Companies that operate globally and capture and work with personal information must be aware of the varying levels of protection that such data receive in jurisdictions around the world. Those varying protections often extend even to when, how and to whom personal information can be transferred.
The European Union had adopted legislation that provides protection across that union for personal information. Even within the framework that it created, though, individual member states have some flexibility in how they implement the terms of the EU-wide law.
The Sarbanes-Oxley Act, enacted following a series of corporate scandals a couple of decades ago, requires that companies implement mechanisms by which individuals can submit issues or raise concerns regarding compliance missteps and worse, even anonymously.