Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cross Border Data Transfers for Litigation and Investigation

Published byPreston Eaton Modified over 6 years ago

Similar presentations

Presentation on theme: "Cross Border Data Transfers for Litigation and Investigation"— Presentation transcript:

1 Cross Border Data Transfers for Litigation and Investigation
National Bar Association Corporate Counsel Conference Dana Point, California February 15, 2018

2 Cross Border Data Transfers for Litigation and Investigation
Panelists Cecil Lynn, PayPal (Moderator) Justin Goggins, Bank of America Holly Loiseau, Weil, Gotshal & Manges, LLP Dominique Shelton, Alston & Bird, LLP David Shonka, Federal Trade Commission The views expressed are those of the presenter and are not necessarily those of their respective companies, law firms and agency.

3 Cross Border Data Transfers for Litigation and Investigation
Agenda Calibration:  The State of EU, Asia and Latin American Data Privacy The Traditional US Approach EU, APAC, LATAM Legal Landscape (EU Data Privacy/GDPR/Trade Secrets) Systematic Approaches and Framework Practical Solutions for In-House Counsel Crystal Ball for GDPR/Asia/Other Countries

4 Calibration: The State of EU, Asia and Latin American Data Privacy

5 Global Laws GDPR (effective 5/25/18) Article 44- processor
Obligations for onward transfer Latin America. Argentina GDPR –Like Data Privacy Bill (could be passed in 2018) Chinese Network Security Law (effective 6/1/17)

6 Calibration: Synthesizing Analysis on Data Transfers in APEC (Examples)

7 Calibration: Cross-Border Transfer Laws
European Union Russia Switzerland China South Korea

8 Calibration: Global Compliance Checklist
Identify the Countries that are critical for your business Understand whether you have cloud vendors or other vendors that might trigger compliance obligations Conduct privacy/security due diligence Be Aware of key developments in the EU, China, and US Train and Engage Your Employees

9 The Traditional US Approach

10 The Traditional US Approach
U.S. laws are lenient when compared to data privacy regulations implemented in other countries. U.S. courts prefer open discovery. U.S. places less value on personal privacy of employees than other jurisdictions. No comprehensive Federal law regulating the use and collection of personal data. Protection of an employee’s private data is largely left to the states.

11 The Traditional US Approach
Data privacy is regulated by the Federal Trade Commission and the Department of Commerce. Notably, while the European Union permits the transfer of data to countries that provide an “adequate” level of protection for personal information, the United States is not included in that list.

12 EU, APAC, LATAM Legal Landscape (EU Data Privacy/GDPR/Trade Secrets)

13 Fact Pattern Company is headquartered in Brussels, Belgium.
Company sells products worldwide and is listed on the NYSE. Company has received an anonymous whistleblower complaint alleging that the company’s employees have paid bribes to foreign government officials in EU, Asia Pacific, and South America. How is this internal investigation (and any related litigation) impacted by data privacy laws? What are the risks to the Company? What are the implications for the cost of the investigation?

14 Factors to Consider Benefits of self-reporting and cooperation with U.S. regulators vs. compliance with the local data privacy regulations. Articulate the applicable data privacy restriction to U.S. regulators to avoid even the appearance of non-cooperation. Necessary to engage in cross border cooperation and coordination with in-country regulators, AUSAs and plaintiff’s counsel. Implications of: Blocking statutes Aggressive regulators Potential class actions by shareholders, or employees who have their personal data transferred during the investigation

15 Data Collection Consider if the data stored is on an employee’s work or personal device. If information is found on a work device, is the employee’s consent required prior to review or transfer of data? What if a third-party contractor has the necessary information? How can you review the data? Travel to country in which the data is stored. Partner with an on-site service provider that can set up servers with limited access to permit review in the U.S. Anonymize or redact documents prior to review. Engage local counsel familiar with data privacy law in that region to ensure compliance.

16 Production of Data Sharing data with opposing counsel, investigators, regulators. Producing data in the United States. Government to Government transfer. Using data to conduct interviews or depositions.

17 Other Considerations Language Barriers Cultural Barriers
Beneficial to obtain translators from the country in which the documents were created. Cultural Barriers For some countries, there are cultural issues around privacy and distrust of employers and regulators that can impact data collection and data use.

18 Systematic Approaches and Framework

19 Systematic Approaches and Framework
MLATs Largely Criminal Hague Evidence Convention Court Discovery // Optional Binding Corporate Rules Intrafirm transfers Standard Contractual Clauses Mandated terms Privacy Shield

20 Privacy Shield Background – How we got here Privacy Shield Issues
Privacy Components Privacy Shield : How It Works Privacy Shield Requirements Conclusion / Questions

21 Practical Solutions for In-House Counsel

22 Practical Solutions for In-House Counsel
There is no silver bullet Be Transparent Discuss Cross-Border issues openly and early both internally and with the courts. Don’t Hesitate to Educate Discuss Cross-Border issues openly and early both internally and with the other parties.

23 Practical Solutions for In-House Counsel
Consult with In-Country Attorneys Talk to in-country experts whether they be in-house or outside counsel to make sure your know the specific laws of the jurisdiction. Be Consistent Don’t take a haphazard approach, make sure there are guidelines in place.

24 Practical Solutions for In-House Counsel
Tiered Discovery Start with US-based sources and take a jurisdictional approach. Form of Production Consider whether data will need to be anonymized or coded to redact the names and titles of individuals.

25 Crystal Ball for GDPR/Asia/Other Countries

26 1 2 3 4 5 Practical Guidance Managing Compliance Document the Program
Cross Border Transfer Vendor Governance Compliance with privacy and data Security laws Sachin/Sherry/Dominique to speak In the online world, transparency is trust. Just as easily you embed technology protocols to collect data it’s equally important to carry that ease of use and consent by offering your customer choice and making it easy to get to. You know.. It is So important for not just say it, but do it. Enforce governance over data collection and sharing. Use third party tools such as ghostery or truste to monitor tag/cookie activity Hold internal violations accountable. Audit/Inventory Where is the personal data? Local Terms Global Terms Managing Consent Document compliance with laws Risk Avoidance and Mitigation Protocols Policies Procedures Repeat

27 Questions

Download ppt "Cross Border Data Transfers for Litigation and Investigation"

Similar presentations

Yukiko Ko yko@transunion.com Binding Corporate Rules – Global Implications Conference on Cross Border Data Flows and Privacy October 16, 2007.

Yukiko Ko Binding Corporate Rules – Global Implications Conference on Cross Border Data Flows and Privacy October 16, 2007.
E.U. Consultation on Commission Staff Working Document: Transnational Company Agreements – TCA’s.

E.U. Consultation on Commission Staff Working Document: Transnational Company Agreements – TCA’s.
Freshfields Bruckhaus Deringer LLP Global investigations What to advise your board Marius Berenbrok Edward Braham Matthew Herman Melissa Thomas 29 February.

Freshfields Bruckhaus Deringer LLP Global investigations What to advise your board Marius Berenbrok Edward Braham Matthew Herman Melissa Thomas 29 February.
The Geopolitics of Personal Data and the Governance of Privacy Colin J. Bennett Department of Political Science University of Victoria BC, Canada www.colinbennett.ca.

The Geopolitics of Personal Data and the Governance of Privacy Colin J. Bennett Department of Political Science University of Victoria BC, Canada
Cross Border Internal Investigations Roger Best 06 July 2011.

Cross Border Internal Investigations Roger Best 06 July 2011.
Developing a Records & Information Retention & Disposition Program:

Developing a Records & Information Retention & Disposition Program:
Per Anders Eriksson

Per Anders Eriksson
Class 13 Internet Privacy Law European Privacy.

Class 13 Internet Privacy Law European Privacy.
THE CHOICES WE MAKE THAT MATTER – International Data Privacy/Protection JILL L. UREY, ASSISTANT GENERAL COUNSEL MID-ATLANTIC CIO FORUM NOVEMBER 20, 2014.

THE CHOICES WE MAKE THAT MATTER – International Data Privacy/Protection JILL L. UREY, ASSISTANT GENERAL COUNSEL MID-ATLANTIC CIO FORUM NOVEMBER 20, 2014.
Mitigating the Social Impact of Oil Operations 18th World Energy Conference Eleodoro Mayorga Alba World Bank October 22, 2001.

Mitigating the Social Impact of Oil Operations 18th World Energy Conference Eleodoro Mayorga Alba World Bank October 22, 2001.
LegalTech Asia DATA PRIVACY LAWS UPDATE Edward Chatterton 4 March 2013.

LegalTech Asia DATA PRIVACY LAWS UPDATE Edward Chatterton 4 March 2013.
HIPAA Trading Partners, Legal Relationships October 2, 2001 presented by Peter B. Goldstein, Esq. Cap Gemini Ernst & Young, US LLC.

HIPAA Trading Partners, Legal Relationships October 2, 2001 presented by Peter B. Goldstein, Esq. Cap Gemini Ernst & Young, US LLC.
Www.morganlewis.com Global Employer: Implementing Employment Contracts, Employee Handbooks and Work Policies Matthew Howse, Partner, Morgan Lewis & Bockius.

Global Employer: Implementing Employment Contracts, Employee Handbooks and Work Policies Matthew Howse, Partner, Morgan Lewis & Bockius.
Privacy Codes of Conduct as a self- regulatory approach to cope with restrictions on transborder data flow Dr. Anja Miedbrodt Exemplified with the help.

Privacy Codes of Conduct as a self- regulatory approach to cope with restrictions on transborder data flow Dr. Anja Miedbrodt Exemplified with the help.
CORPORATE COMPLIANCE Tim Timmons Vice President Compliance and Regulatory Services Health Future, LLC.

CORPORATE COMPLIANCE Tim Timmons Vice President Compliance and Regulatory Services Health Future, LLC.
0 Overview of the Foreign Corrupt Practices Act and Related Corporate Procedures (A312, A312A and A301)

0 Overview of the Foreign Corrupt Practices Act and Related Corporate Procedures (A312, A312A and A301)
©2008, Promega Corporation. All rights reserved. ©2007, Promega Corporation. All rights reserved. Global Financial Crisis -- Practical Implications for.

©2008, Promega Corporation. All rights reserved. ©2007, Promega Corporation. All rights reserved. Global Financial Crisis -- Practical Implications for.
Attorney-Client Privilege and Privacy Considerations Between US Corporations & Foreign Affiliates General Counsel Conference, Washington, D.C. October.

Attorney-Client Privilege and Privacy Considerations Between US Corporations & Foreign Affiliates General Counsel Conference, Washington, D.C. October.
Conducting Cross-Border International Internal Investigations Association of Corporate Counsel International Legal Affairs Committee Jeffrey D. Clark Willkie.

Conducting Cross-Border International Internal Investigations Association of Corporate Counsel International Legal Affairs Committee Jeffrey D. Clark Willkie.
The European influence on privacy law and practice Nigel Waters, Pacific Privacy Consulting International Dimension of E-commerce and Cyberspace Regulation.

The European influence on privacy law and practice Nigel Waters, Pacific Privacy Consulting International Dimension of E-commerce and Cyberspace Regulation.

Similar presentations

Ads by Google