If your company employs any international employees, it may have obligations under foreign laws to have specific safeguards in place. Failure to observe a jurisdiction’s data protection laws can result in staff penalties and unwelcome press coverage. Although the European Union is leading the way with a proposed comprehensive new data protection law, other countries from China to the United Kingdom, South Africa, Qatar, Dubai, and several Latin American countries are developing, or have already enacted, their own data protection laws, with many based on the European model. Many multi-national employers have appointed data protection compliance officers to manage policy compliance. The policies should specify the types of personal data that will be held, how it will be stored, how and under what circumstances it will be transferred, shared with third parties, and destroyed or deleted. At a minimum, the data protection policies should address security measures that will be taken to safeguard personal information.
