David C. Shonka, Esquire-Principal Deputy General Counsel, Federal Trade Commission
Benton Armstrong - Principal, Analytic and Forensic Technology, Deloitte Financial Advisory Services LLP
David Shonka stressed from the beginning, "if there is one takeaway best practice from this session-get local advice. European Union directives are not the last bit of advice. Each nation has its own interpretation of it. Local law firms in Europe and Asia are much more sophisticated now and can offer better advice."
Initial considerations for global eDiscovery:
- Who has Jurisdiction?
- Who has control of the data?(maybe a 3rd party?) (Where is that party sitting?)
- Duplicate copies in the US?
- Where does the data sit?
- If you can get it, can you move it? Lot of restrictions on transfer (personal and sensitive data)
Companies are employing new mobile technologies to go in with a small data center to process out personal and private data, then you can negotiate for collection/transfer from that point. For example, data sitting on server in Eastern Europe but it is Austrian employees' data. It was treated as though they were doing a collection in the Czech Republic. They ultimately collected what they needed but it was a very long and difficult process-got consent from the Data Privacy officer in the Czech Republic. Since this is a relatively new phenomenon, they are being extra cautious. Multinational organizations need to anticipate this.
There can be problems when parties do not want to cooperate but ultimately they do. Preservation process- while the consent process is going on the data is not preserved. Employees delay and then 5000 deletions will occur just before the data is supposed to be preserved.
We are getting better and more sensitive to private data in the US but still not equal to the EU. Convergence going on-don't think they will ever meet-but the realities of dealing with a global economy is forcing people to cooperate. Reminder that under the EU directive, looking at data equals "processing" and there are different stages:
- Onward transfer
- Secondary use
- Who collects? Employees? Can cause problems
- In what form? Native or a forensic copy? Physical or logical? Remote or direct connect?
Best practice from Benton Armstrong-"get all stakeholders together at the outset."Records Managers, Legal, IT from many if not all different offices and locations. Get the potential roadblocks out in the open early so you can plan for some of them. It will make the process much faster.
One positive thing I learned from this panel is that, since I first started this blog, the best practices for international eDiscovery have evolved. While certainly not simple and without potential pitfalls, there are now better operating procedures and protocols for negotiating this tricky area. I suspect as more and more global companies implement policies and procedures and have better trained and more experienced practitioners involved, the potential pitfalls will continue to dissipate.