Although investigations are important for businesses to address allegations of potential or suspected wrong-doing, some are likely to present data privacy issues, especially for the fragmented regulatory landscape for data protection and privacy in the Asia-Pacific region, where laws vary considerably among countries. Breaches of data protection and privacy laws in a number of Asia-Pacific jurisdictions can expose companies to fines and civil actions. Consider the following measures when conducting corporate investigations in the Asia-Pacific region: 1. Obtain consent from the individual, 2. Identify other legal bases for processing personal data, 3. Understand the position under local law, 4. Be alive to local sensitivities and cultures, 5. Ensure the security of the data, 6. Exercise proportionality, 7. Comply with data localization requirements or cross-border transfer restrictions and 8. Do not unnecessarily retain personal data.
