Problem solve Get help with specific problems with your technologies, process and projects.

Does a subsidiary need to conform with its parent company's security policies?

We are a wholly-owned U.S. subsidiary registered in Minn., but our parent company is German, publically traded,...

but not on the U.S. stock market. Does it have legal rights to our data? Can it monitor our network? Can it legally require us to conform to its network policies? Does it have legal rights to access our network? Or can we legally restrict access to our network?

I cannot give a specific answer because I do not know the details. But for educational purposes, I can offer some general observations.

A wholly-owned subsidiary is normally a legal entity that is separate from its parent corporation. The parent owns the subsidiary, and elects its management, but the parent and subsidiary are not the same company.

When the parent asks the subsidiary to do something (such as release data, give access to a network, or follow certain security practices), the subsidiary's management must evaluate that request in light of what is in the best interests of the subsidiary. Management's legal duty is to the subsidiary, not to the parent. Management must be careful, for example, not to do the following:

  • Give the subsidiary's assets away (which might undermine the subsidiary's legal and tax status as a separate corporation or might impair the rights of the subsidiary's creditors), or
  • Violate local laws (such as privacy laws).

On the other hand, the subsidiary's management might decide it wants to comply with the parent's request in exchange for something from the parent, such as infrastructure support. Or, the subsidiary might have a contact with the parent, which requires the subsidiary to comply with the parent's requests.

None of Ben Wright's statements on SearchSecurity.com are legal advice for any particular situation. If you need legal advice, you should consult a lawyer.

This was last published in March 2004

Dig Deeper on Information security policies, procedures and guidelines