U.S.-based multinational companies bewildered about how to implement a provision of Sarbanes-Oxley that conflicts with French data protection laws now have new guidance on the issue. However, while the guidance will enable companies to comply with both laws, experts warn that doing so will still be a struggle.
As Compliance Week recently reported, U.S.-based multinationals with significant operations in France have been awaiting final guidance from the French Data Protection Agency, Commission Nationale de l’Informatique et des Libertés, on implementing the whistleblower provisions under SOX.
While Sarbanes-Oxley requires that companies have an anonymous mechanism for employees to report accounting and auditing irregularities, ...