Abiding by data and privacy laws across international borders is one of the most difficult aspects of operating as an international business today. There is a plethora of challenges that a company faces when managing data because privacy laws are a dynamic miasma that change from border to border, and year to year. The main data source that is under the most scrutiny of privacy laws and regulations are what is known as personally identifiable information (PII). PII is data that can be traced to an individual person like address, ID number, name, etc. Most data experts agree that the European Union has the most rigorous data protections laws, where all PII use is governed …show more content…
This strategy however, is not sufficient to maintain compliance with the law, and it is known to cause unexpected difficulties for American companies not used to the different privacy laws. Even then, international laws from EU to non-EU countries may conflict when dealing with PII. Generally, European laws decree that PII must be destroyed as soon as its utility has been exhausted, but in the United States privacy and data laws may detail a different period for holding.
All the while the number of countries with harsh laws governing the use of PII is getting larger. In 2011, Costa Rica became the seventh Latin American country to regulate data. India’s privacy laws are strong enough that many U.S. multinational companies have criticized them. Some countries outside the EU with strict privacy laws gain a benefit. The European Commission has stated that a few countries with sufficient data privacy protection can have EU data transferred to or accessed from the host country. Countries like Canada and Argentina have similar laws to the EU so they can operate with PII more easily than countries like the …show more content…
companies with employees in different countries with stricter privacy laws have? One solution would be to keep all personal data within the country where it is obtained and then prevent any outside access. Another solution would be to find a way to certify that data transferred outside the country would abide to the local legal structures.
The first option may be the best choice for many multinational companies. Privacy laws do not prevent managers from accessing sales and performance data from outside a country, along as it is ensured that PII is not involved. Maintaining local management of data is favorable, but if it is not possible the next best thing would be to limit data transfers to different countries. The main risk associated of this is when a company can’t track its data; if a company utilizes a cloud server as it moves from country to country. A work around this would be to have an EU-specific or country specific