United States employers operating in France often face a dilemma. While they may be bound by the whistleblowing requirements of the Sarbanes-Oxley Act (“SOX”) and its Dodd-Frank amendments,1 they also are bound by the data privacy requirements of French law, which can be at odds with U.S. whistleblowing laws. The French data protection authority (La Commission Nationale de l’Informatique et des LibertΓ©s or “CNIL”) periodically issues guidelines that provide some clarity on how employers can resolve this conundrum. On January 30, 2014, the CNIL finalized amendments to these guidelines2 expanding the scope of the topics that could be disclosed through an anonymous whistleblowing hotline. The amendments also clarify the conditions under which SOX-type anonymous whistleblowing is permitted under French law.
Home > Federal Law Articles > Human Resources > Whistleblowing > More CNIL Guidance for Multinationals Seeking to Comply with SOX & Dodd-Frank