Imagine a serious data security breach that leaks names and private data of a multinational’s employees who are based across a number of countries—including some states in the European economic area. The breach might be due to a hacker, to a lost laptop, to data stolen by a rogue departing employee, or to any other security breakdown. Whatever the situation, the legal question quickly becomes: What are a multinational employer’s obligations to notify affected employees, and government data protection authorities, of the fact that human resources data leaked?
The answer depends on “applicable” law. In the human resources data context, the laws applicable can be the laws of all jurisdictions where affected employees are based, because a multinational employer will often be subject to personal jurisdiction in all countries where it employs staff (a multinational often transacts business and serves as a “data controller” in each locale where it employs staff and where it has employees; in addition, a multinational might also be subject to data laws in jurisdictions where is does not have employees, such as where it has servers).
This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.
To view this content, please continue to their sites.
Not a Lexis Subscriber?
Subscribe Now
Not a Bloomberg Law Subscriber?
Subscribe Now
LexisNexis® and Bloomberg Law are third party online distributors of the broad collection of current and archived versions of ALM's legal news publications. LexisNexis® and Bloomberg Law customers are able to access and use ALM's content, including content from the National Law Journal, The American Lawyer, Legaltech News, The New York Law Journal, and Corporate Counsel, as well as other sources of legal information.
For questions call 1-877-256-2472 or contact us at [email protected]
