Ch. 5 – Rights, Remedies, Enforcement; Y – Why Protect Data Privacy?|