Managing Data Privacy Challenges in Performing Due Diligence and Internal Investigations in China (Part Two of Two)

Eric Carlson is quoted in an FCPA Report article regarding China’s data privacy and cybersecurity laws and how they apply to companies doing business in China. Commenting on performing due diligence while avoiding data privacy issues, Carlson says, “For due diligence purposes, it is still safe and appropriate to gather corporate information such as whether a target company is legally registered and licensed.” He adds that companies can utilize “source checks” that can help a company “to gather a refined understanding of the target’s reputation and how it does business.”

Carlson also speaks to the importance of incorporating data access into employment policies, emphasizing the necessity of providing Chinese translations of these policies as well as explicitly stating that “the company has the right to access, monitor, review, transfer and disclose information stored on company IT assets.” Then, because the Chinese law specifically requires employee consent before its publication, companies should make sure that employees give their written consent to these policies. “Many of our clients are asking for explicit consents to obtain, access, process, search, review and transfer information from their employees,” he says.