CHINA’S DATA PRIVACY LAWS POSE CHALLENGES FOR CORPORATE FOREIGN CORRUPT PRACTICES ACT COMPLIANCE
Lack of a single, all-encompassing law creates additional hurdles for multinationals conducting third-party due diligence
Companies that do business in China are under intense scrutiny because of the Chinese government’s crackdown on bribery and corruption and continued efforts by U.S. and U.K. regulators to enforce their own compliance regulations. To further complicate matters, China’s mosaic of privacy laws governing the gathering, use, and storage of data present significant compliance challenges for multinationals conducting due diligence of their third parties.
“With the March 15th implementation of additional revisions to privacy rules, companies must ask themselves how they can conduct due diligence on Chinese principals based on the Foreign Corrupt Practices Act (FCPA) without violating the country’s data privacy laws,” says Dennis Haist, General Counsel and Compliance Advisor for San Francisco-based STEELE (CIS), a leading global business advisory and compliance intelligence firm. “China’s goal of protecting consumer privacy is laudable but, since the country lacks any all-encompassing guidelines that corporations can turn to, multinationals face many issues regarding what is legally obtainable data.”
Mr. Haist is a co-author of “Legally Obtainable Data in China,” a white paper that provides insight on how privacy laws are likely to affect third-party due diligence and management programs. “In order to comply with the FCPA, multinationals must conduct reasonable, risk-based due diligence of their third parties,” he says. “That very likely includes looking at the principals of an entity. It’s vital to engage a company that understands data privacy regulations, because the Chinese government closely monitors those involved in due diligence in a manner similar to its monitoring of journalists.”
In fact, there are at least 13 different laws that address data privacy in China. “Local in-depth knowledge of China data privacy law and the practical realities of conducting third-party due diligence is a must,” says Mr. Haist.
To reduce the risk of violations and comply with the letter and spirit of Chinese law, he recommends that multinationals borrow data privacy concepts that use an inclusive definition of personally identifiable information, including an individual’s name, resident identity cards, driver’s license numbers, birthplace, telephone number and birthday, and possibly more. Corporations also need to obtain the consent of individuals included in the due diligence effort and, in general, only collect information that would be available to the subjects themselves.
“It’s almost impossible to do business in China without engaging third parties to interact with Chinese officials,” Mr. Haist points out, “and we are seeing an unprecedented level of anti-bribery and anti-corruption (ABAC) enforcement directed at foreign multinationals. An enhanced level of due diligence is no longer optional.”
A copy of “Legally Obtainable Data in China” is available free from STEELE CIS by clicking here.
Hatti Hamlin, 925.872.4328, MediaRelations@steelecis.com
About STEELE (CIS)
STEELE Compliance and Investigation Services (CIS) is a global business advisory and compliance intelligence firm offering comprehensive third-party due diligence solutions that help organizations comply with regulatory requirements and align with best practices. With more than 20 years of experience, STEELE CIS provides Fortune 1000 companies and mid-sized businesses with pragmatic solutions, including Regulatory Due Diligence, Third-Party Program Advisory Services, Program Management Services, and Compliance Analytics and Benchmarking Services. With engagements in over 170 countries, STEELE CIS delivers local and regional expertise with ‘on-the-ground’ resources.
For additional information regarding risk-based third-party management, please contact a STEELE CIS third-party compliance expert. Call +1.415.781.4300, email info@steelecis.com,or visit www.steelecis.com.
Tags: