Risk variations for countries taking Global information management measures.
NTT Com Global Watch vol.6
Corporations that deploy their business globally accumulate a wide variety of data and information at each location. This includes information about vendors' products and services, business deals, and customers' personal information. Corporations generally share the data gathered among headquarters and regional offices, and incorporate it into their initiatives in order to work more efficiently and improve the quality of their products and services. This way, they strengthen their competitiveness and accelerate growth. However, corporations need to be careful about sharing and utilizing data obtained by each location, depending on the country, region, and content.
Changes in the roles of overseas sites makes information-sharing a must
When we talk about the risks involved in information management domestically, the first things that come to mind are leaks of personal information and theft of confidential company data. Naturally, we must continually pay full attention to these risks overseas.
However, depending on the country or region where the overseas sites are located, any data obtained through local business activities that is not managed and shared properly may cause unwanted legal troubles for the corporation and damage to local businesses.
In the past, corporations expanded overseas in an effort to achieve cost efficiencies and global specialization for internal processes such as supply chain, production, and logistics. Today, the rapid growth of emerging markets means that the goal of corporate expansion overseas has transformed to the development of new markets.
Furthermore, because of the significant growth of local markets, sites deployed overseas have become equal to other regional sites in role and function. Such local sites now provide development and marketing functions in order to strengthen competitiveness. As a result, it is essential that the various types of data and information obtained by these sites through local business dealings is shared. Such data should be shared with headquarters as well as other locations globally,so that it can be leveraged for the growth of every market.
Japan ‘s exposure to legal risks does not compare to that of other countries
We asked Toshiyuki Arai, an international lawyer who is a partner of the Paul Hastings LLP Corporate practice and chair of the firm's Tokyo office, about the risks involved with information management overseas. Mr. Hastings has extensive experience in the US and China regarding various legal risks, practical issues, and lawsuits facing corporations operating overseas.
Regarding the legal risks involved with information management while businesses operate overseas, Arai explains, "For example, if we are talking about the US, let's take litigation related to competition law violations under the US Antitrust Law, which is equivalent to the Japanese Antimonopoly Act, intellectual property rights (IP) and product liability (PL). These are legal risks shared in countries where Japanese corporations are actively doing business."
Incidentally, there is a well-known trick in IP-related litigation known as a "patent troll." This is when the individuals and groups who become the plaintiffs purchase patents from third parties and then exercise these patents to obtain license fees or hefty settlements, even though they are not doing any of the R&D, manufacturing or sales.
In reference to class-action lawsuits, Arai explains, "In Japan, the effect of a ruling in a class-action lawsuit extends only to persons, companies and groups that are named as plaintiffs. However, for example, in the class action system in the US, the effect of a ruling extends to all persons recognized as having suffered the same harm, even if the plaintiffs are not named. Therefore, in the US, if corporations are judged responsible for cartels or PL lawsuits, they must pay a huge amount of compensation. If that happens, there is a risk to the local business of course, but there is a risk of severe damage to the corporate business infrastructure.”
Under the discovery system, there is an obligation to submit the requested information
If we take the US as an example, we see that the legal risks vary overseas and the scope of eligibility and monetary compensation is much larger in comparison to Japan. So what is the connection between legal risk and information management?
The US judicial system has a procedure for gathering evidence called the "discovery system." Under this system, when there is a trial, one of the parties mandates the other party to provide existing sensitive information other than protected information. In some cases, the courts order information held by third parties to be disclosed to the plaintiff side, not just that of the parties in the litigation. In addition to the systems and requirements surrounding various types of information in countries beyond Japan, new laws are constantly being enacted.
Arai comments, "If companies do not submit the requested internal information appropriately, naturally this is disadvantageous in the lawsuit. But the possibility even exists that the company would lose the lawsuit if the request for information disclosure was not fulfilled."
One of the risks involved with information management, if disclosure of internal information is requested, is whether the necessary information can be located from within the company's internal information and secured in a timely manner. Deleting information or documents is out of the question at such times.
It is best to consider all information held by a corporation as subject to the discovery system. Nowadays, most information held by a corporation is stored electronically. Electronic documents and data are also subject to the discovery system – in this case "E-discovery" (electronic information disclosure).
Corporations engaged in global business regularly disperse information assets to overseas sites. Global information management infrastructure is essential in finding and retrieving the required data.
Best practices shared and deployed globally
As mentioned in the introduction, there is a tendency in Japanese information management to focus on security measures to prevent leaks of personal information and theft of confidential company data. Countermeasures for these risks are essential initiatives, not only in Japan, but in any country or region. As mentioned above, it is also necessary to understand how regulations, types of risks, and their size differ depending on the country.
Arai says, "The information management risks and the purport of laws relating to business are not that different in the countries where Japanese corporations are actively developing business. However, the fact is that the requirements for information transfer and how strictly information needs to be managed under the law vary greatly depending on the country."
In other words, legal requirements differ depending on the country, and some are interpreted strictly while others are interpreted more leniently. As a result, a common solution for handling local information management is to implement the minimum necessary measures according to the local level of legal risk.
In response to this approach, Arai advises, "It is true that many corporations set a level for each country based on its legal risk and manage information accordingly. However, a corporation's information is shared and managed globally. So when policies differ for each site, it is highly likely that the legal risk will increase for the entire global operation. In actual fact, many corporations get into big trouble this way. I believe that by setting the strictest management level as a best practice and applying it across all sites as a shared practice, corporations can reduce their legal risk across all of their global operations," Arai advises.
Arai also explains, "The shortcut to applying common policies across the globe for the operation of company-wide information management and for information security is to form a partnership with a single global and trusted ICT. It is often pointed out that this is also an effective way to ensure safety. Similarly, operations, application of security policies and maintenance become very difficult if corporations use different services in each country or region for networks and data centers that form the information management infrastructure. Therefore, I think that it is most convenient to use networks and data centers that provide unified services across the globe."
Providing seamless global network and cloud services
For risk management measures involving global information management, it is necessary to join forces with a trustworthy ICT partner with a global track record. NTT Com has affiliated companies and offices in 43 countries, and provides a variety of services to support information management infrastructures. These include networks and cloud services in 196 countries and regions worldwide, all in a seamless one-stop service.
NTT Com maintains a high level of service quality that vastly exceeds the global standard. As a global Tier1 provider, NTT Com has a global-scale IP backbone that achieves an extremely high availability rate of 99.99%. NTT Com provides a variety of ICT services in addition to building and operating information management infrastructures, and contributes to the growth of corporations promoting their businesses on a global scale.
NTT Com has a wealth of experience in every overseas country and region where businesses are active, and will continue to support corporations aiming for global growth in the future.
Mr. Toshiyuki Arai
Attorney (Japan)/Licensed to practice law in California
Paul Hastings LLP
Corporate law partner/Head of Tokyo Office