The Cybersecurity Law Report

Incisive intelligence on cybersecurity law and regulation

Articles By Topic

By Topic: Internal Investigations

  • From Vol. 3 No.7 (Apr. 5, 2017)

    Effective and Compliant Employee Monitoring (Part One of Two) 

    When can companies “spy” on their employees? Monitoring data systems and employee digital activity is critical to reducing the significant cybersecurity risks that employees pose (either inadvertently or maliciously), but companies do need to make sure they comply with consent and other legal requirements when implementing surveillance programs. This first part of a two-part series on the topic addresses the role of data monitoring, effective notice, legal considerations, and specific policies regarding BYOD, termination and remote employees – including stories from the trenches. Part two will provide operational guidance on implementing effective and compliant monitoring programs, and discuss privacy concerns in different types of employee surveillance, including the contrasting rules and approaches in Europe. See also “Strategies for Preventing and Handling Cybersecurity Threats From Employees” (Apr. 8, 2015).

    Read Full Article …
  • From Vol. 2 No.19 (Sep. 21, 2016)

    Managing Data Privacy Challenges While Conducting Due Diligence and Investigations in China (Part Two of Two)

    For companies doing business in China, understanding data privacy and cybersecurity legal requirements under Chinese law is critical. But once a company is familiar with these basic legal contours, more practical concerns dominate the ability to successfully conduct internal operations and external transactions. In this article, the second in a two-part series on China’s data privacy and cybersecurity laws, we share insights from practitioners working in China on how companies can manage the actual challenges of running their businesses while staying on the right side of the law. The first article in the series explained the basic structure of the data compliance regime in China, including criminal law, civil law, industry regulations and the draft Cybersecurity Law. See also Understanding the Far-Reaching Impact of Chinese State Secrets Laws on Data Flow” (Jul. 6, 2016).  

    Read Full Article …
  • From Vol. 2 No.16 (Aug. 3, 2016)

    Six State Secrets and Data Privacy Considerations in Chinese Internal Investigations 

    China’s state secrets law is the source of much angst for lawyers. While the concept of protecting state secrets is straightforward – and common to most countries – the breadth and ambiguity of China’s law, and the inconsistent way it is enforced, create unique data privacy challenges for companies operating in the PRC, especially when they are conducting internal investigations that require data to be transferred out of the country. This article, drawing on interviews with a number of attorneys practicing law on the ground in Asia, details six key considerations related to the state secrets laws for companies formulating sensible investigation strategies in China. For our companion article, see “Understanding the Far-Reaching Impact of Chinese State Secrets Laws on Data Flow” (Jul. 6, 2016). 

    Read Full Article …
  • From Vol. 2 No.14 (Jul. 6, 2016)

    Understanding the Far-Reaching Impact of Chinese State Secrets Laws on Data Flow 

    China’s far-reaching restrictions on reviewing and transmitting certain types of data present unique complications for companies. In particular, China’s state secrets law is a significant source of complexity for foreign companies and their counselors. How state secrets in China are defined, identified and must be handled create operational challenges for many; the broad definition of implicated information as well as the types of companies that may possess it means that these data flow restrictions impact not only government entities but also many private companies, limiting their ability to move data, even internally. Through advice from several attorneys working in Asia, this article explains the law’s framework, what types of information and entities are covered, as well as the risks at stake. See also “Foreign Business Chambers Sign Open Letter Against Chinese Cybersecurity Regulatory Changes” (Jun. 8, 2016). 

    Read Full Article …
  • From Vol. 1 No.18 (Dec. 9, 2015)

    Avoiding Privacy Pitfalls While Using Social Media for Internal Investigations

    Social media can offer valuable information to companies conducting internal investigations.  However, companies must be vigilant about employees’ privacy rights as well as the laws and restrictions in place to protect those rights.  Lily Chinn, a partner at Katten Muchin Rosenman, spoke with The Cybersecurity Law Report about these privacy challenges and the proactive steps companies should take to avoid liability and complications, including how departments should coordinate and specific points that should be addressed in company policies.  See also “Examining Evolving Legal Ethics in the Age of the Cloud, Mobile Devices and Social Media (Part One of Two),” The Cybersecurity Law Report, Vol. 1, No. 11 (Aug. 26, 2015); Part Two, Vol. 1, No. 12 (Sep. 16, 2015).

    Read Full Article …