Law.com Subscribers SAVE 30%

Call 855-808-4530 or email [email protected] to receive your discount on a new subscription.

e-Commerce Law & StrategyLJN NewslettersNewsSections

Data Protection and Risks in Cross-Border Joint Ventures

By E. Leigh Dance and Barbara Sessions
September 02, 2013

In July, U.S. prosecutors said they had uncovered the largest credit card fraud operation in U.S. history and arrested six men in Russia and Ukraine. See, “4 Russians, 1 Ukrainian Charged in Massive Hacking,” Yahoo News. More than 160 million credit and debit card numbers were stolen, costing the victim companies more than $300 million. The fraud targeted Citigroup, JC Penney, JetBlue Airways, Nasdaq and PNC Financial Services. It's no wonder that senior in-house lawyers in the recently released Winston & Strawn “International Business Risk Survey” say that their top concern in following data privacy laws is customer data ' including data security and risk.'Tied for second-greatest concern are cross-border data transfer and legal compliance with data security and breach notification laws.

“Interestingly, it is the potential for loss of brand equity that responding corporate counsel identify as their most significant concern,” says Lisa Thomas, a data privacy and protection partner with Winston & Strawn in Chicago. In this sense, they are well-aligned with their business-side colleagues in focusing on reputational risk. “Given this 'external' focus, they should continually re-evaluate the effectiveness of their data-protection policies, procedures, and training, including domestic and cross-border compliance,” Thomas says.

Reducing business risks of data privacy breaches, corruption, and other compliance issues is a constantly evolving challenge for growing international companies. Laws and enforcement vary widely from one country to the next, and market practices are highly inconsistent around the world.

For the Winston & Strawn survey, conducted online from May-June 2013, the firm talked to top corporate counsel at major multinationals in the United States and Europe, and found that policies and procedures to address various risks may be in place, but there are obstacles to compliance across jurisdictions and businesses. The issues range from unclear accountability for data privacy and protection compliance, to joint ventures or alliances with foreign partners that have different cultural and market practices.

Survey respondents use varied approaches to managing legal compliance for data privacy and protection. The variations involve different combinations of legal, compliance, IT, marketing, and human resources departments. But they have this in common: General counsel underscore the importance of making responsibilities completely clear in a matrix structure to ensure that no issues fall through the cracks. Regular communication and coordination are important.

Given the high concern corporate counsel express regarding cross-border data transfer, it should be regular practice to ensure that the company's procedures for transferring data internationally conform to legal requirements of both the “sending” and “receiving” countries. The study results also suggest that in-house counsel rank data privacy and protection risks based on the industry and countries of operation in order to better focus their compliance efforts.

E. Leigh Dance is President of ELD International, a consultancy to global corporate counsel. Barbara Sessions is Chief Marketing Officer of Winston & Strawn.

In July, U.S. prosecutors said they had uncovered the largest credit card fraud operation in U.S. history and arrested six men in Russia and Ukraine. See, “4 Russians, 1 Ukrainian Charged in Massive Hacking,” Yahoo News. More than 160 million credit and debit card numbers were stolen, costing the victim companies more than $300 million. The fraud targeted Citigroup, JC Penney, JetBlue Airways, Nasdaq and PNC Financial Services. It's no wonder that senior in-house lawyers in the recently released Winston & StrawnInternational Business Risk Survey” say that their top concern in following data privacy laws is customer data ' including data security and risk.'Tied for second-greatest concern are cross-border data transfer and legal compliance with data security and breach notification laws.

“Interestingly, it is the potential for loss of brand equity that responding corporate counsel identify as their most significant concern,” says Lisa Thomas, a data privacy and protection partner with Winston & Strawn in Chicago. In this sense, they are well-aligned with their business-side colleagues in focusing on reputational risk. “Given this 'external' focus, they should continually re-evaluate the effectiveness of their data-protection policies, procedures, and training, including domestic and cross-border compliance,” Thomas says.

Reducing business risks of data privacy breaches, corruption, and other compliance issues is a constantly evolving challenge for growing international companies. Laws and enforcement vary widely from one country to the next, and market practices are highly inconsistent around the world.

For the Winston & Strawn survey, conducted online from May-June 2013, the firm talked to top corporate counsel at major multinationals in the United States and Europe, and found that policies and procedures to address various risks may be in place, but there are obstacles to compliance across jurisdictions and businesses. The issues range from unclear accountability for data privacy and protection compliance, to joint ventures or alliances with foreign partners that have different cultural and market practices.

Survey respondents use varied approaches to managing legal compliance for data privacy and protection. The variations involve different combinations of legal, compliance, IT, marketing, and human resources departments. But they have this in common: General counsel underscore the importance of making responsibilities completely clear in a matrix structure to ensure that no issues fall through the cracks. Regular communication and coordination are important.

Given the high concern corporate counsel express regarding cross-border data transfer, it should be regular practice to ensure that the company's procedures for transferring data internationally conform to legal requirements of both the “sending” and “receiving” countries. The study results also suggest that in-house counsel rank data privacy and protection risks based on the industry and countries of operation in order to better focus their compliance efforts.

E. Leigh Dance is President of ELD International, a consultancy to global corporate counsel. Barbara Sessions is Chief Marketing Officer of Winston & Strawn.

Read These Next
How Secure Is the AI System Your Law Firm Is Using? Image

What Law Firms Need to Know Before Trusting AI Systems with Confidential Information In a profession where confidentiality is paramount, failing to address AI security concerns could have disastrous consequences. It is vital that law firms and those in related industries ask the right questions about AI security to protect their clients and their reputation.

COVID-19 and Lease Negotiations: Early Termination Provisions Image

During the COVID-19 pandemic, some tenants were able to negotiate termination agreements with their landlords. But even though a landlord may agree to terminate a lease to regain control of a defaulting tenant's space without costly and lengthy litigation, typically a defaulting tenant that otherwise has no contractual right to terminate its lease will be in a much weaker bargaining position with respect to the conditions for termination.

Pleading Importation: ITC Decisions Highlight Need for Adequate Evidentiary Support Image

The International Trade Commission is empowered to block the importation into the United States of products that infringe U.S. intellectual property rights, In the past, the ITC generally instituted investigations without questioning the importation allegations in the complaint, however in several recent cases, the ITC declined to institute an investigation as to certain proposed respondents due to inadequate pleading of importation.

Authentic Communications Today Increase Success for Value-Driven Clients Image

As the relationship between in-house and outside counsel continues to evolve, lawyers must continue to foster a client-first mindset, offer business-focused solutions, and embrace technology that helps deliver work faster and more efficiently.

The Power of Your Inner Circle: Turning Friends and Social Contacts Into Business Allies Image

Practical strategies to explore doing business with friends and social contacts in a way that respects relationships and maximizes opportunities.