This note describes the data protection and employment issues that arise when European companies listed at US stock exchanges set up corporate compliance hotlines in order to fulfil obligations under section 301(4) of the US Sarbanes-Oxley Act of 2002. The note also discusses recent regulatory developments in the EU relating to whistleblowing hotlines, and suggests compliance strategies to ensure that hotlines comply with EU data protection laws.
This note provides an analysis of common frauds and a high-level guide to conducting an internal investigation, covering key issues such as: How to handle an internal investigation. Dealing with internal communication issues. Briefing external parties (for example, regulators).