Few major multinationals today could run their global human resources function without a Human Resources Information Systems, whether the HRIS is a complex program from a high-profile vendor like SAP, Oracle, and PeopleSoft, or whether the HRIS is just an in-house-developed intranet, internal website, or even merely an e-mailed spreadsheet or data compilation. Without HRIS, large multinationals could not globally track personnel records and other HR offerings (timekeeping, payroll, benefits claims/administration, stock options/ equity, performance management, discipline, pensions/investments, succession management, internal websites).

Domestically within the U.S., HRIS as a business tool raises few significant legal issues. Various aspects of traditional U.S. HR recordkeeping can implicate certain American laws (FCRA, HIPPA, records-retention requirements), but these issues, in the HRIS context, seem relatively minor in comparison to the sometimes-enormous impact of data laws on HRIS outside the United States.

European Union "data protection" (data privacy) laws include all HR data that could identify employees and imposes tight restrictions on sending personal data, including routine HR data, outside of Europe. Similar laws in jurisdictions as far-flung as Canada, Argentina, Hong Kong and Japan impose somewhat similar rules. These restrictions directly block, or at least limit, a multinational's freedom to input personal data about its own European employees into its own global HRI System.

This session will show U.S.-headquartered multinationals the "lay of the land" as to how overseas data laws require special adjustments to global HRIS. Topics include:

• Background and content of the European Union framework law ("directive") on data protection as it affects global HRIS
• "Best practices" and practical solutions for a U.S.-based multinational launching global HRIS with data about employees in Europe
• "Safe harbor" vs. "Binding Corporate Rules" vs. "model contractual clauses" vs. employee consents vs. "anonymization": Selecting the best strategy
• The special HRIS contexts of: diversity initiatives and "sensitive" data; Sarbanes-Oxley whistleblower hotlines; performance management systems; internal investigations; filings with and permissions from local "Data Protection Authorities"
• Global HRIS and data protection laws outside Europe, in Canada, Argentina, Hong Kong, Japan, and elsewhere -- and practical strategies for compliance

Donald C. Dowling, Jr., Partner and International Employment Counsel, White & Case, LLP