French privacy law limits the ability to use anonymous hotlines. In France, the French Data Protection Authority (La Commission Nationale de l’Informatique et des Libertés (CNIL)), an administrative agency, oversees processes involving the collection or compilation of personal data. In 2005 they decided that two reporting procedures were in violation of French privacy law. McDonald’s
A participated in a webinar by Carole Stern Switzer of OCEG and Sumner Blount of CA, Inc. on Unified Governance, Risk and Compliance. Governance – the culture, policies, processes, laws and institutions the define the structure by which companies are directed and managed. Risk – the effect of uncertainty on business objectives. Compliance – The
A Nevada law requiring encryption of customer personal information went into effect on October 1, 2008. See Nev. Rev. Stat. § 597.970. The legislation is short but potentially wide-ranging in scope. NRS 597.970 Restrictions on transfer of personal information through electronic transmission. [Effective October 1, 2008.] 1. A business in this State shall not transfer
The Massachusetts Office of Consumer Affairs and Business Regulation has provided guidance regarding its new regulations requiring all entities that own, license, store or maintain personal information about a resident of the Commonwealth of Massachusetts to develop, implement and maintain a comprehensive written information security program and make specific computer information security requirements. I mentioned
The U.S. Department of Labor assembled a digest of whistleblower law under the Sarbanes-Oxley Act. On July 30, 2002, the Sarbanes-Oxley Act of 2002, P.L. 107-204 was signed into law by President Bush. Section 806 of the Act, to be codified at 18 U.S.C. § 1514A, is a whistleblower provision that provides protection for employees
Is it important to have a hotline for reporting violations? Reporting violations is a keystone for an effective compliance program. It can maximize the eyes watching for lapses in judgment and blatant violations. It can foster the reporting of issues and concerns as they occur or before a violation occurs.
Adam Turteltaub wrote Ethics as a Business Process for the fall 2005 edition of GRC 360. Forward-looking companies are seeking to evolve business from soft art to hard science as a means to win in the marketplace, improve competitive advantage, achieve higher market valuations, ensure employee retention, foster fruitful partnerships and strengthen customer satisfaction. .
The October 2008 edition (.pdf) of The SAR Activity Review, Trends, Tips and Issues published by the Financial Crimes Enforcement Network, has a great story on page 29 about a marijuana smuggling and money laundering operation. The organization was concerned that the cash smelled like marijuana. The benk tellers even noticed the smell of marijuana
I ran across a few examples of whistleblower policies and whistleblower protection policies and some material on developing a whistleblower policy. Developing a Policy Developing a Whistleblower Policy (.pdf) by the Delaware Valley Grantmakers. Whistleblower Policies: Lessons For Associations by Julia E. Judish of Pillsbury Winthrop Shaw Pittman LLP National Whistleblowers Center Whistleblower Policy Safeguards
Grant Thornton put together a comprehensive report: Hear that whistle blowing! Establishing an effective complaint-handling process. (August 2006, .pdf) They have developed the MACH process which consists of six basic steps: Receive the complaint; Analyze the complaint; Investigate the complaint; Resolve the complaint; Report the resolution of the complaint; and Retain the necessary documentation.