The Art of Constructing Global Whistleblowing Programmes

Size: px
Start display at page:

Download "The Art of Constructing Global Whistleblowing Programmes"

Transcription

1 The Art of Constructing Global Whistleblowing Programmes Mark E. Schreiber Chair, Privacy & Data Protection Group Steering Committee Edwards Wildman Palmer LLP 111 Huntington Avenue Boston, MA Suzanne Rodway Group Head of Privacy Royal Bank of Scotland Legal Level 5/Premier Place 2½ Devonshire Square / EC2M, 4BA 44 (0) Edwards Wildman Palmer LLP & Edwards Wildman Palmer UK LLP

2 SOX and FCPA Hotlines SOX and U.S. stock exchange regulations require: mandatory code of conduct confidential, anonymous submission of concerns regarding questionable accounting or auditing receipt, retention and treatment of complaints apply outside U.S. to ensure reporting Variety of permissible methods to submit complaints phone or hotline, , mail, fax, drop-boxes Enhanced enforcement of FCPA, more than 100 ongoing DOJ investigations Industry wide investigations Spanning numerous countries 2

3 FCPA/SOX Hotline and Due Diligence Dilemmas FCPA hotline voluntary Often same telephone number/ as SOX ones Clash: French and German cases held U.S. company proposed whistleblowing schemes unlawful historical concern over informants numerous protections added few actual calls 3

4 General Resolution of EU Hotline Issues Political compromise reached Art. 29 Working Party issued guidelines: allows anonymous reporting under certain conditions SEC and Art. 29 letters workinggroup/wpdocs/2006-others_en.htm Prior non-compliance/ too hard to comply Now compliance possible and practical 4

5 What is the Goal? Rigorous compliance with FCPA/SOX Simultaneous compliance with E.U. data protection laws good faith compliance effort consistent with Art. 29 Working Party, CNIL and other guidelines SOX/FCPA Code of Conduct and anonymous reporting obligations Art. 29 W.P., CNIL and other E. U. country whistleblower guidelines E.U. data protection laws E.U. data protection laws 5

6 Where to Find What is Required by EU and Other Countries World Law Group Global Guide to Whistleblowing Programs, CNIL Guidelines, FAQ s CNIL on-line authorization Decision and forms (click on: Publications, Practice, Privacy) Dutch, Belgium guidelines and Spanish DPA whistleblower consult German guidelines (click on: Publications, Practice, Privacy) 6

7 Where to Find What is Required by EU and Other Countries Irish guidelines Swedish guidelines endast-chefer-och-andra-nyckelpersoner-far-anmalas-medwhistleblowing/ Danish guidelines Hungarian whistleblower law amendments Portuguese guidelines Deliberação Nº 765/2009 7

8 What Does This Process Take for Multi-National Companies? Reconfigure E.U. whistleblower mechanism new E.U. whistleblower protocol without disturbing Code of Conduct / Ethics or FCPA policy New E.U. whistleblower procedure addendum by country New E.U. employee notice of whistleblower program usually requires translation 8

9 What Will This Process Take? Procedure on pan-european basis adaptations/addendum by E.U./EEA or other country where company has operations Data Controller registration ( notification ) with Data Protection Authorities (DPAs) UK routine notifications (failure to do so is per se criminal offense) France, Belgium, Holland relatively easy Poland, Spain, Portugal, Bulgaria, Hungary more complex Russia probably Due diligence program may also require DPA notification depending on country Effect of New EU data protection regulation? 9

10 What Will This Process Take? Timelines of implementation: at least 6 months from start might take a year or more depending on number of countries draft helpline procedure and notice highlight country differences and addendum review by E.U. local counsel translation of documents, at least employee notices works council negotiations for WB programs DPA notifications appoint country data protection officers, e.g., in Germany, France, Switzerland so no DPA notification create/adjust training modules adapt investigatory procedures 10

11 What Will This Process Take? How do you handle hotline (or due diligence) in E.U. in the interim? leave on and operate? if reports, adhere to E.U. country data protection requirements in one-off events disable in all or some E.U. countries? France, Germany, Spain and elsewhere? SEC/FCPA compliance? work to adapt it? good faith efforts proof of activity companies must now address about data protection 11

12 What Will This Process Take? Who makes this decision in your company? others buy-in team in-house counsel (U.S. and E.U.) and staff, including compliance dept. outside counsel in both U.S. and E.U. countries combination 3rd Party Hotline Vendor usage mechanisms various levels of hotline interfaces and/or assistance very sophisticated already contract terms required by Art. 29, CNIL, etc. 12

13 Implementation Issues What is Required by E.C.? Narrowed SOX code proportionality audit, accounting, fraud, financial irregularities healthcare compliance FCPA example: If narrowed, in France click-through authorization no further CNIL review real policy work behind scenes like U.S. Safe Harbor if broad, in France, regular CNIL review 2 mos. unless further docs. requested Unlikely approval for employment matters 13

14 Implementation Issues What is Required by E.C.? Complaints outside scope some may be taken in on hotline but have to be immediately referred to other department and then archived or deleted serious matters / vital interests of company No longer allowed under French single authorization June 7, 2011 CNIL deadline for single authorization 004 changes physical / emotional safety (moral integrity) of employees threats of violence, assault, murder slightly better under German guidelines Austria, Portugal only allow SOX/anti-corruption subject matter 14

15 Implementation Issues What is Required by E.C.? Anonymity available not required or encouraged SEC says cannot discourage admonitions necessary careful drafting reporting availability to supervisors / managers whistleblower reporting not mandatory Spain and Portugal no anonymous complaints confidential complaints OK need for local counsel alternatives 15

16 Implementation Issues What is Required by E.C.? Notice to employees of program existence, purpose and functioning in local language, e.g., requirement in French labor code wait until program materials almost complete before translation 16

17 Implementation Issues What is Required by E.C.? Prompt notification to accused of: entity, facts accused of, departments might receive reports, how to exercise rights of access and rectification delay exception for evidence preservation, (computer back-up, imaging hard drive, etc.) applied restrictively on case by case basis how will this work in practice? not identity of whistleblower 17

18 Implementation Issues What is Required by E.C.? Right of accused to access and correct or rectify data incorrect, incomplete or inaccurate data limited access rights only about data subject may be restricted on case by case basis to ensure rights of others Data transfer to U.S. from E.U. locale disclosures within group at what level and in what country? cross-border transfer solutions not new, applies to all employee, customer and other personal data 18

19 Implementation Issues What is Required by E.C.? Data retention periods and archiving easy to say, hard to implement unsubstantiated deleted or archived immediately 2 mos. after conclusion of investigation unless discipline against accused other litigation potential SEC matters Archival / Blocking access controls on archived databases matrix of time frames by event some countries insist on deletion or destruction what does this mean in electronic context? 19

20 Implementation Issues What is Required by E.C.? Notify and/or negotiate with Works Council minimum number of employees in some countries sometimes historical or political issues Germany right of co-determination factor into lead time 20

Ethical hotlines and whistleblowing ensuring businesses are not in conflict with local laws

Ethical hotlines and whistleblowing ensuring businesses are not in conflict with local laws Ethical hotlines and whistleblowing ensuring businesses are not in conflict with local laws 16 January 2014 Robert Bond, CCEP Partner and Notary Public Our Team Speechly Bircham is an ambitious, full-service

More information

Ethical hotlines and whistleblowing ensuring businesses are not in conflict. with EU laws 10 May 2012. James Castro-Edwards, solicitor.

Ethical hotlines and whistleblowing ensuring businesses are not in conflict. with EU laws 10 May 2012. James Castro-Edwards, solicitor. James Castro-Edwards, solicitor and Alexia Zuber, solicitor Data Protection & Information Law Group Ethical hotlines and whistleblowing ensuring businesses are not in conflict with EU laws 10 May 2012

More information

Whistleblowing Good Corporate Governance. IAPP Europe, Data Protection Congress November 2012, Brussels

Whistleblowing Good Corporate Governance. IAPP Europe, Data Protection Congress November 2012, Brussels Whistleblowing Good Corporate Governance IAPP Europe, Data Protection Congress 2012 14 November 2012, Brussels Aspects of "Whistleblowing" Protection Reporting Non-compliance with law, rules, standards

More information

Linde Integrity Line. Process and Data Protection Policy. 1 July 2007

Linde Integrity Line. Process and Data Protection Policy. 1 July 2007 Linde Integrity Line Process and Data Protection Policy 1 July 2007 Page 2 of 10 Table of Contents Preamble 3 1 Scope of application 3 2 Definitions 3 3 Submitting Reports Regular Channels 3 4 Submitting

More information

OUTSOURCING, HOSTING AND DATA PRIVACY ISSUES

OUTSOURCING, HOSTING AND DATA PRIVACY ISSUES OUTSOURCING, HOSTING AND DATA PRIVACY ISSUES 4 April 2013 James Castro-Edwards Solicitor Monica Salgado Advogada / Portuguese Lawyer OUR TEAM Speechly Bircham is an ambitious, full-service law firm with

More information

HOW TO HANDLE A WHISTLEBLOWER REPORT IN THE EU

HOW TO HANDLE A WHISTLEBLOWER REPORT IN THE EU HOW TO HANDLE A WHISTLEBLOWER REPORT IN THE EU 10 April 2014 Monica Salgado Advogada registered with the Portuguese Ordem dos Advogados Registered European Lawyer with the SRA Kirsti Laird Solicitor, (qualified

More information

Launching a Whistleblower Hotline Across Europe

Launching a Whistleblower Hotline Across Europe WhitePaper Launching a Whistleblower Hotline Across Europe 10/15/12 Table of Contents Abstract. 2 Issues Faced by Multinationals When Launching a European Hotline..2 Three-Step Process for Developing a

More information

PHI Air Medical, L.L.C. Compliance Plan

PHI Air Medical, L.L.C. Compliance Plan Page No. 1 of 13 Introduction: The PHI Air Medical, L.L.C. is to be used by employees, contractors and vendors to get a high level understanding of the key regulatory requirements relating to our participation

More information

EU Data Protection Directive and U.S. Safe Harbor Framework: An Employer Update. By Stephen H. LaCount, Esq.

EU Data Protection Directive and U.S. Safe Harbor Framework: An Employer Update. By Stephen H. LaCount, Esq. EU Data Protection Directive and U.S. Safe Harbor Framework: An Employer Update By Stephen H. LaCount, Esq. Overview The European Union Data Protection Directive 95/46/EC ( Directive ) went effective in

More information

Global investigations: what employers need to know about investigating employees

Global investigations: what employers need to know about investigating employees Global investigations: what employers need to know about investigating employees Plan carefully to minimise riskbe su Given increasing globalisation, multinational companies are facing new levels of risk.

More information

INTERNATIONAL SOS. Data Protection Policy. Version 1.05

INTERNATIONAL SOS. Data Protection Policy. Version 1.05 INTERNATIONAL SOS Data Protection Policy Document Owner: LCIS Division Document Manager: Group General Counsel Effective: December 2008 Revised: 2015 All copyright in these materials are reserved to AEA

More information

Data and Cyber Laws Up-date 9 July 2015

Data and Cyber Laws Up-date 9 July 2015 Data and Cyber Laws Up-date 9 July 2015 Janine Regan Alexia Zuber Viktoria Protokova Simon Holdsworth charlesrussellspeechlys.com Topics Updates on the key aspects of, and commentary on, the proposed GDPR

More information

THE ETHICS HELPLINE Worldwide Dialing Instructions April 2012

THE ETHICS HELPLINE Worldwide Dialing Instructions April 2012 COUNTRY DIALING INSTRUCTIONS US, Canada and Virgin Islands The Ethics Helpline is always available, 24/7/365 888 478 6858 (Dialing instructions for other jurisdictions follow) Coming soon internet reporting

More information

BRITISH COUNCIL DATA PROTECTION CODE FOR PARTNERS AND SUPPLIERS

BRITISH COUNCIL DATA PROTECTION CODE FOR PARTNERS AND SUPPLIERS BRITISH COUNCIL DATA PROTECTION CODE FOR PARTNERS AND SUPPLIERS Mat Wright www.britishcouncil.org CONTENTS Purpose of the code 1 Scope of the code 1 The British Council s data protection commitment and

More information

TITLE: Scripps Compliance Program

TITLE: Scripps Compliance Program PAGE 1 of 7 TITLE: Scripps Compliance Program IDENTIFIER: S-FW-LD-1003 APPROVED: Executive Cabinet 08/14/12 ORIGINAL FORMULATION: 11/00 REVISED: 02/06, 11/06, 10/09, 08/12 REVIEWED: EFFECTIVE: Acute Care:

More information

Align Technology. Data Protection Binding Corporate Rules Controller Policy. 2014 Align Technology, Inc. All rights reserved.

Align Technology. Data Protection Binding Corporate Rules Controller Policy. 2014 Align Technology, Inc. All rights reserved. Align Technology Data Protection Binding Corporate Rules Controller Policy Contents INTRODUCTION 3 PART I: BACKGROUND AND ACTIONS 4 PART II: CONTROLLER OBLIGATIONS 6 PART III: APPENDICES 13 2 P a g e INTRODUCTION

More information

COUNTY OF ORANGE DEPARTMENT OF HEALTH. Corporate Compliance Plan

COUNTY OF ORANGE DEPARTMENT OF HEALTH. Corporate Compliance Plan COUNTY OF ORANGE DEPARTMENT OF HEALTH Corporate Compliance Plan COUNTY OF ORANGE DEPARTMENT OF HEALTH CORPORATE COMPLIANCE PLAN I. Corporate Compliance Plan It is the policy of the Orange County Department

More information

Inhouse Masterclass: Data Developments - Cyber Security & the Right to be Forgotten. MHC.ie

Inhouse Masterclass: Data Developments - Cyber Security & the Right to be Forgotten. MHC.ie Inhouse Masterclass: Data Developments - Cyber Security & the Right to be Forgotten MHC.ie Rewriting the Past Oisin Tobin otobin@mhc.ie Agenda 1. Background 2. Findings and impact: a) Jurisdiction b) A

More information

Briefly summarised, SURFmarket has submitted the following questions to the Dutch DPA:

Briefly summarised, SURFmarket has submitted the following questions to the Dutch DPA: UNOFFICIAL TRANSLATION Written opinion on the application of the Wet bescherming persoonsgegevens [Dutch Data Protection Act] in the case of a contract for cloud computing services from an American provider

More information

Information Security Risks when going cloud. How to deal with data security: an EU perspective.

Information Security Risks when going cloud. How to deal with data security: an EU perspective. Separating fact from fiction about new software licensing /SaaS/ cloud computing models: advantages, disadvantages and ethical implications. Information Security Risks when going cloud. How to deal with

More information

7.08.2 Privacy Rules for Customer, Supplier and Business Partner Data. Directive 7.08 Protection of Personal Data

7.08.2 Privacy Rules for Customer, Supplier and Business Partner Data. Directive 7.08 Protection of Personal Data Akzo Nobel N.V. Executive Committee Rules 7.08.2 Privacy Rules for Customer, Supplier and Business Partner Data Source Directive Content Owner Directive 7.08 Protection of Personal Data AkzoNobel Legal

More information

GUIDANCE FOR MANAGING THIRD-PARTY RISK

GUIDANCE FOR MANAGING THIRD-PARTY RISK GUIDANCE FOR MANAGING THIRD-PARTY RISK Introduction An institution s board of directors and senior management are ultimately responsible for managing activities conducted through third-party relationships,

More information

Data Protection in Ireland

Data Protection in Ireland Data Protection in Ireland 0 Contents Data Protection in Ireland Introduction Page 2 Appointment of a Data Processor Page 2 Security Measures (onus on a data controller) Page 3 8 Principles Page 3 Fair

More information

INSTITUTIONAL COMPLIANCE PLAN

INSTITUTIONAL COMPLIANCE PLAN INSTITUTIONAL COMPLIANCE PLAN Responsible Party: Board of Trustees Contact: Institutional Compliance Office Original Effective Date: 02/16/2012 Last Revised Date: 10/13/2014 Contents I. SCOPE OF THE PLAN...

More information

User tracking: Scope and Implementation eprivacy Directive Article 5(3)

User tracking: Scope and Implementation eprivacy Directive Article 5(3) User tracking: Scope and Implementation eprivacy Directive Article 5(3) Email Sender & Provider Coalition April 3, 2012 Presented By Karin Retzer 2012 Morrison & Foerster LLP All Rights Reserved mofo.com

More information

Alliance for Better Health Care, LLC

Alliance for Better Health Care, LLC Alliance for Better Health Care, LLC ORGANIZATIONAL POLICY FALSE CLAIMS ACT AND WHISTLEBLOWER PROVISIONS Page 1 of 5 EFFECTIVE DATE: NUMBER: March 2015 ORIGINATOR: Corporate Compliance Officer CONCURRENCE:

More information

Response to the European Commission s consultation on the legal framework for the fundamental right to protection of personal data

Response to the European Commission s consultation on the legal framework for the fundamental right to protection of personal data Stockholm: Göteborg: Malmö: 105 24 Stockholm Box 57 Box 4221 Fax 08 640 94 02 401 20 Göteborg 203 13 Malmö Plusgiro: 12 41-9 Org. Nr: 556134-1248 www.intrum.se Bankgiro: 730-4124 info@se.intrum.com Response

More information

IMMUNOTEC INC. AUDIT AND DISCLOSURE POLICY MANAGEMENT COMMITTEE CHARTER AND WHISTLEBLOWER POLICY

IMMUNOTEC INC. AUDIT AND DISCLOSURE POLICY MANAGEMENT COMMITTEE CHARTER AND WHISTLEBLOWER POLICY IMMUNOTEC INC. AUDIT AND DISCLOSURE POLICY MANAGEMENT COMMITTEE CHARTER AND WHISTLEBLOWER POLICY ORGANIZATION There shall be a committee of the Board of Directors of the Corporation (the Board ) to be

More information

Processor Binding Corporate Rules (BCRs), for intra-group transfers of personal data to non EEA countries

Processor Binding Corporate Rules (BCRs), for intra-group transfers of personal data to non EEA countries Processor Binding Corporate Rules (BCRs), for intra-group transfers of personal data to non EEA countries Sopra HR Software as a Data Processor Sopra HR Software, 2014 / Ref. : 20141120-101114-m 1/32 1.

More information

Personal information, for purposes of this Policy, includes any information which relates to an identified or an identifiable person.

Personal information, for purposes of this Policy, includes any information which relates to an identified or an identifiable person. PART I: INTRODUCTION AND BACKGROUND Purpose This Data Protection Binding Corporate Rules Policy ( Policy ) establishes the approach of Fluor to compliance with European data protection law and specifically

More information

Appendix 11 - Swiss Data Protection Act

Appendix 11 - Swiss Data Protection Act GLEIF- LOU Restricted Appendix 11 - Swiss Data Protection Act GLEIF Revision Version: 1.0 2015-09-23 Master Copy page 2 of 11 Applicable Provisions of the Swiss Data Protection Act (DPA) including the

More information

Countries EU - DPR Germany France Spain Switzerland Belgium The Netherlands Hungary Sweden Luxembourg Italy UK

Countries EU - DPR Germany France Spain Switzerland Belgium The Netherlands Hungary Sweden Luxembourg Italy UK DPO in Europe Countries EU - DPR Germany France Spain Switzerland Belgium The Netherlands Hungary Sweden Luxembourg Italy UK Name of DPO Data Protection Officer Beauftragter für den Datenschutz (DSB) Legal

More information

Mondelez International Moves to Electronic Invoicing

Mondelez International Moves to Electronic Invoicing Mondelez International Moves to Electronic Invoicing Dear Sir / Madam As part of Mondelez International ongoing efforts to improve our service, we are phasing out paper processes by moving to electronic

More information

Dodd-Frank s Whistleblower Bounty Provisions: The First Wave of Tips Filed with the SEC and What Public Companies Should Do Now

Dodd-Frank s Whistleblower Bounty Provisions: The First Wave of Tips Filed with the SEC and What Public Companies Should Do Now Dodd-Frank s Whistleblower Bounty Provisions: The First Wave of Tips Filed with the SEC and What Public Companies Should Do Now Mike Delikat, ORRICK (mdelikat@orrick.com; 212.5065230) The Dodd-Frank Act

More information

Connecticut Pipe Trades Health Fund Privacy Notice. 2013 Restatement

Connecticut Pipe Trades Health Fund Privacy Notice. 2013 Restatement Connecticut Pipe Trades Health Fund Privacy Notice 2013 Restatement Section 1: Purpose of This Notice and Effective Date THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED

More information

Fraud, Waste and Abuse Prevention and Education Policy

Fraud, Waste and Abuse Prevention and Education Policy Corporate Compliance Fraud, Waste and Abuse Prevention and Education Policy The Compliance Program at the Cortland Regional Medical Center (CRMC) demonstrates our commitment to uphold all federal and state

More information

Stock Options. Global Desk Reference

Stock Options. Global Desk Reference Stock Options Global Desk Reference GLOBAL EQUITY DESK REFERENCE STOCK OPTIONS ABOUT DLA PIPER DLA Piper is a global legal services organization with 4,200 lawyers in 76 offices in 30 countries across

More information

Align Technology. Data Protection Binding Corporate Rules Processor Policy. 2014 Align Technology, Inc. All rights reserved.

Align Technology. Data Protection Binding Corporate Rules Processor Policy. 2014 Align Technology, Inc. All rights reserved. Align Technology Data Protection Binding Corporate Rules Processor Policy Confidential Contents INTRODUCTION TO THIS POLICY 3 PART I: BACKGROUND AND ACTIONS 4 PART II: PROCESSOR OBLIGATIONS 6 PART III:

More information

COMPLIANCE PROGRAM GUIDANCE FOR MEDICARE FEE-FOR-SERVICE CONTRACTORS

COMPLIANCE PROGRAM GUIDANCE FOR MEDICARE FEE-FOR-SERVICE CONTRACTORS Department of Health and Human Services CENTERS FOR MEDICARE & MEDICAID SERVICES COMPLIANCE PROGRAM GUIDANCE FOR MEDICARE FEE-FOR-SERVICE CONTRACTORS March 2005 TABLE OF CONTENTS INTRODUCTION...3 ELEMENTS

More information

GENERAL ELECTRIC COMPANY EMPLOYMENT DATA PROTECTION STANDARDS

GENERAL ELECTRIC COMPANY EMPLOYMENT DATA PROTECTION STANDARDS GENERAL ELECTRIC COMPANY EMPLOYMENT DATA PROTECTION STANDARDS December 2005 2 GENERAL ELECTRIC COMPANY EMPLOYMENT DATA PROTECTION STANDARDS I. OBJECTIVE... 1 II. SCOPE... 1 III. APPLICATION OF LOCAL LAWS...

More information

Corporate Policy. Data Protection for Data of Customers & Partners.

Corporate Policy. Data Protection for Data of Customers & Partners. Corporate Policy. Data Protection for Data of Customers & Partners. 02 Preamble Ladies and gentlemen, Dear employees, The electronic processing of virtually all sales procedures, globalization and growing

More information

MATTHEWS INTERNATIONAL CORPORATION

MATTHEWS INTERNATIONAL CORPORATION MATTHEWS INTERNATIONAL CORPORATION U.S. FOREIGN CORRUPT PRACTICES ACT COMPLIANCE POLICY INTRODUCTION Principles Underlying the United States Foreign Corrupt Practices Act ( FCPA ). The FCPA s Anti-Bribery

More information

Cloud computing and personal data protection. Gwendal LE GRAND Director of technology and innovation CNIL

Cloud computing and personal data protection. Gwendal LE GRAND Director of technology and innovation CNIL Cloud computing and personal data protection Gwendal LE GRAND Director of technology and innovation CNIL 1 Data protection in Europe Directive 95/46/EC Loi 78-17 du 6 janvier 1978 amended in 2004 (France)

More information

Privacy & Data Security: The Future of the US-EU Safe Harbor

Privacy & Data Security: The Future of the US-EU Safe Harbor Privacy & Data Security: The Future of the US-EU Safe Harbor NAOMI MCBRIDE, LISA J. SOTTO AND BRIDGET TREACY, HUNTON & WILLIAMS LLP, WITH PRACTICAL LAW US INTELLECTUAL PROPERTY & TECHNOLOGY AND UK IP&IT

More information

INDIANA UNIVERSITY SCHOOL OF OPTOMETRY HIPAA COMPLIANCE PLAN TABLE OF CONTENTS. I. Introduction 2. II. Definitions 3

INDIANA UNIVERSITY SCHOOL OF OPTOMETRY HIPAA COMPLIANCE PLAN TABLE OF CONTENTS. I. Introduction 2. II. Definitions 3 INDIANA UNIVERSITY SCHOOL OF OPTOMETRY HIPAA COMPLIANCE PLAN TABLE OF CONTENTS I. Introduction 2 II. Definitions 3 III. Program Oversight and Responsibilities 4 A. Structure B. Compliance Committee C.

More information

SAFE HARBOR PRIVACY NOTICE EFFECTIVE: July 1, 2005 AMENDED: July 15, 2014

SAFE HARBOR PRIVACY NOTICE EFFECTIVE: July 1, 2005 AMENDED: July 15, 2014 SAFE HARBOR PRIVACY NOTICE EFFECTIVE: July 1, 2005 AMENDED: July 15, 2014 This Notice sets forth the principles followed by United Technologies Corporation and its operating companies, subsidiaries, divisions

More information

Summary of Data Protection Requirements When transferring Data Outside the UK End Users

Summary of Data Protection Requirements When transferring Data Outside the UK End Users Summary of Data Protection Requirements When transferring Data Outside the UK End Users 14 May 2010 Background to transfers of the Data outside the UK Data can be transferred in a couple of ways in relation

More information

BOARD OF DIRECTORS COMMUNICATION POLICY. Adopted February 25, 2015

BOARD OF DIRECTORS COMMUNICATION POLICY. Adopted February 25, 2015 1. Policy Statement BOARD OF DIRECTORS COMMUNICATION POLICY Adopted February 25, 2015 Tribune Media Company (the Company ) values the input and insights of its stockholders and other interested parties

More information

Kingsway Financial Services Inc. Whistleblower Policy

Kingsway Financial Services Inc. Whistleblower Policy Kingsway Financial Services Inc. Whistleblower Policy TABLE OF CONTENTS NOTICE... 1 1. INTRODUCTION... 2 2. DEFINITION OF A WHISTLEBLOWER... 2 3. RESPONSIBILITY... 2 4. NO RETALIATION AND CONFIDENTIALITY...

More information

CPA Global North America LLC SAFE HARBOR PRIVACY POLICY. Introduction

CPA Global North America LLC SAFE HARBOR PRIVACY POLICY. Introduction CPA Global North America LLC SAFE HARBOR PRIVACY POLICY Introduction CPA Global North America LLC ( CPA Global ) is the US affiliate of the world's leading intellectual property (IP) management and IP

More information

The ADT Corporation. Audit Committee Charter. December 2014

The ADT Corporation. Audit Committee Charter. December 2014 The ADT Corporation Audit Committee Charter December 2014 1 TABLE OF CONTENTS Purpose... 3 Authority... 3 Composition... 3 Meetings... 3 Responsibilities... 4 Financial Statements... 4 External Audit...

More information

Who s next after TalkTalk?

Who s next after TalkTalk? Who s next after TalkTalk? Frequently Asked Questions on Cyber Risk Fraud threat to millions of TalkTalk customers TalkTalk cyber-attack: website hit by significant breach These are just two of the many

More information

Privacy Policy. February, 2015 Page: 1

Privacy Policy. February, 2015 Page: 1 February, 2015 Page: 1 Revision History Revision # Date Author Sections Altered Approval/Date Rev 1.0 02/15/15 Ben Price New Document Rev 1.1 07/24/15 Ben Price Verify Privacy Grid Requirements are met

More information

Connecticut Carpenters Health Fund Privacy Notice

Connecticut Carpenters Health Fund Privacy Notice Connecticut Carpenters Health Fund Privacy Notice THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

More information

Data protection compliance checklist

Data protection compliance checklist Data protection compliance checklist What is this checklist for? This checklist is drawn up on the basis of analysis of the relevant provisions of European law. Although European law aims at harmonizing

More information

Tax-Exempt Organizations Alert: Whistleblower Policies

Tax-Exempt Organizations Alert: Whistleblower Policies Tax-Exempt Organizations Alert: Whistleblower Policies Form 990, the annual information return form filed by public charities and other tax-exempt organizations, asks nonprofit organizations to state whether

More information

Certifying for Safe Harbor: The Practical Aspects September 15, 2011

Certifying for Safe Harbor: The Practical Aspects September 15, 2011 Certifying for Safe Harbor: The Practical Aspects September 15, 2011 Robert L. Rothman, Principal, Privacy Associates International LLC Kimberly A. Bubnes, Global Privacy Director, General Motors Co. Introduction

More information

Delaware Valley Dermatology Group, LLC 3411 Silverside Road Suite 107, Webster Building Wilmington, DE 19810 Phone: 302-478-8532 Fax: 302-478-8536

Delaware Valley Dermatology Group, LLC 3411 Silverside Road Suite 107, Webster Building Wilmington, DE 19810 Phone: 302-478-8532 Fax: 302-478-8536 Delaware Valley Dermatology Group, LLC 3411 Silverside Road Suite 107, Webster Building Wilmington, DE 19810 Phone: 302-478-8532 Fax: 302-478-8536 Notice of Privacy Practices THIS NOTICE DESCRIBES HOW

More information

Johnson Controls Privacy Notice

Johnson Controls Privacy Notice Johnson Controls Privacy Notice Johnson Controls, Inc. and its affiliated companies (collectively Johnson Controls, we, us or our) care about your privacy and are committed to protecting your personal

More information

The potential legal consequences of a personal data breach

The potential legal consequences of a personal data breach The potential legal consequences of a personal data breach Tue Goldschmieding, Partner 16 April 2015 The potential legal consequences of a personal data breach 15 April 2015 Contents 1. Definitions 2.

More information

Whistleblower. Category: Governance Number: Audience: All University Employees and Board of Governors Issued: February 10, 2014

Whistleblower. Category: Governance Number: Audience: All University Employees and Board of Governors Issued: February 10, 2014 Whistleblower Category: Governance Number: Audience: All University Employees and Board of Governors Issued: February 10, 2014 Owner: President Approved by: Board of Governors Contact: Secretary to the

More information

LATISYS SAFE HARBOR POLICY

LATISYS SAFE HARBOR POLICY LATISYS SAFE HARBOR POLICY Latisys Corporation ( Latisys or Company ), a wholly-owned subsidiary of Zayo Group, LLC, is a global provider of bandwidth infrastructure services, including dark fiber, wavelengths,

More information

FIRST DATA CORPORATION PROCESSOR DATA PROTECTION STANDARDS

FIRST DATA CORPORATION PROCESSOR DATA PROTECTION STANDARDS FIRST DATA CORPORATION PROCESSOR DATA PROTECTION STANDARDS As a world leader in electronic commerce and payment services, First Data Corporation and its subsidiaries ( First Data entity or entities ),

More information

Patterson Dental Supply, Inc. Sample HIPAA Notice of Privacy Practices for its Dental Practice Customers. Last Updated April 1, 2010

Patterson Dental Supply, Inc. Sample HIPAA Notice of Privacy Practices for its Dental Practice Customers. Last Updated April 1, 2010 Patterson Dental Supply, Inc. Sample HIPAA Notice of Privacy Practices for its Dental Practice Customers Last Updated April 1, 2010 This sample HIPAA Notice of Privacy Practices is being provided by Patterson

More information

Compliance Plan False Claims Act & Whistleblower Provisions Purpose/Policy/Procedures

Compliance Plan False Claims Act & Whistleblower Provisions Purpose/Policy/Procedures CATHOLIC CHARITIES OF THE ROMAN CATHOLIC DIOCESE OF SYRACUSE, NY and TOOMEY RESIDENTIAL AND COMMUNITY SERVICES Compliance Plan False Claims Act & Whistleblower Provisions Purpose/Policy/Procedures Purpose:

More information

HIPAA Omnibus & HITECH Rules: Key Provisions and a Simple Checklist. www.riskwatch.com

HIPAA Omnibus & HITECH Rules: Key Provisions and a Simple Checklist. www.riskwatch.com HIPAA Omnibus & HITECH Rules: Key Provisions and a Simple Checklist www.riskwatch.com Introduction Last year, the federal government published its long awaited final regulations implementing the Health

More information

BAPTIST HEALTH CORPORATE COMPLIANCE PLAN

BAPTIST HEALTH CORPORATE COMPLIANCE PLAN BAPTIST HEALTH CORPORATE COMPLIANCE PLAN BAPTIST HEALTH and its subsidiaries have a long-standing reputation for conducting both business and patient care activities with the highest level of ethical behavior

More information

University of Liverpool Online Programmes - Privacy Policy for Visitors and Students

University of Liverpool Online Programmes - Privacy Policy for Visitors and Students University of Liverpool Online Programmes - Privacy Policy for Visitors and Students PLEASE NOTE: The following privacy terms relate to the University of Liverpool s online programmes and not The University

More information

TABLE OF CONTENTS. Maintaining the Quality and Integrity of Information. Notification of an Information Security Incident

TABLE OF CONTENTS. Maintaining the Quality and Integrity of Information. Notification of an Information Security Incident AGREEMENT BETWEEN THE UNITED STATES OF AMERICA AND THE EUROPEAN UNION ON THE PROTECTION OF PERSONAL INFORMATION RELATING TO THE PREVENTION, INVESTIGATION, DETECTION, AND PROSECUTION OF CRIMINAL OFFENSES

More information

Addendum Windows Azure Data Processing Agreement Amendment ID M129

<Choose> Addendum Windows Azure Data Processing Agreement Amendment ID M129 Addendum Amendment ID Proposal ID Enrollment number Microsoft to complete This addendum ( Windows Azure Addendum ) is entered into between the parties identified on the signature form for the

More information

Preparing for a Post Dodd Frank World

Preparing for a Post Dodd Frank World A Whistleblower in Your Midst: Preparing for a Post Dodd Frank World July 21, 2011 Amy L. Bess, Shareholder, Vedder Price P.C. Joseph M. Mannon, Of Counsel, Vedder Price P.C. Jeannette L. Lewis, Principal,

More information

The SEC's New Whistleblower Program: What It Means for Companies and How to Respond. July 22, 2011

The SEC's New Whistleblower Program: What It Means for Companies and How to Respond. July 22, 2011 The SEC's New Whistleblower Program: What It Means for Companies and How to Respond July 22, 2011 Agenda Introduction Presentation Questions and Answers (anonymous) Slides now available on front page of

More information

DATA PROTECTION AND DATA STORAGE POLICY

DATA PROTECTION AND DATA STORAGE POLICY DATA PROTECTION AND DATA STORAGE POLICY 1. Purpose and Scope 1.1 This Data Protection and Data Storage Policy (the Policy ) applies to all personal data collected and dealt with by Centre 404, whether

More information

Family benefits Information about health insurance country. Udbetaling Danmark Kongens Vænge 8 3400 Hillerød. A. Personal data

Family benefits Information about health insurance country. Udbetaling Danmark Kongens Vænge 8 3400 Hillerød. A. Personal data Mail to Udbetaling Danmark Kongens Vænge 8 3400 Hillerød Family benefits Information about health insurance country A. Personal data Name Danish civil registration (CPR) number Address Telephone number

More information

Restricted Stock and RSUs. Global Desk Reference

Restricted Stock and RSUs. Global Desk Reference Restricted Stock and RSUs Global Desk Reference GLOBAL DESK REFERENCE RESTRICTED STOCK AND RSUS ABOUT DLA PIPER DLA Piper is a global legal services organization with 4,200 lawyers in 76 offices in 30

More information

Tilburg University. U.S. Subpoenas and European data protection legislation Moerel, Lokke; Jansen, Nani; Koëter, Jeroen

Tilburg University. U.S. Subpoenas and European data protection legislation Moerel, Lokke; Jansen, Nani; Koëter, Jeroen Tilburg University U.S. Subpoenas and European data protection legislation Moerel, Lokke; Jansen, Nani; Koëter, Jeroen Published in: International Data Privacy Law Document version: Preprint (usually an

More information

MSO/IPA Compliance Program

MSO/IPA Compliance Program MSO/IPA Compliance Program PROSPECT MEDICAL HOLDINGS, INC. MSO/IPA COMPLIANCE PROGRAM Coverage The terms of the Compliance Program set forth herein shall apply to, and govern, the medical group business

More information

REPORT FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT AND THE COUNCIL

REPORT FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT AND THE COUNCIL EUROPEAN COMMISSION Brussels, 25.9.2014 COM(2014) 592 final REPORT FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT AND THE COUNCIL on the implementation in the period from 4 December 2011 until 31 December

More information

Accountable Care Organization. Medicare Shared Savings Program. Compliance Plan

Accountable Care Organization. Medicare Shared Savings Program. Compliance Plan Accountable Care Organization Participating In The Medicare Shared Savings Program Compliance Plan 2014 Corporate Location: 3190 Fairview Park Drive Falls Church, VA 22042 ARTICLE I INTRODUCTION This Compliance

More information

Advocating for Campus Survivors Using Title IX: A guide for advocates and attorneys. Amanda Walsh, Esq. Victim Rights Law Center

Advocating for Campus Survivors Using Title IX: A guide for advocates and attorneys. Amanda Walsh, Esq. Victim Rights Law Center Advocating for Campus Survivors Using Title IX: A guide for advocates and attorneys Amanda Walsh, Esq. Victim Rights Law Center 2013 Victim 2014 Rights Victim Law Rights Center. Law Center. All rights

More information

Whistleblower Laws & Internal Investigations: Tactics & Best Practices

Whistleblower Laws & Internal Investigations: Tactics & Best Practices October 2, 2012 Whistleblower Laws & Internal Investigations: Tactics & Best Practices Sue Hastings, Partner Cleveland Labor & Employment Cipriano Beredo, Partner Cleveland Corporate Finance Victor Genecin,

More information

SUTLEJ TEXTILES AND INDUSTRIES LIMITED DOCUMENT PRESERVATION AND RETENTION POLICY

SUTLEJ TEXTILES AND INDUSTRIES LIMITED DOCUMENT PRESERVATION AND RETENTION POLICY SUTLEJ TEXTILES AND INDUSTRIES LIMITED DOCUMENT PRESERVATION AND RETENTION POLICY Date: December 1, 2015 Page 1 of 8 Table of Contents 1. Concept 03 1.1 Background 1.2Title&Scope 1.3 Objective of the Policy

More information

LIBERTY Dental Plan Inc.

LIBERTY Dental Plan Inc. LIBERTY Dental Plan Inc. Policies & Procedures: COMPLIANCE PROGRAM DESKTOP COMMERCIAL MEDICAID MEDICARE Responsible Department: Issue Date: Regulatory Affairs & Compliance 11/01/07 Approved By: John Carvelli

More information

UNIVERSAL INSURANCE HOLDINGS, INC. CODE OF BUSINESS CONDUCT AND ETHICS. Revised as of March 3, 2014

UNIVERSAL INSURANCE HOLDINGS, INC. CODE OF BUSINESS CONDUCT AND ETHICS. Revised as of March 3, 2014 I. Statement of Policy UNIVERSAL INSURANCE HOLDINGS, INC. CODE OF BUSINESS CONDUCT AND ETHICS Revised as of March 3, 2014 Universal Insurance Holdings, Inc. ( UIH ) and its subsidiaries (collectively,

More information

Data Protection and Cloud Computing: an Overview of the Legal Issues

Data Protection and Cloud Computing: an Overview of the Legal Issues Data Protection and Cloud Computing: an Overview of the Legal Issues Christopher Kuner Partner, Hunton & Williams, Brussels Research Assistant, University of Copenhagen Nordic IT Law Conference Copenhagen,

More information

Client Privacy Notice (HIPAA)

Client Privacy Notice (HIPAA) Client Privacy Notice (HIPAA) Privacy Statement Northern Human Services is required by law to maintain the privacy of Protected Health Information (PHI) and to provide individuals, this NOTICE OF PRIVACY

More information

AUDIT COMMITTEE WHISTLEBLOWER PROCEDURES

AUDIT COMMITTEE WHISTLEBLOWER PROCEDURES AUDIT COMMITTEE WHISTLEBLOWER PROCEDURES AGRIUM INC. AUDIT COMMITTEE WHISTLEBLOWER PROCEDURES TABLE OF CONTENTS Page PURPOSE... 1 MEANING OF TERMS... 1 PROCEDURES... 1 1. Submission and Receipt of Complaints...

More information

WHISTLEBLOWER POLICY

WHISTLEBLOWER POLICY START COMMUNITY BANK FIRST COMMUNITY BANCORP WHISTLEBLOWER POLICY Divisions/Departments Responsible for Implementation: Audit Committee Senior Management Date Approved by Audit Committee: September 15,

More information

POLICY AND PROCEDURES MANUAL FRAUD, WASTE, AND ABUSE

POLICY AND PROCEDURES MANUAL FRAUD, WASTE, AND ABUSE Page Number: 1 of 7 TITLE: PURPOSE: FRAUD, WASTE, AND ABUSE The Harris County Hospital District implemented a Corporate Compliance Program in an effort to establish effective internal controls that promote

More information

The Association of Professional Compliance Consultants Professional Standards for Member Firms

The Association of Professional Compliance Consultants Professional Standards for Member Firms These Professional Standards were adopted by the Association with effect from 9 March 2010. The purpose of these Standards is to provide guidance to Members Firms on the minimum standards that the Association

More information

Multi-Jurisdictional Study: Cloud Computing Legal Requirements. Julien Debussche Associate January 2015

Multi-Jurisdictional Study: Cloud Computing Legal Requirements. Julien Debussche Associate January 2015 Multi-Jurisdictional Study: Cloud Computing Legal Requirements Julien Debussche Associate January 2015 Content 1. General Legal Framework 2. Data Protection Legal Framework 3. Security Requirements 4.

More information

GSK Public policy positions

GSK Public policy positions Safeguarding Personally Identifiable Information A Summary of GSK s Binding Corporate Rules The Issue The processing of Personally Identifiable Information (PII) 1 and Sensitive Personally Identifiable

More information

Internal Investigations of Whistleblower Complaints and Dealing with the Whistleblower Employee Bob Rhoad Kris Meade

Internal Investigations of Whistleblower Complaints and Dealing with the Whistleblower Employee Bob Rhoad Kris Meade Fox in the Hen House Internal Investigations of Whistleblower Complaints and Dealing with the Whistleblower Employee Bob Rhoad Kris Meade Whistleblowing Growth Industry in Healthcare Healthcare Fraud Represents

More information

ACNB CORPORATION & SUBSIDIARIES BOARD AUDIT COMMITTEE CHARTER

ACNB CORPORATION & SUBSIDIARIES BOARD AUDIT COMMITTEE CHARTER ACNB CORPORATION & SUBSIDIARIES BOARD AUDIT COMMITTEE CHARTER ORGANIZATION The Audit Committee is a committee of independent members of the Board of Directors. Its function is to assist the Board in fulfilling

More information

Michigan State University Office of Institutional Equity COMPLAINT PROCEDURES

Michigan State University Office of Institutional Equity COMPLAINT PROCEDURES Michigan State University Office of Institutional Equity COMPLAINT PROCEDURES The Office of Institutional Equity ( OIE ) is responsible for ensuring the University s compliance with federal and state laws

More information

POLICY ON DATA PROTECTION AND PRIVACY OF PERSONAL DATA

POLICY ON DATA PROTECTION AND PRIVACY OF PERSONAL DATA PURPOSE: POLICY ON DATA PROTECTION AND PRIVACY OF PERSONAL DATA This Policy sets forth how the Company will manage the Personal Data that it collects in the normal course of business. SCOPE: This Policy

More information

1. TYPES OF INFORMATION WE COLLECT.

1. TYPES OF INFORMATION WE COLLECT. PRIVACY POLICY GLOBAL ASSESSOR POOL, LLC, DBA PINSIGHT ( Company or we or us ) is committed to protecting your privacy. We prepared this Privacy Policy to describe our practices regarding the information

More information

Welcome to ChiroCare s Fourth Annual Fall Business Summit. October 3, 2013

Welcome to ChiroCare s Fourth Annual Fall Business Summit. October 3, 2013 Welcome to ChiroCare s Fourth Annual Fall Business Summit October 3, 2013 HIPAA Compliance Regulatory Overview & Implementation Tips for Providers Agenda Green packet Overview of general HIPAA terms and

More information

Patti Levin, LICSW, Psy.D. Clinical Psychologist

Patti Levin, LICSW, Psy.D. Clinical Psychologist Patti Levin, LICSW, Psy.D. Clinical Psychologist 673 Boylston St. #4. 617.227.2008 Boston, MA02116 fax: 617.247.7523 www.drpattilevin.com email:patti@drpattilevin.com Notice of Privacy Practices (HIPAA)

More information

Records and Information Management and Retention

Records and Information Management and Retention Records and Information Management and Retention Association of Corporate Counsel Nonprofit Organizations Committee Legal Quick Hit March 13, 2012 3 pm ET W. Warren Hamel Venable LLP 750 E. Pratt St. Baltimore,

More information