What is SOX?
The Sarbanes-Oxley Act of 2002 (SOX) is a U.S. federal law enacted in 2002 in response to a series of major corporate and accounting scandals to set new and expanded accountability requirements for public corporations’ boards of directors, and criminal penalties for certain misconduct. Under SOX, public companies have to establish a procedure to confidentially receive and process complaints about fraud related to misappropriation of assets or material misstatements in financial reports from whistle-blowers.
In the context of privacy, SOX is important because it creates conflict between SOX (that applies to American companies doing business in Europe), requiring companies to facilitate the ability of employees to report wrong-doing and EU Data Protection laws, limiting use of personal data due to potential prejudice to individuals.