This week, Conduent released OmniX version 5.4, which introduces automated redactions functionality into the web-based document review platform. The integrated tool allows users to apply redactions automatically to specific terms in documents based on search results and advanced text pattern hits – this is particularly useful where personally identifiable information (PII) within a document, such as a social security or account number, must be concealed.
Why is automated redactions an important advancement in document review technology? First of all, automated redactions facilitate a faster and more accurate redaction process by eliminating the need to manually redact each portion of text deemed not relevant. For high-volume matters, the benefits can be significant.
Equally as important, however, is that automated redactions is a highly effective tool to help parties involved in cross-border matters – in which the protection of PII is critical – to better meet the multitude of complicated data privacy laws. Many countries, especially those in Europe, have adopted stringent rules aimed at protecting the privacy of citizens’ personal information. Specifically, the European Union’s Data Privacy Directive restricts when and how organizations can acquire, process, host, change, retrieve or transfer PII. Furthermore, some European countries have implemented “blocking” statues that in effect prevent what they consider to be an intrusion of privacy.
Since the U.S. does not have a similar privacy framework, when organizations share data across international borders to meet their U.S. discovery obligations without fulfilling the requirements of the foreign-based data protection rules, there can be serious ramifications.
As the New York Law Journal noted in its recent article by Anthony Diana, litigation partner at Mayer Brown in New York, and Gabriela Baron, Esq. of Conduent, “Proactively Navigate Cross-Border E-Discovery and Data Privacy,” organizations involved in cross-border litigation “must balance their need to comply with their discovery obligations with their need to respect foreign privacy laws: One way to do so is via redaction of the private information while producing the relevant information.”
Even after relevant data that an organization legally must produce in U.S. litigation is identified and isolated, concerns may linger over production of data that constitutes or contains personally identifiable information. The application of emerging redaction and anonymization techniques that eliminate personally identifiable information may assuage legal concerns with respect to data privacy statutes in foreign jurisdictions. While traditional manual redaction is time-consuming, challenging and prone to the errors of a subjective reviewer and therefore risks divulging private data, new tools are available that make redaction or anonymization techniques highly automated and therefore more efficient, accurate, and cost-effective. Most importantly, they help fulfill organizations’ data privacy obligations.
Automated redaction tools also can also be leveraged with advanced search techniques that recognize patterns of regular expressions, ensuring that all content matching that pattern is automatically redacted.
Clearly, emerging technologies such as automated redaction tools are just one option to help organizations meet obligations to foreign jurisdictions and U.S. e-discovery requirements, and use of such tools needs to be part of a larger compliance strategy – but it is a critical step forward.
About the Author