By Cary J. Calderone
Data Privacy Issues for Multinational Corporations. Or, what kind of food do they serve at your jail?
Data compliance in the USA and EU is an important and evolving area of document retention and electronic discovery law. One of my first research projects involving electronic data was for a company looking to pro-actively set and maintain good e-document retention policies and plans for their multi-national company which included a publicly traded US Corporation. On the one hand, we have Sarbanes-Oxley requirements for managing corporate computer data that contains content and processes of a company’s financial record keeping and technology systems. On the other hand, we have European Union privacy-protection rules prohibiting even the collection and review of emails which contain personal information.
So I raised my hand and asked a question. The very informed panel, which included Amor Esteban, Partner, Shook Hardy & Bacon LLP, Mark Smith, Senior Associate, Winston & Strawn LLP, Tom Hopkinson, Director, Forensic Technology, KPMG Europe LLP and Moderator, Omid Yazdi, Managing Director, Forensic, KPMG LLP explained part of the reason for this divergence was due to the history of European countries and their experiences with Totalitarian governments. They commented that I raised a good question, even though I added my tongue-in-cheek observation to advise General Counsel to pick the countries with the harshest jails, and follow their rules first. I expected they would laugh and then propose a valid work-around. They sort of agreed that it was virtually impossible to be totally compliant with the letter of the law in the EU and US in the area of email retention. One noted that recently a French lawyer was criminally charged for violating French Blocking statutes and faced jail time for working with US lawyers to produce materials in a way that violated French law. So apparently considering the jails and penalties is a valid approach to setting a Multi-National electronic document policy. Yikes!