Looking for something in particular?

• Sox Attorney Home
• SOX Requirements
• About
• SOX Claim Process
• SOX Regulations & Exposure

Data Privacy Laws: Dual Compliance Issues for Multi-National Companies

April 3, 2008 | Leave a Comment

European Union And United States Data Privacy Laws 

 In a very well reasoned and comprehensive article  published this month in the Metropolitan Corporate Counsel, the differing approaches taken by the United States and the European Union towards data privacy issues was discussed. The article cautions Multi-National companies based in the United States may be subject to both. 

The article points out the fundamental differences in the two regulatory  approaches to data privacy. The United States takes a different approach to privacy from that taken by the European Union. The United States uses a sectoral approach that relies on a mix of legislation, regulation, and self-regulation. The European Union, however, relies on comprehensive legislation that, for example, requires creation of government data protection agencies, registration of data bases with those agencies, and in some instances prior approval before personal data processing may begin.”

 Potential For Conflict

The article explains that Sarbanes-Oxley law and regulations may conflict with both the requirements of the EU Directive and the law of individual nations. Sarbanes-Oxley, for example, requires public companies to establish a method for employees to report anonymously on possible financial improprieties and to develop a company code of ethical conduct. International application of the resulting policies has created conflicts with the law of various EU nations. Recent decisions in France and Germany have invalidated anonymous reporting hotlines.

The hotlines may also be problematic for the EU Directive to the extent a European employee’s personal data is transferred back to the home office back in the States. Other areas where compliance with U.S. law may create conflicts with EU law is:  outsourcing; and efforts to investigate terrorist activities. 

Options For Multinational Companies

The Metropolitan Corporate Counsel article  discusses several options for companies that must comply with the requirements of several jurisdictions. 

One option recommends that companies comply with the U.S. Department of Commerce’s Safe Harbor Privacy Principles. Doing so should provide companies with a presumption of “adequacy” of privacy protection. This presumption should allow them to transfer data from their EU offices to their U.S. offices without violating the EU Directive.

Another option suggested: (1) limiting the reporting requirement to only those employees required to report by Sarbanes-Oxley, including senior financial officers (§ 406) and attorneys (§ 307); (2) limiting the reporting requirement to subjects such as fraud and financial wrongdoing; and (3) promptly notifying any accused employee of the details of any ethics complaint.

One word of caution must be given about the final option suggested in the article, however.  This option discussed the implementation of different legal entities, one for European operations, and one for operations in the United States. Before considering this, the company should examine the recent New York federal opinion in  O’Mahony v. Accenture Ltd, ___ F.Supp.2d  ___, 2008 WL 344710 (S.D.N.Y. 2008), which finds that a foreign subsidiary of a U.S. Company may be subject to SOX regulations in certain situations. The Accenture case will be discussed in greater detail in a subsequent post.

AN EMPLOYEE’S ASSISTANCE IN RESPONDING TO A SUBPOENA BY A GRAND JURY WAS POTENTIALLY “ASSISTING” A PROCEEDING AND THEREFORE POTENTIALLY A PROTECTED ACTIVITY

April 2, 2008 | Leave a Comment

In Miles v. Wal-Mart Stores, Inc.,No. 5:06-CV-05162 (W.D.Ark. Jan. 25, 2008), the court found that the Plaintiff had created a geniune issue of material fact as to whether she engaged in protected activity under  SOX because  she had provided assistance to the FBI and an Assistant U.S. Attorney in connection with Wal-Mart’s response to a grand jury subpoena calling for production of documents concerning union-related labor relations and the investigation of a former executive for suspected fraud. The Plaintiff  had objected to an instruction to shred certain documents being digitized in her labor relations department which she believed might have been subject to the subpoena. Wal-Mart argued that the Plaintiff had only aided an “investigation” as opposed to a “proceeding.” The court found that under the circumstances, a genuine issue of material fact existed as to whether the Plaintiff  engaged in protected activity. 

The section of the Sarbane-Oxley Act that potentially applied was the second prong of the protected activity provision of Sarbanes-Oxley which prohibits publicy traded companies from discrimination against an employr or other covered person that:  files, causes to be filed, testifies, participates in, or otherwise assists in a proceeding filed or about to be filed (with any knowledge of the employer) relating to an alleged violation of section 1341, 1343, 1344, or 1348, any rule or regulation of the Securities and Exchange Commission, or any provision of Federal law relating to fraud against shareholders. 18 U.S.C. 1514A(a) (2004).

SOX Investigations: Isilon Systems, Inc.

April 1, 2008 | Leave a Comment

An example of a recent investigation is reflected in the recent press release of Isilon Systems, Inc. (NASDAQ: ISLN). The release stated that  the Company’s Board of Directors, based upon the recommendation of the Audit Committee, determined that the Company should restate its financial statements for fiscal year ended December 31, 2006, and for the first and second quarters of fiscal 2007, ended April 1, 2007 and July 1, 2007 respectively.

The release reported that the Audit Committee, assisted by independent forensic accounting and legal advisors, conducted an independent review of certain sales to resellers and other customers to determine whether commitments were made that have an impact on the timing and treatment of revenue recognition and whether the Company’s internal controls relating to revenue recognition are sufficient. The Audit Committee identified errors in the Company’s previous recognition of revenue.

The release stated that the Audit Committee concluded that none of the Company’s current senior executives engaged in improper practices or are otherwise responsible for the errors in revenue recognition.

One of the transactions restated was a sale directly to an end-user customer for which the terms and conditions were not fixed or determinable. The release states that  revenue from this sale will be recognized in a subsequent period when the terms become fixed or determinable and all other criteria for the recognition of revenue are met. 

The press release also contained forward-looking statements regarding future events, including statements regarding an ongoing review by the Company’s Audit Committee.  

Allen v. A.R.B.

March 31, 2008 | Leave a Comment

In January of 2008, the Fifth Circuit held “an employee’s complaint must ‘definitively and specifically’ relate to one of the six enumerated categories found in the Act.” The  are mail fraud, wire fraud, bank fraud, securities fraud, any rule or regulation of the SEC, and any provision of federal law relating to fraud against shareholders See Allen v. Administrative Review Bd., 514 F. 3d 468, WL 171588, (5th Cir. 2008).

The Fifth Circuit found that an employee must have a reasonable belief that the employer engaged in one of the enumerated categories, and such reasonable belief is to be scrutinized under both a subjective and objective standard. The Fifth Circuit also found that the objective standard to be applied is similar to that of Title VII retaliation claims. However, while the objective reasonableness of an employee’s belief is sometimes decided as a matter of law, if there is a genuine issue of material fact it cannot be.

The Fifth Circuit also noted that an employee’s mistaken belief an employer violated one of the six categories is protected, if the mistaken belief was reasonable.

When discussing the sixth category (any provision of federal law relating to fraud against shareholders), the Fifth Circuit noted that “the employee must reasonably believe that his or her employer acted with an intent to deceive, manipulate, or defraud its shareholders.”

SOX whistleblowers

whistleblowers help

whistleblowers protection

« Previous Page

Recently Written

• Finance Reform Will Clarify Sox
• Offer of Judgment Makes SOX Whistleblower a Prevailing Party and Entitles Whistleblower to Attorneys Fees
• Fourth Circuit Confirms that Billing Irregularities Not Enough for SOX Whistleblower Protection
• Schwabe Ordered to Reinstate SOX Whistleblowers
• DC Court Upholds Constitutionality of SOX
• The Fourth Circuit Rejects ReInstatement for First Sox Whistleblower
• J-SOX
• Individual Liability for SOX Whistleblower Retaliation
• French Subsidiary May Have Exposure for Retaliation Under Sarbanes-Oxley
• Criminal Exposure of Sarbanes-Oxley

Categories

• blog
  • Sarbanes Oxley Processes
  • Sarbanes Oxley SOX Claims
  • SOX Investigation Requirements
  • SOX Whistleblowers Protections
• Uncategorized

Archives

• May 2010
• January 2009
• December 2008
• October 2008
• August 2008
• April 2008
• March 2008

Blogroll

Admin

• Login
• WordPress
• XHTML

Copyright © 2007 GMWD LLP SOX Attorney .com·Home · Contact Us · Find an Attorney ·Site Map · Login