A Practical Guide to Addressing Information Privacy and Security Issues in International Business
With the globalization of the economy, businesses are reaching greater, broader, and more diverse markets in foreign countries in order to increase their revenues. Their websites reach clients and prospects throughout the world anytime, any day, anywhere. To achieve a global presence, companies hire foreign contractors to develop or manufacture products, provide support services, and much more. The foreign subsidiaries routinely send employee information to the company’s headoffice where a central database maintains salary and other employee information for all personnel worldwide. Millions of personal data are collected, used, processed or moved accross borders.
An increasing number of foreign laws aim at protecting personal data, and preserving and strengthening human rights and fundamental freedoms. These laws are relevant to global companies. Negotiating a deal, corresponding with clients, exchanging contact information for the delivery of a shipment usually entails thecollection, transfer, use, or storage of personal information.
As companies exchange personal information of their employees, clients or contacts with entities located in foreign countries with a different culture, history, political regime, and different laws, they must remember and take into account these differences. We cannot expect a service provider in the Philippines, or a distributor in Italy or Argentina to act in the way we act, to have priorities that are similar to ours. We cannot expect them to treat – or be required to treat - personal information in the same way as we do.
The great discrepancies between the treatments of personal or private information throughout the world make global companies vulnerable to violating foreign data protection laws for lack of awareness of their duties and obligations. The Global Privacy and Security Law book attempts to clarify and explain some of the privacy and security requirements by taking the reader to a journey around the world. It offers a survey of the legal environment related to privacy and security. Its goal is to increase the reader’s awareness of the substantial discrepancies and differences between the legal regimes throughout the world. It hopes to help privacy professionals understand some of the multiple facets of the protection of personal data in corporate and commercial transactions.
"Francoise Gilbert has done a great service to the field of privacy by comprehensively gathering, organizing, and interpreting the many privacy laws around the world. Global Privacy and Security Law will serve as an invaluable resource for anyone struggling with the complexities of this field."
"Global Privacy and Security Law merits a wide berth on the shelf of any informational assets' based library. These volumes contain a breadth of information across the many relevant geographies where data is regulated as well as the varied nuances in the various protection schema. Any data protection professional seeking to find solutions in an evolving practice can use this tool as a handy compass to navigate the journey to information protection."
"This is an incredibly comprehensive and effective treatment of one of the emerging and complex fields of law that affects all areas of commerce and government. It is an invaluable contribution and resource for anyone affected by the continuingly expansive regulation of privacy and personal data security worldwide."
"This two volume set is well written, incisive, and well documented. It is a must have for any serious privacy practitioner. "
About the Author
J.D., Loyola U. of Chicago (USA)
Maitrise en Droit, Paris (France) - law degree-
M.Sc. and CAPES Mathématiques, Paris (France)
Admitted to practice law in California, Illinois, and France
Françoise Gilbert concentrates in US and global data privacy and security issues, cloud computing, and information law. Covering the entire privacy and security spectrum, her clients include public or multinational entities, cloud service providers, B2C businesses, B2B businesses, analytics companies, publishers, Internet stores, insurance companies, manufacturers, service providers, trade associations, software developers, and others. She counsels clients on complex issues related to evaluating and strategically managing privacy, security, cloud computing and e-business risks. She assists clients in driving a culture of privacy across their organization, developing and implementing information privacy and security strategies and compliance programs, and integrating privacy and security in commercial or corporate transactions.
Leading international legal publishers recognize Francoise Gilbert as an industry expert and thought leader in privacy and security, and consistently rank her among the top attorneys in her profession. Chambers & Partners has repeatedly named her in Chambers USA and Chambers Global for her privacy and security expertise, noting, among other things, “her considerable knowledge base attracts multinational clients who value her strategic and practical advice”. She has also been listed for several years by Best Lawyers in America, and The International Who’s Who of Internet, Ecommerce and Data Protection Lawyers, which recommend her for information privacy and security and information technology law. Ethisphere has named her an “Attorney Who Matters”, and Computerworld, has identified her as one of the “Top US Privacy Advisors.” She is also the only attorney recommended for privacy and data security law by the San Francisco’s Best Lawyers (2012) magazine
With over 30 years of experience as a practicing attorney addressing cutting edge domestic and international computer, Internet and data protection issues, Françoise brings a unique combination of sharp legal skills, deep regulatory knowledge, practical business acumen and extensive experience of the information technology markets.
She is highly experienced in addressing a wide range of US and foreign privacy and security issues, such as counseling on HIPAA/HITECH Act, GLBA, COPPA, FCRA/FACTA, or CAN SPAM compliance, online and offline data law, behavioral advertising, tracking, content personalization, retargeting, use of data for modeling, analytics and diagnostics, security incident response planning and disclosures, implementation of FTC and State Attorney General guidance. She develops comprehensive privacy compliance programs, consumer privacy policies and best practices, and training programs regarding the appropriate collection, use and disclosure of personal data. She conducts all phases of privacy assessments and information security policy audits, and assists clients in responding to investigations by state and federal regulators.
For multination companies, she leads the design and implementation of global privacy programs, advises on compliance with foreign data protection laws (Western Europe, North America, or Asia Pacific) and cross border data flow issues, negotiates and implements data transfer agreements and data transfer structures, conducts Safe Harbor audits, develops and maintains documentation and procedures to support continuing compliance with EU-US Safe Harbor principles, assists in Safe Harbor self-certification and re-certification.
In addition, she assists clients’ corporate or commercial teams in incorporating data protection in their operations and transactions. She regularly works on data protection issues in major corporate and commercial transactions such as mergers & acquisitions, cloud computing, outsourcing, and offshoring. She structures and negotiates a wide variety of contracts concerning data uses, privacy and security, cloud computing, or transactions associated with databases, data processing or data management, including strategic alliances and joint ventures, and other complex contracts.
SPEAKING AND TEACHING
A prolific speaker, Françoise Gilbert has been featured on numerous panels throughout the United States and internationally on privacy, security, cloud computing, risk management, outsourcing, information technology, and e-business law by industry groups, bar associations and trade associations. She has taught technology and data protection law in the Graduate School of Health Information Science at the University of Illinois, Chicago Campus from 1992 to 2012, and is a frequent guest speaker at the John Marshall Law School in Chicago (Illinois) and at the Silicon Valley Center for Entrepreneurship at San Jose State University (California).
Françoise is often asked to comment on privacy, security or cloud computing issues in national and international press, including the New York Times (USA), le Matin Dimanche (Switzerland), RTTV (Russia), ComputerWorld (USA), MarketPlace (USA), PC World (USA), SafeGov.org (USA), or TechTarget (USA).
Françoise is the author and editor of Global Privacy and Security Law published by Aspen / Wolters Kluwer, a two-volume, 3,000 page, law treatise, which provides a detailed analysis of the major drivers that dictate or influence data protection laws worldwide, and contains a thorough analysis of the privacy and data protection laws of 65 countries on all continents.
She is also a co-author of: Privacy Compliance and Litigation in California (2009 - CEB); HIPAA Security Standards (2007 – ABA Publications); Business Process Outsourcing Transactions (2007- Wiley); Technology Outsourcing Transactions (2005 - Wiley); International Guide to Cyber Security (2004 - ABA Publications); International Guide to Privacy (2003 - ABA Publications); International Guide to Combating Cybercrime (2002 - ABA Publications); Comprehensive Guide to Electronic Health Records (2000 - Faulkner & Gray); Comprehensive Guide to Electronic Health Records (1999 - Faulkner & Gray).
In addition, Ms. Gilbert has published hundreds of articles in peer-reviewed publications, professional journals and magazines on privacy, security, cloud computing, computer crime, outsourcing, workplace privacy, information law, data governance, Internet law, ecommerce, children protection, and comparative law. She is a contributing expert to TechTarget’s SearchCloudSecurity.com, focusing on information privacy and security, cloud computing and data governance.
Françoise is a member of the Editorial Board of The Practical Lawyer, a publication of the American Law Institute – Continuing Legal Education Group and she serves on the Technology Board of Advisors of ALI CLE. She has served on the Board of Directors of the International Technology Law Association, the American Telemedicine Association, the California E-Heath and Telemedicine Association, and other non-profit entities, and on the Board of Advisors of several Silicon Valley emerging technology start-ups. She is a past member of the National Conference of Lawyers and Scientists and of the Executive Committee of the Business Law Section of the California Bar.
Ms. Gilbert is a founding member of the Cloud Security Alliance, its General Counsel, and the chair of its Legal Committee. She has co-chaired the PLI Privacy & Security Law Institute since 2000 and has held numerous leadership positions at the American Bar Association, the California State Bar, the Chicago Bar Association and the International Association of Privacy Professionals including, most recently, the American Bar Association Science & Technology Section ePrivacy Committee and the IAPP KnowledgeNet San Francisco.
EDUCATION, BAR ADMISSIONS AND CERTIFICATIONS
Trained in the civil law and the common law systems, Françoise Gilbert is admitted to practice in California and Illinois as well as in France. Before acquiring her JD in Chicago (Illinois), she obtained a French law degree in Paris (France). Early training includes undergraduate and graduate degrees in mathematics, engineering and education from the Universities of Paris and Montpellier (France). Françoise Gilbert is accredited as Certified Information Privacy Professional (CIPP) by the International Association of Privacy Professionals.
Françoise Gilbert is bilingual in French and English. She has a working knowledge of Spanish, Italian and German.
IT LAW GROUP
Françoise Gilbert is the founder and Managing Director of the IT Law Group.