On February 11, 2014, the French data protection authority (CNIL) published Deliberation #2014-042 and expanded the list of issues that a whistleblowing program may permissibly receive and process under French privacy laws. Now, these programs also can be used to report employment discrimination and harassment, and health, hygiene, safety and environmental issues. This is a significant development under French privacy law because, up to this point, the Single Authorization No. 4 strictly limited the type of data that French subsidiaries and other companies operating in France could collect. In particular, companies only could receive reports concerning finance, accounting, banking, anti-corruption, and unfair competition. A program that was constructed to receive reports concerning employment discrimination or harassment, for example, was technically in breach of French data privacy laws. Under Deliberation #2014-042, this is no longer the case. For full coverage of these developments, please read: Whistleblowing and Data Privacy in France: A New Pragmatic Approach for Employment and Discrimination Claims.
- How-to guide How-to guide: How to develop, implement and maintain a US information and data security compliance program (USA)
- How-to guide How-to guide: How to determine and apply relevant US privacy laws to your organization (USA)
- How-to guide How-to guide: How to establish a valid lawful basis for processing personal data under the GDPR (UK)