Presentation is loading. Please wait.

Presentation is loading. Please wait.

EDiscovery Privacy Concerns in North America and Abroad ALM Counsel Summit October 24, 2013.

Published byLee Chapman Modified over 9 years ago

Similar presentations

Presentation on theme: "EDiscovery Privacy Concerns in North America and Abroad ALM Counsel Summit October 24, 2013."— Presentation transcript:

1 eDiscovery Privacy Concerns in North America and Abroad ALM Counsel Summit October 24, 2013

2 90% of the world’s data was created over the last two years. As data created and stored online increases, discovery of documents and electronic information is an increasingly important part of litigation and corporate transactions in the United States. General rule of thumb: if data relates to an identifiable person, then some privacy law might apply – not limited to custodian information Ongoing conflicts between privacy/data protection laws, both domestic and foreign, and discovery requirements Data Privacy and e-Discovery

3 Domestic Privacy Laws Increasing number of US data privacy laws and increased focus on privacy issues by regulators Approximately 25 federal laws and regulations that involve privacy and employee or customer information Overwhelming majority of states have passed regulations related to privacy – Social media access in employment Key regulations include: – HIPAA/High Tech Act (medical information) – Stored Communications Act (information stored by third parties, social media) – Gramm-Leach-Bliley (financial information)

4 Problems with foreign discovery are driven by fundamental differences in legal systems and privacy/data protection laws Differing notions of “privacy” (fundamental right v. industry specific) Differing notions of “discovery” (common law jurisdictions vs. EU) U.S. courts are frequently unfamiliar with, or are dismissive of foreign restrictions on cross-border discovery International Data Protection

5 Cross-Border Regulations  E.U. Data Protection Directive (95/46) – States should implement laws to restrict all manner of “processing” of “personal data” – Prohibits transfer of personal data outside the E.U. Exception: the country to which it is transferred provides “adequate protection” of personal data (E.U. Directive Article 25) – Countries who meet the E.U. “Adequate Protection” standard Canada Argentina Switzerland Israel

6 Personal Data Broad Definition of “Personal Data” under the EU Data Protection Directive: Any information that can be used directly or indirectly to identify and individual (e.g., the name of the sender or recipient(s) of an email.

7 Additional EU Directive Terms “Data Subject” is usually an individual and sometimes an employee of a “Data Controller/Employer. However in Italy, a corporate entity can be a Data Subject as well “Data Processing” is any Handling of Personal Data outside the normal use – Preservation (litigation hold) may be considered processing if it involves manipulation of data, such as moving data to a secure server or even preserving in place

8 EU Data Protection Directive  Rule: Any transfer of personal data to a third party requires justification and – in case of countries outside EEA – additional safeguards  Statutory Exceptions (Derogations): – “Transfer necessary to safeguard legitimate interests of parties to litigation and no overriding interests of affected individuals” – “Transfer necessary for exercise or defence of legal claims in court” – Transmission may require notification/permission of local Data Protection Agencies

9 New EU Data Protection Regulation Adopted by EU Commission on 1/25/12 Must be ratified by Council of Europe and European Parliament – 2 to 3 year process Objectives: greater uniformity of data protection efforts among EU member states; and centralization of authority (“one stop shop”) for data protection issues for multinational corporations

10 Article 29 Working Party Group established by the 1995 Data Protection Directive Has engaged with Sedona Conference In 2009 issued Working Document on pre-Trial Discovery (WP158) Fairly conservative analysis of the subject But conceded that transfers of personal data to the US for litigation purposes were permissible subject to safeguards including: Assessment of relevance should be carried out in EU Only data actually necessary for claims or defenses should be transferred Pa ge 10

11 The Sedona Conference Framework for Analysis of Cross-border Discovery Conflicts published 2008 International Principles and Best Practices on Discovery, Disclosure & Data Protection published December 2011 Has encouraged a dialogue between EU regulators and the US judiciary, with high-level input on both sides Fundamental principles are that personal data should be restricted to the level necessary to resolve the issues in the case, and that further disclosure should be subject to the terms of a protective order Pa ge 11

12 Latin American Privacy Laws Based on Constitutional Right of “Habeas Data” (i.e.,“You have the Data”): – Brazil – 1988 – Paraguay – Peru – Argentina – Costa Rica – Mexico

13 Evolution of International Privacy Law RegionAdopted/ConsideringSummary MexicoReleased draft privacy regulations that work with existing data protection law Applies to controllers handling “sensitive personal data” Restricts int’l transfer RussiaAmended privacy law, “On personal data” Strict privacy stance Permits uninhibited transfer to EU Empowers a special agency to determine data security adequacy ChinaReleased “Provisions on the Administration of Internet Information Services” Framed around “Internet Information Service Providers” (IISPs) Restricts IISP’s conduct in various ways

14 Global E-Discovery CountrySummary and recent developments Hong Kong (Common Law) Special Administrative Region (SAR) Uses traditional English discovery law Hong Kong International Arbitration Center China (Civil Law) Transferring state secrets out of country is strictly protected Singapore (Common Law) Have passed an “opt-in” e-discovery system, but seldom used in litigation No dedicated data protection or privacy legislation, though some is currently being discussed Singapore International Arbitration Centre South Korea Blocking Statute that applies to cross-border transfers for purpose of foreign litigation Japan (Civil Law) Japan Privacy Act permits the conditional transfer of personal information from a corporate entity to a third party; e-discovery still evolving

15 Global E-Discovery CountryLawSummary CanadaOntario Rules of Civil Procedure Directly calls counsel to implement discovery plan that incorporates how to handle production of ESI Makes an explicit call for cooperation and meet and confer Requires counsel to confer with the Sedona Canada Principles AustraliaPractice Note CM 6 Courts may order electronic format production where “the use of technology… will help facilitate the quick, inexpensive and efficient resolution of the matter” Pre-discovery and pre-trial checklists; p laces an expectation on counsel that they have considered the issues in the list, and are in a position to inform the court on how they will be addressed

16 Aerospatial Comity Analysis (1) the importance to the... litigation of the documents or other information requested (2) the degree of specificity of the request (3) whether the information originated in the United States (4) the availability of alternative means of securing the information (5) the extent to which noncompliance with the request would undermine important interests of the United States, or compliance with the request would undermine important interests of the state where the information is located Data Protection, Privacy, Cross-Border Pa ge 16 Restatement (Third) of Foreign Relations Law of the United States

17 The Components Data Protection, Privacy, Cross-Border Pa ge 17 v Restatement (Third) of Foreign Relations Law of the United States + Aerospatiale Article 29 of EU Directive 95/46/EC + Individual State implementations

18 Whoever heard of limiting the scope of Discovery? Data Protection, Privacy, Cross-Border Pa ge 18 Discovery limited in scope = Intelligent appraisal of issues – what do we really need? + Protective Order + Technology to identify and filter quickly

19 A Changing Climate? Data Protection, Privacy, Cross-Border Pa ge 19 EU Draft General Data Protection Regulation will tighten rules ABA Report and Resolution 103 Sedona Conference – International Principles on Discovery, Disclosure & Data Protection Respect, good faith, reasonableness, protective order, discovery limited in scope, compliance with Data Protection obligations

20 Practice Points Loop in counsel/data privacy experts early! Know where is your data is located. Are any international issues implicated? Can anyone in the US access the data for routine business matters? Know what is included in your data. Which databases at your company include potentially private information? Remember your clients’ data as well as your employees’ data. Know the the applicable privacy laws and/or blocking statutes. For international cases, think outside the box. What kind of collection can you do – Forensic? Targeted? Can you process in country? Can you review for responsiveness in country? Can you use a TAR technology to get to the relevant information sooner? Data Protection, Privacy, Cross-Border Pa ge 20

21 Questions? Pa ge 21

Download ppt "EDiscovery Privacy Concerns in North America and Abroad ALM Counsel Summit October 24, 2013."

Similar presentations

Public Sector Information & Data Protection: A plea for personal privacy settings for the re-use of PSI Bart van der Sloot Institute for Information Law.

Public Sector Information & Data Protection: A plea for personal privacy settings for the re-use of PSI Bart van der Sloot Institute for Information Law.
PRIVACY ASPECTS OF RE-USE OF PSI: BETWEEN PRIVATE AND PUBLIC SECTOR

PRIVACY ASPECTS OF RE-USE OF PSI: BETWEEN PRIVATE AND PUBLIC SECTOR
In-house lawyers and legal privilege in competition law investigations

In-house lawyers and legal privilege in competition law investigations
Introduction to basic principles of Regulation (EC) 45/2001 Sophie Louveaux María Verónica Pérez Asinari.

Introduction to basic principles of Regulation (EC) 45/2001 Sophie Louveaux María Verónica Pérez Asinari.
Webinar Sponsorship Partner. Jason Velasco Jason Velasco is an electronic discovery industry veteran with more than 15 years of experience in electronic.

Webinar Sponsorship Partner. Jason Velasco Jason Velasco is an electronic discovery industry veteran with more than 15 years of experience in electronic.
E-Discovery New Rules of Civil Procedure Presented by Lucy Isaki January 23, 2007.

E-Discovery New Rules of Civil Procedure Presented by Lucy Isaki January 23, 2007.
© 2005 Morrison & Foerster LLP All Rights Reserved Data Security and Incident Notification: The Impact of Foreign Law Presented April 26, 2006 to EDUCAUSE.

© 2005 Morrison & Foerster LLP All Rights Reserved Data Security and Incident Notification: The Impact of Foreign Law Presented April 26, 2006 to EDUCAUSE.
1 PRIVACY ISSUES IN THE U.S. – CANADA CROSS BORDER BUSINESS CONTEXT Presented by: Anneli LeGault ACC Greater New York Chapter Compliance Seminar May 19,

1 PRIVACY ISSUES IN THE U.S. – CANADA CROSS BORDER BUSINESS CONTEXT Presented by: Anneli LeGault ACC Greater New York Chapter Compliance Seminar May 19,
Hong Kong Privacy Code on Human Resource Management

Hong Kong Privacy Code on Human Resource Management
Managing Personal Information - Australian Companies Outsourcing to India and the Philippines Professor Margaret Jackson and Marita Shelly.

Managing Personal Information - Australian Companies Outsourcing to India and the Philippines Professor Margaret Jackson and Marita Shelly.
EU: Bilateral Agreements of Member States. Formerly concluded international agreements of Member States with third countries Article 351 TFEU The rights.

EU: Bilateral Agreements of Member States. Formerly concluded international agreements of Member States with third countries Article 351 TFEU The rights.
Lecture to Carleton University, Center for European Studies, December 1, 2010.

Lecture to Carleton University, Center for European Studies, December 1, 2010.
What if my organization conducts business across borders ? Your footnote Privacy and “Personal Information” have different meanings in different countries;

What if my organization conducts business across borders ? Your footnote Privacy and “Personal Information” have different meanings in different countries;
Towards a Freedom of Information Law in Qatar Fahad bin Mohammed Al Attiya Executive Chairman, Qatar National Food Security Programme.

Towards a Freedom of Information Law in Qatar Fahad bin Mohammed Al Attiya Executive Chairman, Qatar National Food Security Programme.
The U.S.-E.U. Safe Harbor Framework The U.S.-E.U. Safe Harbor Framework New Developments in Data Flows, Standards, & Compliance Damon Greer U.S. Department.

The U.S.-E.U. Safe Harbor Framework The U.S.-E.U. Safe Harbor Framework New Developments in Data Flows, Standards, & Compliance Damon Greer U.S. Department.
Anomalous Aspects of Transfer of Personal Data from the E.U. to the U.S. Stephen R. Bell Willkie Farr & Gallagher ABA Section of International Law New.

Anomalous Aspects of Transfer of Personal Data from the E.U. to the U.S. Stephen R. Bell Willkie Farr & Gallagher ABA Section of International Law New.
Data Protection: International. Data Protection: a Human Right Part of Right to Personal Privacy Personal Privacy : necessary in a Democratic Society.

Data Protection: International. Data Protection: a Human Right Part of Right to Personal Privacy Personal Privacy : necessary in a Democratic Society.
Class 13 Internet Privacy Law European Privacy.

Class 13 Internet Privacy Law European Privacy.
THE CHOICES WE MAKE THAT MATTER – International Data Privacy/Protection JILL L. UREY, ASSISTANT GENERAL COUNSEL MID-ATLANTIC CIO FORUM NOVEMBER 20, 2014.

THE CHOICES WE MAKE THAT MATTER – International Data Privacy/Protection JILL L. UREY, ASSISTANT GENERAL COUNSEL MID-ATLANTIC CIO FORUM NOVEMBER 20, 2014.
Attorney at the Bars of Paris and Brussels Database exploitation & Data protection Thibault Verbiest Amsterdam 1 April 2005

Attorney at the Bars of Paris and Brussels Database exploitation & Data protection Thibault Verbiest Amsterdam 1 April 2005

Similar presentations

Ads by Google