Back to School: A Primer on Cross-Border Discovery Issues

October 1, 2015

conduentblogs

In September, the Sedona Conference released its latest publication on e-discovery matters, Practical In-House Approaches for Cross-Border Discovery & Data Protection, for public comment. The publication addresses a number of hot-button issues for corporate counsel engaged in cross-border litigation, including varying international laws governing data privacy and protection and the differing ideas of disclosure and discovery. In doing so, it illustrates principles and practical guidance for handling cross-border matters with hypotheticals.

Given the complexities of cross-border discovery, we’ve provided below a summary of the most salient points:

Organizations should use best practices that mitigate conflicts between their discovery obligations and foreign data protection laws.
This begins with identifying cross-border data sources, reviewing the applicable laws, and working with privacy counsel to determine how to comply. E-discovery specialists can suggest methods for handling discovery with minimal disruption to data, such as organizing on-site processing and review. In addition, organizations should set up a comprehensive plan for discovery that includes all stakeholders, which will likely include the legal team and data custodians as well as human resources for navigating personnel concerns and cultural conflicts, and corporate communications for constructing appropriate messaging. Documentation can also go a long way toward demonstrating good faith, and the publication appendices include a suggested case management form and internal protocol for discovery. The appendices also include a sample infographic, frequently asked questions, and a heat map that can help foreign counsel and staff understand what is at stake.
Parties should take measures to restrict the scope of preservation and discovery of protected data.
Organizations should take several steps to cull and filter their data before transferring it for review. First, they can tailor their keyword searches to the relevant business terms, names, and dates. They should also apply terms that will identify e-mails or other documents that contain personal data, such as the names of financial institutions or e-mail domains usually used for personal accounts. Eyes-on review of documents may be necessary to ensure that protected data in nonresponsive documents is not transferred. When producing responsive documents that contain protected data, organizations should consider using automated anonymization, randomization, or redaction techniques.
Court orders or stipulations should minimize any conflict between data-privacy laws and discovery requirements.
Parties should work with opposing counsel to identify and define privacy issues early in a matter and obtain a stipulation; alternatively, they may need to ask the court for a protective order. This way, they can show data protection authorities as well as foreign document custodians that they have taken reasonable efforts to protect personal data.
Organizations should be able to demonstrate that they have addressed their data-protection obligations.
A primary issue with collecting information from foreign data subjects is that they can revoke their consent to data processing and transfer at any time. Therefore, counsel may find it useful to set up a series of transparency checkpoints throughout the matter lifecycle that permit subjects to reaffirm their consent, such as by implementing and periodically renewing a legal hold that requests consent to data transfer.
Organizations should retain protected data only as long as needed to meet their legal or business needs.
At the end of a matter, organizations should release legal holds and return or dispose of data that was transferred to the United States from abroad. The less personal information that organizations retain, the lower their risk.

The public comment period ends December 15, and you can e-mail your thoughts to comments@sedonaconference.org. Although in draft form, this document can still serve as a helpful blueprint for organizations handling matters involving international e-discovery.

Bill Mariano is vice president at Conduent. He can be reached at info@conduent.com.

Back to School: A Primer on Cross-Border Discovery Issues

2023 Recycling Awareness Week at Conduent: Key initiatives to reduce our global footprint

Five proactive ways to build a happier workforce

The ultimate brand experience stems from exceptional employee and customer interactions

Employee-centric workplaces contribute to happy customers and successful brands

For auto insurance carriers, offsetting medical inflation requires new processes and technology

Creating equity in instant payments with the FedNow Service

Five key steps on the road to digital modernization and streamlined data

Five principles for creating and maintaining thriving CX teams in government

The rise of check fraud and how digital payments can help combat it

With natural disasters, timely and efficient response is critical to those in financial need

Reflections on transitioning from military service, and the value of honour and commitment in the workplace

Want happy customers? Listen, relate and resolve their challenges with humanity

Driving Toward Sustainable Cities: The real, life-saving impacts of automated traffic enforcement

Five recession-proofing strategies for uncovering hidden capital

PRIDE Month: Courage, authenticity and building a culture of belonging

Creating the employee, customer and brand experience happiness trifecta

Child support services, collaboration and leadership focus of ERICSA 2023 annual conference

Podcast: Leading the Way to Employee Physical, Financial and Total Wellbeing

Three recession-proofing strategies to enhance customer satisfaction

World Environment Day: Programs making a difference in the Philippines