Länderspezifische Risiken bei der Umsetzung globaler Informationsmanagement-Maßnahmen.
NTT Com Global Watch Ausgabe 6
Konzerne, die weltweit geschäftlich aktiv sind, sammeln an jedem Standort verschiedenste Daten und Informationen. Dies beinhaltet Informationen zu Produkten und Services der Anbieter, Geschäftsabschlüssen und persönliche Informationen der Kunden. Konzerne geben die erfassten Daten im Allgemeinen an Hauptsitze und regionale Niederlassungen weiter und beziehen sie in ihre Initiativen ein, um effizienter arbeiten zu können und die Qualität ihrer Produkte und Services zu verbessern. Auf diese Weise stärken sie ihre Wettbewerbsfähigkeit und beschleunigen das Wachstum. Konzerne müssen jedoch bei der Freigabe und Nutzung von Daten, die an den verschiedenen Standorten gewonnen wurden, je nach Land, Region und Inhalt Vorsicht walten lassen.
Durch die veränderte Rolle ausländischer Standorte wird Informationsaustausch zu einem Muss
Wenn wir über die Risiken des Informationsmanagements im Inland sprechen, sind zunächst Datenlecks in Bezug auf personenbezogene Informationen und der Diebstahl vertraulicher Unternehmensdaten zu nennen. Natürlich müssen wir diese Risiken auch im Ausland ständig berücksichtigen.
Je nach Land oder Region der ausländischen Standorte können Daten, die während lokaler Geschäftsaktivitäten gewonnen, jedoch nicht in geeigneter Form verwaltet und freigegeben werden, unerwünschte rechtliche Probleme für den Konzern und Schäden für die im Ausland ansässigen Unternehmen verursachen.
In der Vergangenheit expandierten Konzerne ins Ausland, um Kosteneffizienz und eine globale Spezialisierung für interne Prozesse wie die Lieferkette, Produktion und Logistik zu erzielen. Heute bedeutet das schnelle Wachstum von Zukunftsmärkten, dass das Ziel der Unternehmensexpansion ins Ausland nun stattdessen die Erschließung neuer Märkte ist.
Darüber hinaus stehen Standorte im Ausland aufgrund des erheblichen Wachstums lokaler Märkte nun hinsichtlich ihrer Rolle und Funktion auf gleicher Stufe wie andere regionale Standorte. Diese lokalen Standorte beinhalten heute auch Entwicklungs- und Marketing-Funktionen, um die Wettbewerbsfähigkeit zu stärken. Aus diesem Grund müssen die verschiedenen Arten von Daten und Informationen, die diese Standorte durch lokale Geschäftsabschlüsse gewinnen, unbedingt weitergegeben werden. Diese Daten sollten sowohl an die Konzernzentrale als auch an andere Standorte übermittelt werden, sodass sie für das Wachstum auf jedem Markt genutzt werden können.
Japan ‘s exposure to legal risks does not compare to that of other countries
We asked Toshiyuki Arai, an international lawyer who is a partner of the Paul Hastings LLP Corporate practice and chair of the firm's Tokyo office, about the risks involved with information management overseas. Mr. Hastings has extensive experience in the US and China regarding various legal risks, practical issues, and lawsuits facing corporations operating overseas.
Regarding the legal risks involved with information management while businesses operate overseas, Arai explains, "For example, if we are talking about the US, let's take litigation related to competition law violations under the US Antitrust Law, which is equivalent to the Japanese Antimonopoly Act, intellectual property rights (IP) and product liability (PL). These are legal risks shared in countries where Japanese corporations are actively doing business."
Incidentally, there is a well-known trick in IP-related litigation known as a "patent troll." This is when the individuals and groups who become the plaintiffs purchase patents from third parties and then exercise these patents to obtain license fees or hefty settlements, even though they are not doing any of the R&D, manufacturing or sales.
In reference to class-action lawsuits, Arai explains, "In Japan, the effect of a ruling in a class-action lawsuit extends only to persons, companies and groups that are named as plaintiffs. However, for example, in the class action system in the US, the effect of a ruling extends to all persons recognized as having suffered the same harm, even if the plaintiffs are not named. Therefore, in the US, if corporations are judged responsible for cartels or PL lawsuits, they must pay a huge amount of compensation. If that happens, there is a risk to the local business of course, but there is a risk of severe damage to the corporate business infrastructure.”
Under the discovery system, there is an obligation to submit the requested information
If we take the US as an example, we see that the legal risks vary overseas and the scope of eligibility and monetary compensation is much larger in comparison to Japan. So what is the connection between legal risk and information management?
The US judicial system has a procedure for gathering evidence called the "discovery system." Under this system, when there is a trial, one of the parties mandates the other party to provide existing sensitive information other than protected information. In some cases, the courts order information held by third parties to be disclosed to the plaintiff side, not just that of the parties in the litigation. In addition to the systems and requirements surrounding various types of information in countries beyond Japan, new laws are constantly being enacted.
Arai comments, "If companies do not submit the requested internal information appropriately, naturally this is disadvantageous in the lawsuit. But the possibility even exists that the company would lose the lawsuit if the request for information disclosure was not fulfilled."
One of the risks involved with information management, if disclosure of internal information is requested, is whether the necessary information can be located from within the company's internal information and secured in a timely manner. Deleting information or documents is out of the question at such times.
It is best to consider all information held by a corporation as subject to the discovery system. Nowadays, most information held by a corporation is stored electronically. Electronic documents and data are also subject to the discovery system – in this case "E-discovery" (electronic information disclosure).
Corporations engaged in global business regularly disperse information assets to overseas sites. Global information management infrastructure is essential in finding and retrieving the required data.
Best practices shared and deployed globally
As mentioned in the introduction, there is a tendency in Japanese information management to focus on security measures to prevent leaks of personal information and theft of confidential company data. Countermeasures for these risks are essential initiatives, not only in Japan, but in any country or region. As mentioned above, it is also necessary to understand how regulations, types of risks, and their size differ depending on the country.
Arai says, "The information management risks and the purport of laws relating to business are not that different in the countries where Japanese corporations are actively developing business. However, the fact is that the requirements for information transfer and how strictly information needs to be managed under the law vary greatly depending on the country."
In other words, legal requirements differ depending on the country, and some are interpreted strictly while others are interpreted more leniently. As a result, a common solution for handling local information management is to implement the minimum necessary measures according to the local level of legal risk.
In response to this approach, Arai advises, "It is true that many corporations set a level for each country based on its legal risk and manage information accordingly. However, a corporation's information is shared and managed globally. So when policies differ for each site, it is highly likely that the legal risk will increase for the entire global operation. In actual fact, many corporations get into big trouble this way. I believe that by setting the strictest management level as a best practice and applying it across all sites as a shared practice, corporations can reduce their legal risk across all of their global operations," Arai advises.
Arai also explains, "The shortcut to applying common policies across the globe for the operation of company-wide information management and for information security is to form a partnership with a single global and trusted ICT. It is often pointed out that this is also an effective way to ensure safety. Similarly, operations, application of security policies and maintenance become very difficult if corporations use different services in each country or region for networks and data centers that form the information management infrastructure. Therefore, I think that it is most convenient to use networks and data centers that provide unified services across the globe."
Providing seamless global network and cloud services
For risk management measures involving global information management, it is necessary to join forces with a trustworthy ICT partner with a global track record. NTT Com has affiliated companies and offices in 43 countries, and provides a variety of services to support information management infrastructures. These include networks and cloud services in 196 countries and regions worldwide, all in a seamless one-stop service.
NTT Com maintains a high level of service quality that vastly exceeds the global standard. As a global Tier1 provider, NTT Com has a global-scale IP backbone that achieves an extremely high availability rate of 99.99%. NTT Com provides a variety of ICT services in addition to building and operating information management infrastructures, and contributes to the growth of corporations promoting their businesses on a global scale.
NTT Com has a wealth of experience in every overseas country and region where businesses are active, and will continue to support corporations aiming for global growth in the future.
Mr. Toshiyuki Arai
Attorney (Japan)/Licensed to practice law in California
Paul Hastings LLP
Corporate law partner/Head of Tokyo Office