CNiL Information on Whistleblower Systems

To follow-up on French Data Protection Authority Blocks SOX Whistleblower Programs and Whistleblowers in France, here is CNiL‘s FAQ on whistleblowing systems and guideline document for whistleblower systems. CNiL defined a set of rules to be followed for whistleblower systems to be compatible with French data protection laws: Unique Authorisation dated December 8, 2005 (in French, without

French Data Protection Authority Blocks SOX Whistleblower Programs

As a follow-up to the Whistleblowers in France, John B. Reynolds, III and Amy E. Worlton of Wiley Rein LLP offer more insight to the programs and decisions. CNIL found that employees’ ability to lodge anonymous complaints would increase the likelihood of malicious false reports. CNIL also found that the two companies’ plans would not

Whistleblowers in France

French privacy law limits the ability to use anonymous hotlines. In France, the French Data Protection Authority (La Commission Nationale de l’Informatique et des Libertés (CNIL)), an administrative agency, oversees processes involving the collection or compilation of personal data. In 2005 they decided that two reporting procedures were in violation of French privacy law. McDonald’s

A Unified Approach to GRC

A participated in a webinar by Carole Stern Switzer of OCEG and Sumner Blount of CA, Inc. on Unified Governance, Risk and Compliance. Governance – the culture, policies, processes, laws and institutions the define the structure by which companies are directed and managed. Risk – the effect of uncertainty on business objectives. Compliance – The

Nevada Law on Privacy of Personal Information

A Nevada law requiring encryption of customer personal information went into effect on October 1, 2008. See Nev. Rev. Stat. § 597.970. The legislation is short but potentially wide-ranging in scope. NRS 597.970 Restrictions on transfer of personal information through electronic transmission. [Effective October 1, 2008.] 1.  A business in this State shall not transfer

Additional Guidance on the Massachusetts Privacy Regulations

The Massachusetts Office of Consumer Affairs and Business Regulation has provided guidance regarding its new regulations requiring all entities that own, license, store or maintain personal information about a resident of the Commonwealth of Massachusetts to develop, implement and maintain a comprehensive written information security program and make specific computer information security requirements. I mentioned

Sarbanes-Oxley Act Whistleblower Digest

The U.S. Department of Labor assembled a digest of whistleblower law under the Sarbanes-Oxley Act. On July 30, 2002, the Sarbanes-Oxley Act of 2002, P.L. 107-204 was signed into law by President Bush. Section 806 of the Act, to be codified at 18 U.S.C. § 1514A, is a whistleblower provision that provides protection for employees

Why Use a Hotline?

Is it important to have a hotline for reporting violations? Reporting violations is a keystone for an effective compliance program. It can maximize the eyes watching for lapses in judgment and blatant violations. It can foster the reporting of issues and concerns as they occur or before a violation occurs.

Ethics as a Business Process

Adam Turteltaub wrote Ethics as a Business Process for the fall 2005 edition of GRC 360. Forward-looking companies are seeking to evolve business from soft art to hard science as a means to win in the marketplace, improve competitive advantage, achieve higher market valuations, ensure employee retention, foster fruitful partnerships and strengthen customer satisfaction. .

Real Money Laundering

The October 2008 edition (.pdf) of The SAR Activity Review, Trends, Tips and Issues published by the Financial Crimes Enforcement Network, has a great story on page 29 about a marijuana smuggling and money laundering operation. The organization was concerned that the cash smelled like marijuana. The benk tellers even noticed the smell of marijuana