Professional Documents
Culture Documents
qxd
6/23/08
5:45 PM
Page 51
51
ert352_09_20201.qxd
6/23/08
5:45 PM
Page 52
systems require distinct yet sometimes duplicate skills and schedules to support islands
of technology that are performing similar
tasks and functions. As a result, they incur
increased costs whether they are supporting
these systems using internal IT resources or
external vendors. In addition, they also have
to manage multiple service-level agreements
(SLAs) and pay for separate hardware, operating systems, and databases.
One key issue that organizations wrestle with is the datasharing and privacy regulations that vary from country to
country.
Even with a centralized system in place,
there are still challenges to be faced when
competing globally. For example, it is difficult
to maintain equity globally while accommodating market-specific practices such as expense
allowances. Although a centralized system
enables a company to gain insight into whether
or not a region is conforming to corporate policy on allowances, the company still must plan
for necessary variations in that policy that
result because of government regulations or
even local market expectations. Another challenge is accounting for differences in local
data-privacy laws and options for managing the
compliant sharing of information. Local currencies, languages, and cultures also need to be
considered and managed through a system that
offers the flexibility to account for these variations. Organizations that understand the issues
can then begin strategizing the most effective
solutions to operate across multiple countries.
BEYOND COMPENSATIONNAVIGATING
DATA PRIVACY AROUND THE GLOBE
One key issue that organizations wrestle with
is the data-sharing and privacy regulations
that vary from country to country. For businesses that operate in the United States, organizations tend to focus on U.S.- or industryspecific data and reporting requirements
such as those under the Sarbanes-Oxley Act
and the Health Insurance Portability and
Accountability Act (HIPAA). A shift in processes and thinking is required when facing
the challenges of operating in other countries that embrace an entirely different set
of standards.
Organizations that do business in Europe,
for example, need to meet requirements set
forth by the European Union. The EUs dataprotection directive3 sets restrictions on how
elements of personal information can be
collected, stored, and shared, and these vary
from similar U.S. privacy restrictions or even
run counter to other U.S. laws. Under the EU
directive, the focus is heavily on protecting
individuals and their personally identifying
information such as race, political affiliation,
sex, and name and even seemingly standard
business information such as an office phone
extension number. These types of data are
restricted from being shared unless explicit
employee permission is given or procedures
put in place to properly protect this information. Organizations must be aware that personal data that is protected under EU privacy
directives could be the same data that could
be requested under U.S. law such as the
PATRIOT Act. It is these types of conflicts
that require scrutiny once a U.S. company
goes abroad and needs to adhere to new rules
and requirements when it comes to their
employee data.
The EU restricts the transfer of data to
those countries that it deems do not have rigorous data-privacy regulations, including the
United States. However, there are a few
countries within which companies are free to
52
Robert Mattson
Employment Relations Today
DOI 10.1002/ert
ert352_09_20201.qxd
6/23/08
5:45 PM
Page 53
Summer 2008
DOI 10.1002/ert
To manage the transfer of data to other countries, multinational employers need to adopt compliance strategies for
managing employee data.
country in which employee data is accessible, organizations will be deemed compliant and able to share data and conduct
business without interruption.
Model contracts are another strategy for
complying with data-sharing privacy
rules. These contracts contain standard
clauses that are accepted throughout the
EU and require organizations to adhere to
established terms before data can be
shared between them, even in the case of
corporate subsidiaries.
Binding corporate rules are multinational data-protection standards that are
adopted by a corporate group. In 2005,
General Electric was the first organization
to ever use these rules and the first to be
granted permission in the United Kingdom
53
ert352_09_20201.qxd
6/23/08
5:45 PM
Page 54
to export data. A benefit to binding corporate rules is the ability to negotiate content, reporting, and compliance mechanisms with the data-privacy regulators in
each country. Many countries, such as
Germany, require data-privacy regulations
to be approved by local work councils,
which can extend the time it takes to
become compliant.
Although there are challenges with managing data-privacy regulations from country to
country, heightened awareness of the various
options will enable effective compliance and
adherence to varying data-protection requirements. Because many data-privacy options
can take months or years to achieve compliance, many companies focus initially on getting employees to sign consent forms. In the
case where consent is not given, it is important to have a compensation system where
access to employee information is easily
restricted based on geography and status of
consent. Also, the compensation system
should make it easy to implement proxies so
a manager in the employees country can act
on behalf of an actual manager who resides
in another country.
VARIATIONS IN COMPENSATION
STRUCTURES AND LEVELS
In addition to navigating various data-privacy
regulations, maintaining equity globally is
54
Robert Mattson
Employment Relations Today
DOI 10.1002/ert
ert352_09_20201.qxd
6/23/08
5:45 PM
Page 55
Summer 2008
DOI 10.1002/ert
55
ert352_09_20201.qxd
6/23/08
5:45 PM
Page 56
1. Have a centralized system for compensation management. A centralized system reduces IT expenses as well as provides more stringent budgetary control
and the data visibility necessary to make
informed decisions.
2. Find a data-privacy strategy that best
meets your organizational needs. One
size does not fit all. With multiple options
for managing data storage and sharing,
choose one that delivers the flexibility you
need and enables you to remain compliant
in the areas where you operate.
3. Target your focus for market data to
meet specific needs. Salary surveys may
not be available for new or emerging
markets. In areas such as Brazil, China,
and Russia, which have a shorter history
than that of U.S. companies with established business operations, be prepared to
go out and do individual surveys. Instead
of pricing 150 jobs as you may in more
developed markets, focus on the top 20
jobs that you will have operating in this
emerging area to determine the cost of
talent.
56
Robert Mattson
Employment Relations Today
DOI 10.1002/ert
ert352_09_20201.qxd
6/23/08
5:45 PM
Page 57
Summer 2008
DOI 10.1002/ert
57