The Art of Constructing Global Whistleblowing Programmes
|
|
- Edwin Johnston
- 8 years ago
- Views:
Transcription
1 The Art of Constructing Global Whistleblowing Programmes Mark E. Schreiber Chair, Privacy & Data Protection Group Steering Committee Edwards Wildman Palmer LLP 111 Huntington Avenue Boston, MA Suzanne Rodway Group Head of Privacy Royal Bank of Scotland Legal Level 5/Premier Place 2½ Devonshire Square / EC2M, 4BA 44 (0) Suzanne.rodway@rbs.com 2013 Edwards Wildman Palmer LLP & Edwards Wildman Palmer UK LLP
2 SOX and FCPA Hotlines SOX and U.S. stock exchange regulations require: mandatory code of conduct confidential, anonymous submission of concerns regarding questionable accounting or auditing receipt, retention and treatment of complaints apply outside U.S. to ensure reporting Variety of permissible methods to submit complaints phone or hotline, , mail, fax, drop-boxes Enhanced enforcement of FCPA, more than 100 ongoing DOJ investigations Industry wide investigations Spanning numerous countries 2
3 FCPA/SOX Hotline and Due Diligence Dilemmas FCPA hotline voluntary Often same telephone number/ as SOX ones Clash: French and German cases held U.S. company proposed whistleblowing schemes unlawful historical concern over informants numerous protections added few actual calls 3
4 General Resolution of EU Hotline Issues Political compromise reached Art. 29 Working Party issued guidelines: allows anonymous reporting under certain conditions SEC and Art. 29 letters workinggroup/wpdocs/2006-others_en.htm Prior non-compliance/ too hard to comply Now compliance possible and practical 4
5 What is the Goal? Rigorous compliance with FCPA/SOX Simultaneous compliance with E.U. data protection laws good faith compliance effort consistent with Art. 29 Working Party, CNIL and other guidelines SOX/FCPA Code of Conduct and anonymous reporting obligations Art. 29 W.P., CNIL and other E. U. country whistleblower guidelines E.U. data protection laws E.U. data protection laws 5
6 Where to Find What is Required by EU and Other Countries World Law Group Global Guide to Whistleblowing Programs, CNIL Guidelines, FAQ s CNIL on-line authorization Decision and forms (click on: Publications, Practice, Privacy) Dutch, Belgium guidelines and Spanish DPA whistleblower consult German guidelines (click on: Publications, Practice, Privacy) 6
7 Where to Find What is Required by EU and Other Countries Irish guidelines Swedish guidelines endast-chefer-och-andra-nyckelpersoner-far-anmalas-medwhistleblowing/ Danish guidelines Hungarian whistleblower law amendments Portuguese guidelines Deliberação Nº 765/2009 7
8 What Does This Process Take for Multi-National Companies? Reconfigure E.U. whistleblower mechanism new E.U. whistleblower protocol without disturbing Code of Conduct / Ethics or FCPA policy New E.U. whistleblower procedure addendum by country New E.U. employee notice of whistleblower program usually requires translation 8
9 What Will This Process Take? Procedure on pan-european basis adaptations/addendum by E.U./EEA or other country where company has operations Data Controller registration ( notification ) with Data Protection Authorities (DPAs) UK routine notifications (failure to do so is per se criminal offense) France, Belgium, Holland relatively easy Poland, Spain, Portugal, Bulgaria, Hungary more complex Russia probably Due diligence program may also require DPA notification depending on country Effect of New EU data protection regulation? 9
10 What Will This Process Take? Timelines of implementation: at least 6 months from start might take a year or more depending on number of countries draft helpline procedure and notice highlight country differences and addendum review by E.U. local counsel translation of documents, at least employee notices works council negotiations for WB programs DPA notifications appoint country data protection officers, e.g., in Germany, France, Switzerland so no DPA notification create/adjust training modules adapt investigatory procedures 10
11 What Will This Process Take? How do you handle hotline (or due diligence) in E.U. in the interim? leave on and operate? if reports, adhere to E.U. country data protection requirements in one-off events disable in all or some E.U. countries? France, Germany, Spain and elsewhere? SEC/FCPA compliance? work to adapt it? good faith efforts proof of activity companies must now address about data protection 11
12 What Will This Process Take? Who makes this decision in your company? others buy-in team in-house counsel (U.S. and E.U.) and staff, including compliance dept. outside counsel in both U.S. and E.U. countries combination 3rd Party Hotline Vendor usage mechanisms various levels of hotline interfaces and/or assistance very sophisticated already contract terms required by Art. 29, CNIL, etc. 12
13 Implementation Issues What is Required by E.C.? Narrowed SOX code proportionality audit, accounting, fraud, financial irregularities healthcare compliance FCPA example: If narrowed, in France click-through authorization no further CNIL review real policy work behind scenes like U.S. Safe Harbor if broad, in France, regular CNIL review 2 mos. unless further docs. requested Unlikely approval for employment matters 13
14 Implementation Issues What is Required by E.C.? Complaints outside scope some may be taken in on hotline but have to be immediately referred to other department and then archived or deleted serious matters / vital interests of company No longer allowed under French single authorization June 7, 2011 CNIL deadline for single authorization 004 changes physical / emotional safety (moral integrity) of employees threats of violence, assault, murder slightly better under German guidelines Austria, Portugal only allow SOX/anti-corruption subject matter 14
15 Implementation Issues What is Required by E.C.? Anonymity available not required or encouraged SEC says cannot discourage admonitions necessary careful drafting reporting availability to supervisors / managers whistleblower reporting not mandatory Spain and Portugal no anonymous complaints confidential complaints OK need for local counsel alternatives 15
16 Implementation Issues What is Required by E.C.? Notice to employees of program existence, purpose and functioning in local language, e.g., requirement in French labor code wait until program materials almost complete before translation 16
17 Implementation Issues What is Required by E.C.? Prompt notification to accused of: entity, facts accused of, departments might receive reports, how to exercise rights of access and rectification delay exception for evidence preservation, (computer back-up, imaging hard drive, etc.) applied restrictively on case by case basis how will this work in practice? not identity of whistleblower 17
18 Implementation Issues What is Required by E.C.? Right of accused to access and correct or rectify data incorrect, incomplete or inaccurate data limited access rights only about data subject may be restricted on case by case basis to ensure rights of others Data transfer to U.S. from E.U. locale disclosures within group at what level and in what country? cross-border transfer solutions not new, applies to all employee, customer and other personal data 18
19 Implementation Issues What is Required by E.C.? Data retention periods and archiving easy to say, hard to implement unsubstantiated deleted or archived immediately 2 mos. after conclusion of investigation unless discipline against accused other litigation potential SEC matters Archival / Blocking access controls on archived databases matrix of time frames by event some countries insist on deletion or destruction what does this mean in electronic context? 19
20 Implementation Issues What is Required by E.C.? Notify and/or negotiate with Works Council minimum number of employees in some countries sometimes historical or political issues Germany right of co-determination factor into lead time 20
Ethical hotlines and whistleblowing ensuring businesses are not in conflict with local laws
Ethical hotlines and whistleblowing ensuring businesses are not in conflict with local laws 16 January 2014 Robert Bond, CCEP Partner and Notary Public Our Team Speechly Bircham is an ambitious, full-service
More informationOUTSOURCING, HOSTING AND DATA PRIVACY ISSUES
OUTSOURCING, HOSTING AND DATA PRIVACY ISSUES 4 April 2013 James Castro-Edwards Solicitor Monica Salgado Advogada / Portuguese Lawyer OUR TEAM Speechly Bircham is an ambitious, full-service law firm with
More informationHOW TO HANDLE A WHISTLEBLOWER REPORT IN THE EU
HOW TO HANDLE A WHISTLEBLOWER REPORT IN THE EU 10 April 2014 Monica Salgado Advogada registered with the Portuguese Ordem dos Advogados Registered European Lawyer with the SRA Kirsti Laird Solicitor, (qualified
More informationLaunching a Whistleblower Hotline Across Europe
WhitePaper Launching a Whistleblower Hotline Across Europe 10/15/12 Table of Contents Abstract. 2 Issues Faced by Multinationals When Launching a European Hotline..2 Three-Step Process for Developing a
More informationPHI Air Medical, L.L.C. Compliance Plan
Page No. 1 of 13 Introduction: The PHI Air Medical, L.L.C. is to be used by employees, contractors and vendors to get a high level understanding of the key regulatory requirements relating to our participation
More informationTITLE: Scripps Compliance Program
PAGE 1 of 7 TITLE: Scripps Compliance Program IDENTIFIER: S-FW-LD-1003 APPROVED: Executive Cabinet 08/14/12 ORIGINAL FORMULATION: 11/00 REVISED: 02/06, 11/06, 10/09, 08/12 REVIEWED: EFFECTIVE: Acute Care:
More informationTHE ETHICS HELPLINE Worldwide Dialing Instructions April 2012
COUNTRY DIALING INSTRUCTIONS US, Canada and Virgin Islands The Ethics Helpline is always available, 24/7/365 888 478 6858 (Dialing instructions for other jurisdictions follow) Coming soon internet reporting
More informationEU Data Protection Directive and U.S. Safe Harbor Framework: An Employer Update. By Stephen H. LaCount, Esq.
EU Data Protection Directive and U.S. Safe Harbor Framework: An Employer Update By Stephen H. LaCount, Esq. Overview The European Union Data Protection Directive 95/46/EC ( Directive ) went effective in
More informationAlign Technology. Data Protection Binding Corporate Rules Controller Policy. 2014 Align Technology, Inc. All rights reserved.
Align Technology Data Protection Binding Corporate Rules Controller Policy Contents INTRODUCTION 3 PART I: BACKGROUND AND ACTIONS 4 PART II: CONTROLLER OBLIGATIONS 6 PART III: APPENDICES 13 2 P a g e INTRODUCTION
More informationINTERNATIONAL SOS. Data Protection Policy. Version 1.05
INTERNATIONAL SOS Data Protection Policy Document Owner: LCIS Division Document Manager: Group General Counsel Effective: December 2008 Revised: 2015 All copyright in these materials are reserved to AEA
More informationIMMUNOTEC INC. AUDIT AND DISCLOSURE POLICY MANAGEMENT COMMITTEE CHARTER AND WHISTLEBLOWER POLICY
IMMUNOTEC INC. AUDIT AND DISCLOSURE POLICY MANAGEMENT COMMITTEE CHARTER AND WHISTLEBLOWER POLICY ORGANIZATION There shall be a committee of the Board of Directors of the Corporation (the Board ) to be
More information7.08.2 Privacy Rules for Customer, Supplier and Business Partner Data. Directive 7.08 Protection of Personal Data
Akzo Nobel N.V. Executive Committee Rules 7.08.2 Privacy Rules for Customer, Supplier and Business Partner Data Source Directive Content Owner Directive 7.08 Protection of Personal Data AkzoNobel Legal
More informationGUIDANCE FOR MANAGING THIRD-PARTY RISK
GUIDANCE FOR MANAGING THIRD-PARTY RISK Introduction An institution s board of directors and senior management are ultimately responsible for managing activities conducted through third-party relationships,
More informationPersonal information, for purposes of this Policy, includes any information which relates to an identified or an identifiable person.
PART I: INTRODUCTION AND BACKGROUND Purpose This Data Protection Binding Corporate Rules Policy ( Policy ) establishes the approach of Fluor to compliance with European data protection law and specifically
More informationGlobal investigations: what employers need to know about investigating employees
Global investigations: what employers need to know about investigating employees Plan carefully to minimise riskbe su Given increasing globalisation, multinational companies are facing new levels of risk.
More informationBRITISH COUNCIL DATA PROTECTION CODE FOR PARTNERS AND SUPPLIERS
BRITISH COUNCIL DATA PROTECTION CODE FOR PARTNERS AND SUPPLIERS Mat Wright www.britishcouncil.org CONTENTS Purpose of the code 1 Scope of the code 1 The British Council s data protection commitment and
More informationData Protection in Ireland
Data Protection in Ireland 0 Contents Data Protection in Ireland Introduction Page 2 Appointment of a Data Processor Page 2 Security Measures (onus on a data controller) Page 3 8 Principles Page 3 Fair
More informationBriefly summarised, SURFmarket has submitted the following questions to the Dutch DPA:
UNOFFICIAL TRANSLATION Written opinion on the application of the Wet bescherming persoonsgegevens [Dutch Data Protection Act] in the case of a contract for cloud computing services from an American provider
More informationCOUNTY OF ORANGE DEPARTMENT OF HEALTH. Corporate Compliance Plan
COUNTY OF ORANGE DEPARTMENT OF HEALTH Corporate Compliance Plan COUNTY OF ORANGE DEPARTMENT OF HEALTH CORPORATE COMPLIANCE PLAN I. Corporate Compliance Plan It is the policy of the Orange County Department
More informationINSTITUTIONAL COMPLIANCE PLAN
INSTITUTIONAL COMPLIANCE PLAN Responsible Party: Board of Trustees Contact: Institutional Compliance Office Original Effective Date: 02/16/2012 Last Revised Date: 10/13/2014 Contents I. SCOPE OF THE PLAN...
More informationMondelez International Moves to Electronic Invoicing
Mondelez International Moves to Electronic Invoicing Dear Sir / Madam As part of Mondelez International ongoing efforts to improve our service, we are phasing out paper processes by moving to electronic
More informationUser tracking: Scope and Implementation eprivacy Directive Article 5(3)
User tracking: Scope and Implementation eprivacy Directive Article 5(3) Email Sender & Provider Coalition April 3, 2012 Presented By Karin Retzer 2012 Morrison & Foerster LLP All Rights Reserved mofo.com
More informationInformation Security Risks when going cloud. How to deal with data security: an EU perspective.
Separating fact from fiction about new software licensing /SaaS/ cloud computing models: advantages, disadvantages and ethical implications. Information Security Risks when going cloud. How to deal with
More informationData and Cyber Laws Up-date 9 July 2015
Data and Cyber Laws Up-date 9 July 2015 Janine Regan Alexia Zuber Viktoria Protokova Simon Holdsworth charlesrussellspeechlys.com Topics Updates on the key aspects of, and commentary on, the proposed GDPR
More informationCOMPLIANCE PROGRAM GUIDANCE FOR MEDICARE FEE-FOR-SERVICE CONTRACTORS
Department of Health and Human Services CENTERS FOR MEDICARE & MEDICAID SERVICES COMPLIANCE PROGRAM GUIDANCE FOR MEDICARE FEE-FOR-SERVICE CONTRACTORS March 2005 TABLE OF CONTENTS INTRODUCTION...3 ELEMENTS
More informationInhouse Masterclass: Data Developments - Cyber Security & the Right to be Forgotten. MHC.ie
Inhouse Masterclass: Data Developments - Cyber Security & the Right to be Forgotten MHC.ie Rewriting the Past Oisin Tobin otobin@mhc.ie Agenda 1. Background 2. Findings and impact: a) Jurisdiction b) A
More informationProcessor Binding Corporate Rules (BCRs), for intra-group transfers of personal data to non EEA countries
Processor Binding Corporate Rules (BCRs), for intra-group transfers of personal data to non EEA countries Sopra HR Software as a Data Processor Sopra HR Software, 2014 / Ref. : 20141120-101114-m 1/32 1.
More informationCloud computing and personal data protection. Gwendal LE GRAND Director of technology and innovation CNIL
Cloud computing and personal data protection Gwendal LE GRAND Director of technology and innovation CNIL 1 Data protection in Europe Directive 95/46/EC Loi 78-17 du 6 janvier 1978 amended in 2004 (France)
More informationSummary of Data Protection Requirements When transferring Data Outside the UK End Users
Summary of Data Protection Requirements When transferring Data Outside the UK End Users 14 May 2010 Background to transfers of the Data outside the UK Data can be transferred in a couple of ways in relation
More informationTilburg University. U.S. Subpoenas and European data protection legislation Moerel, Lokke; Jansen, Nani; Koëter, Jeroen
Tilburg University U.S. Subpoenas and European data protection legislation Moerel, Lokke; Jansen, Nani; Koëter, Jeroen Published in: International Data Privacy Law Document version: Preprint (usually an
More informationBOARD OF DIRECTORS COMMUNICATION POLICY. Adopted February 25, 2015
1. Policy Statement BOARD OF DIRECTORS COMMUNICATION POLICY Adopted February 25, 2015 Tribune Media Company (the Company ) values the input and insights of its stockholders and other interested parties
More informationAlign Technology. Data Protection Binding Corporate Rules Processor Policy. 2014 Align Technology, Inc. All rights reserved.
Align Technology Data Protection Binding Corporate Rules Processor Policy Confidential Contents INTRODUCTION TO THIS POLICY 3 PART I: BACKGROUND AND ACTIONS 4 PART II: PROCESSOR OBLIGATIONS 6 PART III:
More informationTax-Exempt Organizations Alert: Whistleblower Policies
Tax-Exempt Organizations Alert: Whistleblower Policies Form 990, the annual information return form filed by public charities and other tax-exempt organizations, asks nonprofit organizations to state whether
More informationResponse to the European Commission s consultation on the legal framework for the fundamental right to protection of personal data
Stockholm: Göteborg: Malmö: 105 24 Stockholm Box 57 Box 4221 Fax 08 640 94 02 401 20 Göteborg 203 13 Malmö Plusgiro: 12 41-9 Org. Nr: 556134-1248 www.intrum.se Bankgiro: 730-4124 info@se.intrum.com Response
More informationDodd-Frank s Whistleblower Bounty Provisions: The First Wave of Tips Filed with the SEC and What Public Companies Should Do Now
Dodd-Frank s Whistleblower Bounty Provisions: The First Wave of Tips Filed with the SEC and What Public Companies Should Do Now Mike Delikat, ORRICK (mdelikat@orrick.com; 212.5065230) The Dodd-Frank Act
More informationAlliance for Better Health Care, LLC
Alliance for Better Health Care, LLC ORGANIZATIONAL POLICY FALSE CLAIMS ACT AND WHISTLEBLOWER PROVISIONS Page 1 of 5 EFFECTIVE DATE: NUMBER: March 2015 ORIGINATOR: Corporate Compliance Officer CONCURRENCE:
More informationThe potential legal consequences of a personal data breach
The potential legal consequences of a personal data breach Tue Goldschmieding, Partner 16 April 2015 The potential legal consequences of a personal data breach 15 April 2015 Contents 1. Definitions 2.
More informationBAPTIST HEALTH CORPORATE COMPLIANCE PLAN
BAPTIST HEALTH CORPORATE COMPLIANCE PLAN BAPTIST HEALTH and its subsidiaries have a long-standing reputation for conducting both business and patient care activities with the highest level of ethical behavior
More informationRestricted Stock and RSUs. Global Desk Reference
Restricted Stock and RSUs Global Desk Reference GLOBAL DESK REFERENCE RESTRICTED STOCK AND RSUS ABOUT DLA PIPER DLA Piper is a global legal services organization with 4,200 lawyers in 76 offices in 30
More informationAppendix 11 - Swiss Data Protection Act
GLEIF- LOU Restricted Appendix 11 - Swiss Data Protection Act GLEIF Revision Version: 1.0 2015-09-23 Master Copy page 2 of 11 Applicable Provisions of the Swiss Data Protection Act (DPA) including the
More informationStock Options. Global Desk Reference
Stock Options Global Desk Reference GLOBAL EQUITY DESK REFERENCE STOCK OPTIONS ABOUT DLA PIPER DLA Piper is a global legal services organization with 4,200 lawyers in 76 offices in 30 countries across
More informationWho s next after TalkTalk?
Who s next after TalkTalk? Frequently Asked Questions on Cyber Risk Fraud threat to millions of TalkTalk customers TalkTalk cyber-attack: website hit by significant breach These are just two of the many
More informationCPA Global North America LLC SAFE HARBOR PRIVACY POLICY. Introduction
CPA Global North America LLC SAFE HARBOR PRIVACY POLICY Introduction CPA Global North America LLC ( CPA Global ) is the US affiliate of the world's leading intellectual property (IP) management and IP
More informationUniversity of Liverpool Online Programmes - Privacy Policy for Visitors and Students
University of Liverpool Online Programmes - Privacy Policy for Visitors and Students PLEASE NOTE: The following privacy terms relate to the University of Liverpool s online programmes and not The University
More informationConnecticut Pipe Trades Health Fund Privacy Notice. 2013 Restatement
Connecticut Pipe Trades Health Fund Privacy Notice 2013 Restatement Section 1: Purpose of This Notice and Effective Date THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED
More informationWhistleblower Laws & Internal Investigations: Tactics & Best Practices
October 2, 2012 Whistleblower Laws & Internal Investigations: Tactics & Best Practices Sue Hastings, Partner Cleveland Labor & Employment Cipriano Beredo, Partner Cleveland Corporate Finance Victor Genecin,
More informationConnecticut Carpenters Health Fund Privacy Notice
Connecticut Carpenters Health Fund Privacy Notice THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
More informationGSK Public policy positions
Safeguarding Personally Identifiable Information A Summary of GSK s Binding Corporate Rules The Issue The processing of Personally Identifiable Information (PII) 1 and Sensitive Personally Identifiable
More informationCorporate Policy. Data Protection for Data of Customers & Partners.
Corporate Policy. Data Protection for Data of Customers & Partners. 02 Preamble Ladies and gentlemen, Dear employees, The electronic processing of virtually all sales procedures, globalization and growing
More informationPrivacy & Data Security: The Future of the US-EU Safe Harbor
Privacy & Data Security: The Future of the US-EU Safe Harbor NAOMI MCBRIDE, LISA J. SOTTO AND BRIDGET TREACY, HUNTON & WILLIAMS LLP, WITH PRACTICAL LAW US INTELLECTUAL PROPERTY & TECHNOLOGY AND UK IP&IT
More informationSAFE HARBOR PRIVACY NOTICE EFFECTIVE: July 1, 2005 AMENDED: July 15, 2014
SAFE HARBOR PRIVACY NOTICE EFFECTIVE: July 1, 2005 AMENDED: July 15, 2014 This Notice sets forth the principles followed by United Technologies Corporation and its operating companies, subsidiaries, divisions
More informationCompliance Plan False Claims Act & Whistleblower Provisions Purpose/Policy/Procedures
CATHOLIC CHARITIES OF THE ROMAN CATHOLIC DIOCESE OF SYRACUSE, NY and TOOMEY RESIDENTIAL AND COMMUNITY SERVICES Compliance Plan False Claims Act & Whistleblower Provisions Purpose/Policy/Procedures Purpose:
More informationa. employees Company; or
Code of Busines ss Conduct and Ethics 1. Introduction a. This Code of Business Conduct and Ethics (the Code ) applies to all directors, officers, employees and third parties employed or directly engaged
More informationWhistleblower. Category: Governance Number: Audience: All University Employees and Board of Governors Issued: February 10, 2014
Whistleblower Category: Governance Number: Audience: All University Employees and Board of Governors Issued: February 10, 2014 Owner: President Approved by: Board of Governors Contact: Secretary to the
More informationThe ADT Corporation. Audit Committee Charter. December 2014
The ADT Corporation Audit Committee Charter December 2014 1 TABLE OF CONTENTS Purpose... 3 Authority... 3 Composition... 3 Meetings... 3 Responsibilities... 4 Financial Statements... 4 External Audit...
More informationCLOUD COMPUTING Contractual and data protection aspects
CLOUD COMPUTING Contractual and data protection aspects Cloudscape VI 25 February 2014, Bruxelles Paolo Balboni Ph.D., Founding Partner, ICT Legal Consulting Domenico Converso LL.M., Senior Associate,
More informationFraud, Waste and Abuse Prevention and Education Policy
Corporate Compliance Fraud, Waste and Abuse Prevention and Education Policy The Compliance Program at the Cortland Regional Medical Center (CRMC) demonstrates our commitment to uphold all federal and state
More informationUNIVERSITY COMPLIANCE PLAN
UNIVERSITY COMPLIANCE PLAN Objectives of the Compliance Program The University Compliance Program provides a proactive program that ensures full compliance with all applicable policies, procedures, laws
More informationPrivacy Policy. February, 2015 Page: 1
February, 2015 Page: 1 Revision History Revision # Date Author Sections Altered Approval/Date Rev 1.0 02/15/15 Ben Price New Document Rev 1.1 07/24/15 Ben Price Verify Privacy Grid Requirements are met
More informationAccountable Care Organization. Medicare Shared Savings Program. Compliance Plan
Accountable Care Organization Participating In The Medicare Shared Savings Program Compliance Plan 2014 Corporate Location: 3190 Fairview Park Drive Falls Church, VA 22042 ARTICLE I INTRODUCTION This Compliance
More informationLATISYS SAFE HARBOR POLICY
LATISYS SAFE HARBOR POLICY Latisys Corporation ( Latisys or Company ), a wholly-owned subsidiary of Zayo Group, LLC, is a global provider of bandwidth infrastructure services, including dark fiber, wavelengths,
More informationINDIANA UNIVERSITY SCHOOL OF OPTOMETRY HIPAA COMPLIANCE PLAN TABLE OF CONTENTS. I. Introduction 2. II. Definitions 3
INDIANA UNIVERSITY SCHOOL OF OPTOMETRY HIPAA COMPLIANCE PLAN TABLE OF CONTENTS I. Introduction 2 II. Definitions 3 III. Program Oversight and Responsibilities 4 A. Structure B. Compliance Committee C.
More informationVermont Global Trade Partnership - 1 - Topic: Exporting Software to the E.U. Summary
BY: John Holden, Research Assistant EDITED BY: Ariana Monti, International Trade Specialist Summary This document provides a general overview of the issues surrounding the sale of software to countries
More informationMATTHEWS INTERNATIONAL CORPORATION
MATTHEWS INTERNATIONAL CORPORATION U.S. FOREIGN CORRUPT PRACTICES ACT COMPLIANCE POLICY INTRODUCTION Principles Underlying the United States Foreign Corrupt Practices Act ( FCPA ). The FCPA s Anti-Bribery
More informationMulti-Jurisdictional Study: Cloud Computing Legal Requirements. Julien Debussche Associate January 2015
Multi-Jurisdictional Study: Cloud Computing Legal Requirements Julien Debussche Associate January 2015 Content 1. General Legal Framework 2. Data Protection Legal Framework 3. Security Requirements 4.
More informationAcquia Comments on EU Recommendations for Data Processing in the Cloud
Acquia Comments on EU Recommendations for Data Processing in the Cloud Executive Summary On July 1, 2012, European Union (EU) data protection regulators provided guidelines for service providers processing
More informationFamily benefits Information about health insurance country. Udbetaling Danmark Kongens Vænge 8 3400 Hillerød. A. Personal data
Mail to Udbetaling Danmark Kongens Vænge 8 3400 Hillerød Family benefits Information about health insurance country A. Personal data Name Danish civil registration (CPR) number Address Telephone number
More informationAUDIT COMMITTEE CHARTER THE BOARD OF DIRECTORS OF ALLIANCE SEMICONDUCTOR CORPORATION
AUDIT COMMITTEE CHARTER THE BOARD OF DIRECTORS OF ALLIANCE SEMICONDUCTOR CORPORATION PURPOSE The Audit Committee (the Committee ) of Alliance Semiconductor Corporation (the Company ) is chartered to oversee
More informationPROCEDURES FOR REPORTING BY EMPLOYEES OF COMPLAINTS AND CONCERNS REGARDING QUESTIONABLE ACTS
PROCEDURES FOR REPORTING BY EMPLOYEES OF COMPLAINTS AND CONCERNS REGARDING QUESTIONABLE ACTS Adopted by the Board of Directors on August 12, 2009 Last updated January 21, 2015 These Procedures replace
More informationPOLICY ON DATA PROTECTION AND PRIVACY OF PERSONAL DATA
PURPOSE: POLICY ON DATA PROTECTION AND PRIVACY OF PERSONAL DATA This Policy sets forth how the Company will manage the Personal Data that it collects in the normal course of business. SCOPE: This Policy
More informationCORPORATE RECORD RETENTION IN AN ELECTRONIC AGE (Outline)
CORPORATE RECORD RETENTION IN AN ELECTRONIC AGE (Outline) David J. Chavolla, Esq. and Gary L. Kemp, Esq. Casner & Edwards, LLP 303 Congress Street Boston, MA 02210 A. Document and Record Retention Preservation
More informationACNB CORPORATION & SUBSIDIARIES BOARD AUDIT COMMITTEE CHARTER
ACNB CORPORATION & SUBSIDIARIES BOARD AUDIT COMMITTEE CHARTER ORGANIZATION The Audit Committee is a committee of independent members of the Board of Directors. Its function is to assist the Board in fulfilling
More informationGENERAL ELECTRIC COMPANY EMPLOYMENT DATA PROTECTION STANDARDS
GENERAL ELECTRIC COMPANY EMPLOYMENT DATA PROTECTION STANDARDS December 2005 2 GENERAL ELECTRIC COMPANY EMPLOYMENT DATA PROTECTION STANDARDS I. OBJECTIVE... 1 II. SCOPE... 1 III. APPLICATION OF LOCAL LAWS...
More informationCORPORATE COMPLIANCE PROGRAM
CORPORATE COMPLIANCE PROGRAM BACKGROUND AND POLICY: The Oakwood Accountable Care Organization, LLC. ( ACO ) corporate policy relating to compliance with applicable laws and regulations is embodied in this
More informationPrivacy Rules for Customer, Supplier and Business Partner Data
Privacy Rules for Customer, Supplier and Business Partner Data Contact details Philips Privacy Office c/o Philips International BV, Amstelplein 2, 1096 BC, the Netherlands. E-mail: Philips_Privacy_Office@philips.com
More informationTABLE OF CONTENTS. Maintaining the Quality and Integrity of Information. Notification of an Information Security Incident
AGREEMENT BETWEEN THE UNITED STATES OF AMERICA AND THE EUROPEAN UNION ON THE PROTECTION OF PERSONAL INFORMATION RELATING TO THE PREVENTION, INVESTIGATION, DETECTION, AND PROSECUTION OF CRIMINAL OFFENSES
More informationSummary of facts on the legal guaranty of conformity and commercial warranties
Summary of facts on the legal guaranty of conformity and commercial warranties Main legal sources: Directive 1999/44/EC on sale of consumer goods and associated guarantees and Directive 2011/83/EU on consumer
More informationWHISTLEBLOWER POLICY
START COMMUNITY BANK FIRST COMMUNITY BANCORP WHISTLEBLOWER POLICY Divisions/Departments Responsible for Implementation: Audit Committee Senior Management Date Approved by Audit Committee: September 15,
More informationData Protection and Cloud Computing: an Overview of the Legal Issues
Data Protection and Cloud Computing: an Overview of the Legal Issues Christopher Kuner Partner, Hunton & Williams, Brussels Research Assistant, University of Copenhagen Nordic IT Law Conference Copenhagen,
More informationDelaware Valley Dermatology Group, LLC 3411 Silverside Road Suite 107, Webster Building Wilmington, DE 19810 Phone: 302-478-8532 Fax: 302-478-8536
Delaware Valley Dermatology Group, LLC 3411 Silverside Road Suite 107, Webster Building Wilmington, DE 19810 Phone: 302-478-8532 Fax: 302-478-8536 Notice of Privacy Practices THIS NOTICE DESCRIBES HOW
More informationRecords and Information Management and Retention
Records and Information Management and Retention Association of Corporate Counsel Nonprofit Organizations Committee Legal Quick Hit March 13, 2012 3 pm ET W. Warren Hamel Venable LLP 750 E. Pratt St. Baltimore,
More informationTABLE OF CONTENTS. University of Northern Colorado
TABLE OF CONTENTS University of Northern Colorado HIPAA Policies and Procedures Page # Development and Maintenance of HIPAA Policies and Procedures... 1 Procedures for Updating HIPAA Policies and Procedures...
More informationFraud-Related Compliance
Fraud-Related Compliance Investigating and Reporting 2015 Association of Certified Fraud Examiners, Inc. Investigations, Reporting, and Compliance Investigations benefit victim organizations by: Recovering
More informationData protection compliance checklist
Data protection compliance checklist What is this checklist for? This checklist is drawn up on the basis of analysis of the relevant provisions of European law. Although European law aims at harmonizing
More informationHow To Be A Successful University
TUSDM Patient Billing and HIPAA Privacy Compliance Program Adopted: 12/14/12 TABLE OF CONTENTS Section 1. Definitions 2. Objectives Page 1 1 3. Oversight Responsibility 2 4. Compliance Procedures for Submitting
More informationREPORT FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT AND THE COUNCIL
EUROPEAN COMMISSION Brussels, 25.9.2014 COM(2014) 592 final REPORT FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT AND THE COUNCIL on the implementation in the period from 4 December 2011 until 31 December
More informationWhistle Blower Policy National Engineering Industries Limited.
Whistle Blower Policy National Engineering Industries Limited. Khatipura Road, Jaipur 302006 Tel: 0141-2223221, Fax: 0141-2221926 Visit us at: www.nbcbearings.com 1 Introduction Our company has adopted
More informationThe SEC's New Whistleblower Program: What It Means for Companies and How to Respond. July 22, 2011
The SEC's New Whistleblower Program: What It Means for Companies and How to Respond July 22, 2011 Agenda Introduction Presentation Questions and Answers (anonymous) Slides now available on front page of
More informationThe SEC s Whistleblower Program Christian Bartholomew June 2012 Sarah Nilson
The SEC s Whistleblower Program Christian Bartholomew June 2012 Sarah Nilson Christian Bartholomew (202) 682-7070 / (305) 416-3763 christian.bartholomew@weil.com Mr. Bartholomew leads the firm s securities
More informationJohnson Controls Privacy Notice
Johnson Controls Privacy Notice Johnson Controls, Inc. and its affiliated companies (collectively Johnson Controls, we, us or our) care about your privacy and are committed to protecting your personal
More informationThe Association of Professional Compliance Consultants Professional Standards for Member Firms
These Professional Standards were adopted by the Association with effect from 9 March 2010. The purpose of these Standards is to provide guidance to Members Firms on the minimum standards that the Association
More informationADMINISTRATIVE POLICY SECTION: CORPORATE COMPLIANCE Revised Date: 2/26/15 TITLE: FALSE CLAIMS ACT & WHISTLEBLOWER PROVISIONS
Corporate Compliance Plan AD-819-0 Reporting of Compliance Concerns & Non-retaliation AD-807-0 Compliance Training Policy CFC ADMINISTRATIVE POLICY AD-819-1 SECTION: CORPORATE COMPLIANCE Revised Date:
More information<Choose> Addendum Windows Azure Data Processing Agreement Amendment ID M129
Addendum Amendment ID Proposal ID Enrollment number Microsoft to complete This addendum ( Windows Azure Addendum ) is entered into between the parties identified on the signature form for the
More informationStandard: Information Security Incident Management
Standard: Information Security Incident Management Page 1 Executive Summary California State University Information Security Policy 8075.00 states security incidents involving loss, damage or misuse of
More informationData protection issues on an EU outsourcing
Data protection issues on an EU outsourcing Saam Golshani, Alastair Gorrie and Diego Rigatti, Orrick Herrington & Sutcliffe www.practicallaw.com/8-380-8496 Outsourcing can mean subcontracting a process
More informationRESPONDING TO SEC AND DOJ INVESTIGATIONS
RESPONDING TO SEC AND DOJ INVESTIGATIONS Charles R. Parker Gregory C. Hill INTERNAL AND GOVERNMENT INVESTIGATIONS LOCKE LIDDELL & SAPP LLP Houston, Texas 1 What Triggers an SEC Investigation? Whistle-Blower
More informationUpdate approved by the Board of Directors of Fiat S.p.A. May 2, 2014. 2014 Fiat Group Whistleblowing Procedure
Update approved by the Board of Directors May 2, 2014 2014 Fiat Group 2 Fiat Group Contents 1. Foreword... 3 2. Applicable external and in-house regulations... 3 3. Duties and responsibilities... 3 4.
More informationCopyright 2014 Nymity Inc. All Rights Reserved.
This sample Benchmarks Report represents a real-world example of Your Privacy Management Status Report based on a mature privacy program in a non-north American organization within the public sector. Copyright
More informationCode of Conduct and Ethics Effective December 17, 2014 Page 1 of 14. Code of Conduct and Ethics
Code of Conduct and Ethics Effective December 17, 2014 Page 1 of 14 Code of Conduct and Ethics Code of Conduct and Ethics Effective December 17, 2014 Page 2 of 14 TABLE OF CONTENTS Chief Executive Officers
More information