Company investigations (whether self-initiated or required by regulators) generally require the collection, review, and analysis of data to identify documents and other materials that are relevant to the investigation. An investigation may result in the need to access sensitive personal data or, frequently, involve the review of other materials that happen to include personal data even when such personal data is not relevant to the investigation.
Given the diversity of data protection and privacy laws in the Asia-Pacific region and the consequences from violating such laws, companies should consider developing a strategy to manage data risks before conducting corporate investigations.
Our recent client alert will provide you with the key considerations for managing data privacy risks when conducting corporate investigations in the Asia-Pacific region.