Email/Data _and_amp; Security Policies Compliance: French Law 1067



  • Does anyone have any input into the question of whether a company’s reporting of non compliance with email / data and security policies could be in conflict with French employment law?



  • IT depends on what you are having now locally and what has been resquested by the US for your location?
    There is the european directive on data protection to be compliant with or the equivalent law transposed in France. Do you know the name of the law in france?
    byee 😉



  • I suppose what I really meant to ask was more in relation to whistle blowing activities, the CNIL (commission nationale de l’informatique et des libertés) and reporting of non complaince with company policies… I’m talking about from an IT perspective. It all seems very complicated 8O



  • If you read French you’ll see what I’m talking about here:
    cnil.fr/index.php?id=12
    I suppose ultimately what I’m trying to ascertain is, if the SOX regulations conflict with local laws, do the relevant points simply become non applicable?



  • The French do not allow the use of anonymous whistleblower hotlines. The good news is that you can have the hotline outside of France.
    See this thread (particularly the second page) for more information:
    http://www.sarbanes-oxley-forum.com/modules.php?name=Forums-and-file=viewtopic-and-t=470



  • Thanks for that. So it would seem that the situation is far from being cristal clear where conflicts with local law are concerned. Now for my next question… any ideas how external auditors would view this, e.g. if we did not have a helpline in place???
    Really appreciate your help on this, thanks again.



  • It seems that besides the fact that anonymous whisleblower lines are legally impossible in France, there is a whole issue about overinterpretation of SOA.
    Plus the fact that there is no tradition of strong legal intervention in terms of corporate governance the competition with la LSF (loi sur la sécurité financière).
    –> it is far from being crystal clear indeed…



  • There are several court decisions in EU, ordering the local subsidiary of a U.S. firm to withdraw a whistleblower hotline initiative launched to comply with SOX
    The courts reason that hotline complaints could lead to unfounded accusations and other violations of employees’ rights to privacy in the workplace
    and that the hotline did not offer employees the right to view accusations, make responses, or defend themselves, in violation of EU law (EU Data Protection legislation)
    Employers should consult with local employment counsel to ensure that any actions taken comport with local law


Log in to reply