Cross Border Data Transfers for Litigation and Investigation

Slides:



Advertisements
Similar presentations
Yukiko Ko Binding Corporate Rules – Global Implications Conference on Cross Border Data Flows and Privacy October 16, 2007.
Advertisements

E.U. Consultation on Commission Staff Working Document: Transnational Company Agreements – TCA’s.
Freshfields Bruckhaus Deringer LLP Global investigations What to advise your board Marius Berenbrok Edward Braham Matthew Herman Melissa Thomas 29 February.
The Geopolitics of Personal Data and the Governance of Privacy Colin J. Bennett Department of Political Science University of Victoria BC, Canada
Cross Border Internal Investigations Roger Best 06 July 2011.
Developing a Records & Information Retention & Disposition Program:
Per Anders Eriksson
Class 13 Internet Privacy Law European Privacy.
THE CHOICES WE MAKE THAT MATTER – International Data Privacy/Protection JILL L. UREY, ASSISTANT GENERAL COUNSEL MID-ATLANTIC CIO FORUM NOVEMBER 20, 2014.
Mitigating the Social Impact of Oil Operations 18th World Energy Conference Eleodoro Mayorga Alba World Bank October 22, 2001.
LegalTech Asia DATA PRIVACY LAWS UPDATE Edward Chatterton 4 March 2013.
HIPAA Trading Partners, Legal Relationships October 2, 2001 presented by Peter B. Goldstein, Esq. Cap Gemini Ernst & Young, US LLC.
Global Employer: Implementing Employment Contracts, Employee Handbooks and Work Policies Matthew Howse, Partner, Morgan Lewis & Bockius.
Privacy Codes of Conduct as a self- regulatory approach to cope with restrictions on transborder data flow Dr. Anja Miedbrodt Exemplified with the help.
CORPORATE COMPLIANCE Tim Timmons Vice President Compliance and Regulatory Services Health Future, LLC.
0 Overview of the Foreign Corrupt Practices Act and Related Corporate Procedures (A312, A312A and A301)
©2008, Promega Corporation. All rights reserved. ©2007, Promega Corporation. All rights reserved. Global Financial Crisis -- Practical Implications for.
Attorney-Client Privilege and Privacy Considerations Between US Corporations & Foreign Affiliates General Counsel Conference, Washington, D.C. October.
Conducting Cross-Border International Internal Investigations Association of Corporate Counsel International Legal Affairs Committee Jeffrey D. Clark Willkie.
The European influence on privacy law and practice Nigel Waters, Pacific Privacy Consulting International Dimension of E-commerce and Cyberspace Regulation.
Managing Risks Associated With Privacy Alison Baker- Senior Associate Hall & Wilcox 24 November
IBT - Electronic Commerce Privacy Concerns Victor H. Bouganim WCL, American University.
International Investigations: Issues to Consider When Conducting or Defending Against an FCPA Investigation Outside the United States Presented by: Sandee.
INTERNATIONAL E-DISCOVERY: WHEN CULTURES COLLIDE Alvin F. Lindsay Hogan & Hartson LLP.
1 Managing Your International Business Panelists: Sean Power, General Counsel BlueScope Steel North America Corporation Steven O’Hern, Senior Legal Counsel.
PIPEDA and Receivables Management Robin Gould-Soil Receivables Management Association of Canada November 16, 2011.
Federal Trade Commission U.S. Rules on Privacy and Data Security Organization for International Investment General Counsel Conference October 16, 2009.
Implementing an Effective Global Anti-Bribery Program Implementing an Effective Global Anti-Bribery Program Elaine Murphy, MBA Director Health Care Compliance.
Malcolm Crompton APEC Information Privacy Framework: review, impact, & progress APEC Symposium on Information Privacy Protection in E Government & E Commerce.
Privacy: An International Perspective Marty Abrams August 18, 2008.
Legal Issues Contracts & Electronic Discovery Source: CSA Security Guidance Report v.3 Presented by: Toby Tobkin – 1.
1 TAIEX JHA Workshop on data protection and cloud computing Data transfers to third countries and standard contractual clauses Skopje, 29 May 2014.
Introduction to the Australian Privacy Principles & the OAIC’s regulatory approach Privacy Awareness Week 2016.
Investigations: Strategies and Recommendations (Hints and Tips) Leah Lane, CFE Director, Global Investigations, Texas Instruments, Inc.
Key Points for a Privacy Programme for Multinationals Steve Coope.
HOW TO AVOID COMMON DATA BREACH PITFALLS IAPP Privacy Academy 2014.
Business Challenges in the evolution of HOME AUTOMATION (IoT)
New York City PMI Chapter Professor Martin Flank MBA, PMP April 20, 2016 Managing Global Projects.
Law Firm Data Security: What In-house Counsel Need to Know
Data Protection Officer’s Overview of the GDPR
Accountability & Structured Privacy Management
Peter Swire Holder Chair of Law and Ethics
Surveillance around the world
Hot Topics in the Financial Industry: Cybersecurity
Education for Democracy.
6 October 2016 Social media: do you have the right social media strategy that will impact your business’ growth? - Legal and Regulatory Issues William.
Decrypting Data Compliance in China
General Data Protection Regulation
General Data Protection Regulations Preparing for the upcoming changes in data protection law David Jones & Angharad Williams.
International Regulatory Trends
Privacy and Security in the Employment Relationship
Information Governance and Data Privacy: A World of Risk
Microsoft Corporation
Bob Siegel President Privacy Ref, Inc.
Protection of Personal Information Bill: An International Perspective
General Data Protection Regulation
Data Protection What’s new about The General Data Protection Regulation (GDPR) May 2018? Call Kerry on Or .
Health Care: Privacy in a Digital Age
Data transfers to non-EU countries under the new GDPR
Trade Secrets 2018: International
Michael J. Bridwell John F. Kuckelman
The European Anti-Corruption Report
What YOUR ORGANIZATION CAN be doing to prepare
The Impact of Digitization on Global Alignment of Product Safety Regulations ICPHSO International Symposium November 12, 2018.
Managing Privacy Risk in Your Commercial Practices
GDPR PERSONDATAFORORDNINGEN I PRAKSIS
Presented by Anthony J. Campiti Thompson & Knight LLP One Arts Plaza
Data Privacy by Design Expanding Security for bepress Users
Overview of Good Regulatory Practice
Data Privacy and GDPR Jane Shvets
Presentation transcript:

Cross Border Data Transfers for Litigation and Investigation National Bar Association Corporate Counsel Conference Dana Point, California February 15, 2018

Cross Border Data Transfers for Litigation and Investigation Panelists Cecil Lynn, PayPal (Moderator) Justin Goggins, Bank of America Holly Loiseau, Weil, Gotshal & Manges, LLP Dominique Shelton, Alston & Bird, LLP David Shonka, Federal Trade Commission The views expressed are those of the presenter and are not necessarily those of their respective companies, law firms and agency.

Cross Border Data Transfers for Litigation and Investigation Agenda Calibration:  The State of EU, Asia and Latin American Data Privacy The Traditional US Approach EU, APAC, LATAM Legal Landscape (EU Data Privacy/GDPR/Trade Secrets) Systematic Approaches and Framework Practical Solutions for In-House Counsel Crystal Ball for GDPR/Asia/Other Countries

Calibration: The State of EU, Asia and Latin American Data Privacy

Global Laws GDPR (effective 5/25/18) Article 44- processor Obligations for onward transfer Latin America. Argentina GDPR –Like Data Privacy Bill (could be passed in 2018) Chinese Network Security Law (effective 6/1/17)

Calibration: Synthesizing Analysis on Data Transfers in APEC (Examples)

Calibration: Cross-Border Transfer Laws European Union Russia Switzerland China South Korea

Calibration: Global Compliance Checklist Identify the Countries that are critical for your business Understand whether you have cloud vendors or other vendors that might trigger compliance obligations Conduct privacy/security due diligence Be Aware of key developments in the EU, China, and US Train and Engage Your Employees

The Traditional US Approach

The Traditional US Approach U.S. laws are lenient when compared to data privacy regulations implemented in other countries. U.S. courts prefer open discovery. U.S. places less value on personal privacy of employees than other jurisdictions. No comprehensive Federal law regulating the use and collection of personal data. Protection of an employee’s private data is largely left to the states.

The Traditional US Approach Data privacy is regulated by the Federal Trade Commission and the Department of Commerce. Notably, while the European Union permits the transfer of data to countries that provide an “adequate” level of protection for personal information, the United States is not included in that list.

EU, APAC, LATAM Legal Landscape (EU Data Privacy/GDPR/Trade Secrets)

Fact Pattern Company is headquartered in Brussels, Belgium. Company sells products worldwide and is listed on the NYSE. Company has received an anonymous whistleblower complaint alleging that the company’s employees have paid bribes to foreign government officials in EU, Asia Pacific, and South America. How is this internal investigation (and any related litigation) impacted by data privacy laws? What are the risks to the Company? What are the implications for the cost of the investigation?

Factors to Consider Benefits of self-reporting and cooperation with U.S. regulators vs. compliance with the local data privacy regulations. Articulate the applicable data privacy restriction to U.S. regulators to avoid even the appearance of non-cooperation. Necessary to engage in cross border cooperation and coordination with in-country regulators, AUSAs and plaintiff’s counsel. Implications of: Blocking statutes Aggressive regulators Potential class actions by shareholders, or employees who have their personal data transferred during the investigation

Data Collection Consider if the data stored is on an employee’s work or personal device. If information is found on a work device, is the employee’s consent required prior to review or transfer of data? What if a third-party contractor has the necessary information? How can you review the data? Travel to country in which the data is stored. Partner with an on-site service provider that can set up servers with limited access to permit review in the U.S. Anonymize or redact documents prior to review. Engage local counsel familiar with data privacy law in that region to ensure compliance.

Production of Data Sharing data with opposing counsel, investigators, regulators. Producing data in the United States. Government to Government transfer. Using data to conduct interviews or depositions.

Other Considerations Language Barriers Cultural Barriers Beneficial to obtain translators from the country in which the documents were created. Cultural Barriers For some countries, there are cultural issues around privacy and distrust of employers and regulators that can impact data collection and data use.

Systematic Approaches and Framework

Systematic Approaches and Framework MLATs Largely Criminal Hague Evidence Convention Court Discovery // Optional Binding Corporate Rules Intrafirm transfers Standard Contractual Clauses Mandated terms Privacy Shield

Privacy Shield Background – How we got here Privacy Shield Issues Privacy Components Privacy Shield : How It Works Privacy Shield Requirements Conclusion / Questions

Practical Solutions for In-House Counsel

Practical Solutions for In-House Counsel There is no silver bullet Be Transparent Discuss Cross-Border issues openly and early both internally and with the courts. Don’t Hesitate to Educate Discuss Cross-Border issues openly and early both internally and with the other parties.

Practical Solutions for In-House Counsel Consult with In-Country Attorneys Talk to in-country experts whether they be in-house or outside counsel to make sure your know the specific laws of the jurisdiction. Be Consistent Don’t take a haphazard approach, make sure there are guidelines in place.

Practical Solutions for In-House Counsel Tiered Discovery Start with US-based sources and take a jurisdictional approach. Form of Production Consider whether data will need to be anonymized or coded to redact the names and titles of individuals.

Crystal Ball for GDPR/Asia/Other Countries

1 2 3 4 5 Practical Guidance Managing Compliance Document the Program Cross Border Transfer Vendor Governance Compliance with privacy and data Security laws Sachin/Sherry/Dominique to speak   In the online world, transparency is trust. Just as easily you embed technology protocols to collect data it’s equally important to carry that ease of use and consent by offering your customer choice and making it easy to get to. You know.. It is So important for not just say it, but do it. Enforce governance over data collection and sharing. Use third party tools such as ghostery or truste to monitor tag/cookie activity Hold internal violations accountable. Audit/Inventory Where is the personal data? Local Terms Global Terms Managing Consent Document compliance with laws Risk Avoidance and Mitigation Protocols Policies Procedures Repeat

Questions

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.