Risk is different depending on the country Global information management measures.

At corporations that are deploying their business globally, a wide variety of data and information is accumulated at each site, such as information about vendors' companies, products and services gathered through business activities in each world site, information about their business dealings with the corporation and customers' personal information. Generally, corporations share the data and information gathered and managed at each site among headquarters and other sites and incorporate it into their initiatives to improve the quality of products and services and make work more efficient. In this way they strengthen their competitiveness and accelerate growth. However, corporations need to be careful about sharing and utilizing data and information obtained by each site, depending on the country, region and content.

When we talk about the risks involved in information management domestically, leaks of personal information and theft of confidential company information are the first things that come to mind. Naturally, we must pay full attention to these risks overseas as well. However, depending on the country or region where the overseas sites are located, if data and information obtained through local business activities is not managed and shared properly, the corporation risks becoming entangled in legal troubles, and serious damage to the local business.

In the past, corporations expanded overseas for the purpose of global specialization of business processes such as supply chain, production and logistics, after having evaluated costs and efficiencies worldwide. Currently however, the rapid growth of the emerging markets which corporations previously entered in order to specialize internationally, means that the goal of corporate expansion overseas has transformed to the development of new markets.

Furthermore, because of the significant growth of local markets, the sites deployed overseas have become equal to other sites in role and function. Such local sites now provide development and marketing functions in order to strengthen competitiveness. As a result, it is essential that the various types of data and information obtained by these sites through local business dealings is shared. Such data should be shared of course with headquarters, but also with other sites globally, so that it can be leveraged for the growth of every market.

We asked Toshiyuki Arai, an international lawyer who is a partner of the Paul Hastings LLP Corporate practice and chair of the firm's Tokyo office, about the risks involved with information management overseas. Mr. Hastings has extensive experience in the US and China regarding various legal risks, practical issues and lawsuits facing corporations operating overseas.

Concerning the legal risks involved with information management when businesses operate overseas, Arai explains, "For example, if we are talking about the US, let's take litigation related to competition law violations under the US Antitrust Law, which is equivalent to the Japanese Antimonopoly Act, intellectual property rights (IP) and product liability (PL). These are legal risks shared in countries where Japanese corporations are actively doing business."

Incidentally, there is a well-known trick in IP-related litigation known as a "patent troll." This where the individuals and groups who become the plaintiffs purchase patents from third parties and then exercise these patents to obtain license fees or hefty settlements, even though they are not doing any of the R&D, manufacturing or sales.

Concerning class-action lawsuits, Arai explains, "In Japan, the effect of a ruling in a class-action lawsuit extends only to persons, companies and groups that are named as plaintiffs. However, for example in the class action system in the US, the effect of a ruling extends to all persons recognized as having suffered the same harm, even if the plaintiffs are not named. Therefore in the US if corporations are judged responsible for cartels or PL lawsuits, they must pay a huge amount of compensation. If that happens, there is a risk to the local business of course, but there is a risk of severe damage to the corporate business infrastructure.

If we take the US as an example, we can see that not only do the legal risks vary overseas, but the scope of eligibility and the compensation monetary amounts are so large that it is incomparable with Japan. So what is the connection between legal risk and information management?

For example, the US judicial system has a procedure for gathering evidence called the "discovery system." Under this system, when there is a trial, one of the parties mandates the other party to provide existing information, including sensitive information other than protected information. In some cases under this system the courts order information held by third parties to be disclosed to the plaintiff side, not just that of the parties in the litigation. In addition to the systems and requirements surrounding various types of information in countries beyond Japan, new laws are constantly being enacted.

Comments Arai, "If companies do not submit the requested internal information appropriately, naturally this is disadvantageous in the lawsuit. But the possibility even exists that the company would lose the lawsuit if the request for information disclosure was not fulfilled."

One of the risks involved with information management if disclosure of internal information is requested is whether the necessary information can be located from within the company's internal information and secured in a timely way. Deleting information or documents is completely out of the question at such times.

It is best to consider all information held by a corporation as subject to the discovery system. Nowadays the better part of the information held by a corporation is stored electronically. Naturally electronic documents and data are subject to the discovery system. This is called "E-discovery" (electronic information disclosure).

Needless to say, a vast amount of data is held and managed by corporations. At corporations that develop businesses globally, some information assets are also dispersed to overseas sites. A global information management infrastructure is essential to finding and retrieving the required information from the vast amount of information dispersed globally. If not, it would likely be extremely difficult to both find and retrieve the required information.

As mentioned in the introduction, there is a tendency in Japanese information management to focus on security measures to prevent leaks of personal information and theft of confidential company information. Naturally, countermeasures for these risks are essential initiatives not only in Japan, but in any country or region. As mentioned above, in addition to these globally shared risks, it is also necessary to understand how requirements, types of risks and their size differ depending on the country.

Arai says, "The information management risks and the purport of laws relating to business are not that different in the countries where Japanese corporations are actively developing business. However, the fact is that the requirements for information transfer and how strictly information needs to be managed under the law vary greatly depending on the country."

In other words, legal requirements differ depending on the country, and some are interpreted strictly while others are interpreted more leniently. Because of this, it is thought that an efficient way of handling local information management is to implement the minimum necessary measures according to the local level of legal risk.

In response to this approach, Arai advises, "It is true that many corporations set a level for each country based on its legal risk and manage information accordingly. However, a corporation's information is shared and managed globally. So when policies differ for each site, it is highly likely that the legal risk will increase for the entire global operation. In actual fact many corporation get into big trouble this way. I believe that by setting the strictest management level as a best practice and applying it across all sites as a shared practice, corporations can reduce their legal risk across all of their global operations," Arai advises.

Arai also explains, "The shortcut to applying common policies across the globe for the operation of company-wide information management and for information security is to form a partnership with a single global and trusted ICT. It is often pointed out that this is also an effective way to ensure safety. Similarly, operations, application of security policies and maintenance become very difficult if corporations use different services in each country or region for networks and data centers that form the information management infrastructure. Therefore I think that it is most convenient to use networks and data centers that provide unified services across the globe."

For risk management measures involving global information management, it is necessary to join forces with a trustworthy ICT partner with a global track record. NTT Com has affiliated companies and offices in 43 countries, and provides a variety of services to support information management infrastructures. These include networks and cloud services in 196 countries and regions worldwide, all in a seamless one-stop service.

They are achieving a level of service quality that vastly exceeds the global standard. As a global Tier1 provider, NTT Com has a global-scale IP backbone that achieves an extremely high availability rate of 99.99%. NTT Com provides a variety of ICT services in addition to building and operating information management infrastructures, and has a wealth of experience gained from their ongoing contribution to the growth of corporations promoting their businesses on a global scale.

NTT Com has a wealth of experience in every overseas country and region where businesses are active, and will continue to support corporations aiming for global growth in the future.