Law.com Subscribers SAVE 30%

Call 855-808-4530 or email [email protected] to receive your discount on a new subscription.

KickerFeaturesSectionsNews

Unlawful SOX Helplines

By Jonathan Armstrong
August 30, 2005

The international corporate governance community has been greatly troubled in the last several weeks by the reporting of decisions from France and Germany that have been said to make the running of SOX helplines unlawful in Europe. Much of the furor has been caused by mistranslations of the decisions in both of these countries, and a misunderstanding of the ability of the authorities in one country in Europe to make cross-border rulings. As we will see, the decisions taken in France and Germany affect only those two countries and are not in themselves of pan-European effect. Problems do however remain in particular for U.S. corporations that run whistleblower hotlines in Europe.

France

On May 26, 2005, the French privacy regulator (known as CNIL) refused requests from CEAC (an affiliate of Exide Technologies) and McDonalds France to authorize the use of anonymous whistleblower hotlines. In order to comply with SOX requirements, both companies intended to set up anonymous employee hotlines and had contacted CNIL to register them under the French system of mandatory prior registration with CNIL of databases containing personal information. It is important to stress that certainly in McDonalds' case, the hotline was not yet running in France. The company was simply seeking prior authority from the CNIL. The proposed hotlines allowed employees to “blow the whistle” on perceived wrongdoings by colleagues using telephone, fax, post or e-mail. The CNIL thought that these hotlines were “disproportionate in view of the objectives pursued and of the risks of slanderous denunciations … ” Although both companies had apparently complied with the 1978 French Data Protection Act as modified in 2004, the CNIL decided that hotlines would be illegal for the following reasons:

  • Lack of transparency: individuals who are the subject of a whistleblower's allegations may not be able to hear or reply to the accusations made against them. In their decision the CNIL said that French personal data protection laws are designed to make sure that individuals whose data is being processed know who has that data and can have access to it, and if necessary, correct it. The hotlines under consideration however, were designed to ensure anonymity. Employees were not to be informed that information concerning them had been received. The hotlines were then not 'transparent' in the manner that French law requires.
  • Natural justice: accused employees would not have the means to defend themselves or oppose the proceedings that may involve criminal charges.
  • Professional ethics: the hotlines were said to be disproportionate to the aim they sought to achieve.

The CNIL said it was aware of the conflict with SOX and has asked the French Employment Minister and the competent authorities in the U.S. to resolve this issue. We understand, however, that in the meantime more decisions are pending.

Read These Next
Major Differences In UK, U.S. Copyright Laws Image

This article highlights how copyright law in the United Kingdom differs from U.S. copyright law, and points out differences that may be crucial to entertainment and media businesses familiar with U.S law that are interested in operating in the United Kingdom or under UK law. The article also briefly addresses contrasts in UK and U.S. trademark law.

The Article 8 Opt In Image

The Article 8 opt-in election adds an additional layer of complexity to the already labyrinthine rules governing perfection of security interests under the UCC. A lender that is unaware of the nuances created by the opt in (may find its security interest vulnerable to being primed by another party that has taken steps to perfect in a superior manner under the circumstances.

Strategy vs. Tactics: Two Sides of a Difficult Coin Image

With each successive large-scale cyber attack, it is slowly becoming clear that ransomware attacks are targeting the critical infrastructure of the most powerful country on the planet. Understanding the strategy, and tactics of our opponents, as well as the strategy and the tactics we implement as a response are vital to victory.

Legal Possession: What Does It Mean? Image

Possession of real property is a matter of physical fact. Having the right or legal entitlement to possession is not "possession," possession is "the fact of having or holding property in one's power." That power means having physical dominion and control over the property.

The Stranger to the Deed Rule Image

In 1987, a unanimous Court of Appeals reaffirmed the vitality of the "stranger to the deed" rule, which holds that if a grantor executes a deed to a grantee purporting to create an easement in a third party, the easement is invalid. Daniello v. Wagner, decided by the Second Department on November 29th, makes it clear that not all grantors (or their lawyers) have received the Court of Appeals' message, suggesting that the rule needs re-examination.