43 nations have signed on to the Convention on Cybercrime drafted by the Council of Europe with considerable input from the United States. The cost of combating cyber crime committed overseas may now be passed on to American businesses. Under the new treaty, participating countries are given sweeping access to information in United States for cybercrimes that may have been committed overseas.
For example, France has strict laws addressing the sale of Nazi memorabilia. Sale of those items on eBay may not necessarily violate United States laws. However, French authorities may seek information from buyers and sellers in the United States regarding sales that are otherwise legal in the U.S. . Article 12 of the treaty may make businesses liable for “lack of supervision or control” of employees to may have committed criminal offense(s) covered by the convention. Businesses need to watch employee activity that, while legal in the United States, may violate the laws of a participating signer of the treaty.
The record retention requirements in the treaty may require business to address the electronic discovery (eDiscovery) and computer forensics requirements that may be mandated by this new law. The costs of the Treaty will be borne by the private sector.