Data Protection and Risks in Cross-Border Joint Ventures

This is the second installment of a two-part series. Read part one here.

Less than a month ago, U.S. prosecutors said they had uncovered the largest credit card fraud operation in U.S. history and arrested six men in Russia and Ukraine. More than 160 million credit and debit card numbers were stolen, costing the victim companies more than $300 million. The fraud targeted Citigroup, JC Penney, JetBlue Airways, Nasdaq, and PNC Financial Services. It’s no wonder that senior in-house lawyers in the recently released Winston & Strawn “International Business Risk Survey” say that their top concern in following data privacy laws is customer data—including data security and risk. Tied for second-greatest concern are cross-border data transfer and legal compliance with data security and breach notification laws.

“Interestingly, it is the potential for loss of brand equity that responding corporate counsel identify as their most significant concern,” said Lisa Thomas, a data privacy and protection partner with Winston & Strawn in Chicago. In this sense, they are well-aligned with their business-side colleagues in focusing on reputational risk. “Given this ‘external’ focus, they should continually re-evaluate the effectiveness of their data-protection policies, procedures, and training, including domestic and cross-border compliance,” Thomas says.

Reducing business risks of data privacy breaches, corruption, and other compliance issues is a constantly evolving challenge for growing international companies. Laws and enforcement vary widely from one country to the next, and market practices are highly inconsistent around the world.

For the Winston & Strawn survey, conducted online from May-June 2013, the firm talked to top corporate counsel at major multinationals in the United States and Europe, and found that policies and procedures to address various risks may be in place, but there are obstacles to compliance across jurisdictions and businesses. The issues range from unclear accountability for data privacy and protection compliance, to joint ventures or alliances with foreign partners that have different cultural and market practices.

Survey respondents use varied approaches to managing legal compliance for data privacy and protection. The variations involve different combinations of legal, compliance, IT, marketing, and human resources departments. But they have this in common: General counsel underscore the importance of making responsibilities completely clear in a matrix structure to ensure that no issues fall through the cracks. Regular communications and coordination are important.

Given the high concern corporate counsel express regarding cross-border data transfer, it should be regular practice to ensure that the company’s procedures for transferring data internationally conform to legal requirements of both the “sending” and “receiving” countries. The study results also suggest that in-house counsel rank data privacy and protection risks based on the industry and countries of operation in order to better focus their compliance efforts.

In the area of cross-border joint ventures and strategic alliances, the two greatest risks for the senior counsel respondents in emerging and high-growth markets are differing cultural and market practices from their partners, and complying with local laws and regulations. “Corporate counsel tell us that in emerging markets, they want their advisers to connect the nuances of local market practices and regulatory context to their work,” says Jerome Herbet, a Winston & Strawn partner in Paris, adding, “It’s clear that strict legal advice without those insights and know-how is of little value to the business.”

The primary way that multinational general counsel take action to reduce cross-border joint venture risk is to involve in-house lawyers in due diligence from the outset. That places demands on their in-house legal teams to cover the many markets in which they are expanding. General counsel also encourage cross-border sensitive governance and operational policies. According to Zoe Ashcroft, a Winston & Strawn partner in London, “The challenge for all of these ventures is to adhere to applicable regulatory regimes while addressing the realities and risks of doing business in the local market.”

E. Leigh Dance is president of ELD International, a consultancy to global corporate counsel. Barbara Sessions is chief marketing officer of Winston & Strawn.

Featured Firms

Law Offices of Gary Martin Hays & Associates P.C.

75 Ponce De Leon Ave NE Ste 101

Atlanta, GA 30308

(470) 294-1674

www.garymartinhays.com

Law Offices of Mark E. Salomone

2 Oliver St #608

Boston, MA 02109

(857) 444-6468

www.marksalomone.com

Smith & Hassler

1225 N Loop W #525

Houston, TX 77008

(713) 739-1250

www.smithandhassler.com

Presented by BigVoodoo

More From ALM

As generative artificial intelligence inspires one of the biggest transformations in generations, Practical Guidance continues to provide the latest tips to help you prepare for the rapid evolution in the way attorneys work.

Practical Guidance Journal: Protecting Work Product in a Generative AI World

Brought to you by LexisNexis®
Download Now

The recent SEC release comes with significant changes for private fund managers. Hear expert insights on what happened, what it means, and what the compliance considerations are.

Countdown to Compliance: SEC Private Fund Reforms

Brought to you by Ontra
Download Now

Find out what features make a code of conduct most effective. Hint: it’s not just the rules.

9 Ethical Code of Conduct Examples for the Business Professional

Brought to you by LRN
Download Now

Premium Subscription

With this subscription you will receive unlimited access to high quality, online, on-demand premium content from well-respected faculty in the legal industry. This is perfect for attorneys licensed in multiple jurisdictions or for attorneys that have fulfilled their CLE requirement but need to access resourceful information for their practice areas.
View Now

Team Accounts

Our Team Account subscription service is for legal teams of four or more attorneys. Each attorney is granted unlimited access to high quality, on-demand premium content from well-respected faculty in the legal industry along with administrative access to easily manage CLE for the entire team.
View Now

Bundle Subscriptions

Gain access to some of the most knowledgeable and experienced attorneys with our 2 bundle options! Our Compliance bundles are curated by CLE Counselors and include current legal topics and challenges within the industry. Our second option allows you to build your bundle and strategically select the content that pertains to your needs. Both options are priced the same.
View Now

From Data to Decisions

Dynamically explore and compare data on law firms, companies, individual lawyers, and industry trends.

Exclusive Depth and Reach.

Law.com Compass includes access to our exclusive industry reports, combining the unmatched expertise of our analyst team with ALM’s deep bench of proprietary information to provide insights that can’t be found anywhere else.

Big Pictures and Fine Details

Law.com Compass delivers you the full scope of information, from the rankings of the Am Law 200 and NLJ 500 to intricate details and comparisons of firms’ financials, staffing, clients, news and events.

General Counsel Summit (GCS) 2024

August 12, 2024 - August 13, 2024
Sydney, New South Wales

General Counsel Summit is the premier event for in-house counsel, hosting esteemed legal minds from all sectors of the economy.

Learn More

General Counsel Conference Southwest 2024

September 18, 2024 - September 19, 2024
Dallas, TX

Join General Counsel and Senior Legal Leaders at the Premier Forum Designed For and by General Counsel from Fortune 1000 Companies

Learn More

Women, Influence & Power in Law (WIPL) 2024

September 23, 2024 - September 24, 2024
Chicago, IL

WIPL is the original global forum facilitating women-to-women exchange on leadership and legal issues.

Learn More