In this blog, we will be discussing the seemingly mundane, yet endlessly fascinating and challenging, world of corporate compliance.
Believe it or not, that last sentence was not meant to be sarcastic.
Finding the Person in the Machine
In this blog, we will be discussing the seemingly mundane, yet endlessly fascinating and challenging, world of corporate compliance.
Believe it or not, that last sentence was not meant to be sarcastic.
For U.S. MNCs, export compliance programs should not stop at the water’s edge.
Compliance departments must ensure that the comprehensive organizational structures, policies, and procedures they have put in place do not vanish into thin air once products leave the country.
Continue Reading Export Compliance Programs and Overseas Affiliates: A Cautionary Note
This is the first post in our “Compliance Chat” series. Each post will feature a lightly edited conversation with a compliance professional.
In April, I spoke with Paul DiVecchio about the impact of Covid-19 on the export compliance industry. Paul, the principal of the Boston-based DiVecchio & Associates, has provided export compliance consulting services to U.S. exporters for nearly 40 years.
Continue Reading Compliance Chat: The Impact of Covid-19 on the Export Compliance Industry
Last May, I had an interesting discussion with my friend and mentor on all things related to export compliance, Paul DiVecchio.
Paul, the principal of the Boston-based DiVecchio & Associates, has provided export compliance consulting services to U.S. exporters for nearly 40 years.
The story he told me is something that might keep export compliance officers up at night, and it has stuck in my head ever since. Now that I have this blog, I’d like to share some of the highlights of our discussion. You can also see his original account in American Shipper.
Continue Reading The Tale of Huawei and the Prepublication Notice
The “Right to be Forgotten” has sailed across the Atlantic. From its origin in a 2014 CJEU case involving Google and subsequent codification in the GDPR, it has now entered the U.S. data privacy landscape in the form of the CCPA’s “Right to Deletion.”
While there are important differences between the two, both essentially allow a data subject (or “consumer,” in the CCPA’s terminology) to ask a data controller (or “business,” in CCPA language) to delete personal information it has collected about that individual.
This development has understandably been the subject of some fascinating philosophical and political discussions, but I am more interested in a basic, practical question: in short, how can companies actually carry out these requests?
Continue Reading Complying with Data Subject Requests: Back to the Basics