I cannot give a specific answer because I do not know the details. But for educational purposes, I can offer some general observations.
A wholly-owned subsidiary is normally a legal entity that is separate from its parent corporation. The parent owns the subsidiary, and elects its management, but the parent and subsidiary are not the same company.
When the parent asks the subsidiary to do something (such as release data, give access to a network, or follow certain security practices), the subsidiary's management must evaluate that request in light of what is in the best interests of the subsidiary. Management's legal duty is to the subsidiary, not to the parent. Management must be careful, for example, not to do the following:
- Give the subsidiary's assets away (which might undermine the subsidiary's legal and tax status as a separate corporation or might impair the rights of the subsidiary's creditors), or
- Violate local laws (such as privacy laws).
On the other hand, the subsidiary's management might decide it wants to comply with the parent's request in exchange for something from the parent, such as infrastructure support. Or, the subsidiary might have a contact with the parent, which requires the subsidiary to comply with the parent's requests.
None of Ben Wright's statements on SearchSecurity.com are legal advice for any particular situation. If you need legal advice, you should consult a lawyer.
This was first published in March 2004