In This Issue:

	Feature Article: Data Protection & Privacy in International Electronic Discovery
	Case Law Update
	News & Events

Feature Article: Data Protection & Privacy in International Electronic Discovery

Due to discovery obligations across territorial boundaries, US corporations engaged in litigation requiring them to comply with the US rules of court must also disclose information stored at its facilities or subsidiaries in France, Germany and other locations around the world. Europe has a long and fierce history of preserving the individual's right to privacy and a complex network of legal rules designed to protect it. Therefore, companies engaged in legal disputes that involve European entities have to think carefully about how data is collected and processed, where document review databases are established and the location of the review team. Of course, careful thought also needs to be given to other specific local law issues (e.g., banking secrecy laws and employment laws) and differing privilege rules and the like.

We suggest US law firms and their corporate clients consider the following issues when the need to collect European data arises.

• Is it necessary to report the processing of data envisaged to and seek approval from the local data protection authority or works councils elected by employees?
• Is it necessary to notify or obtain the express consent of data custodians before collecting their data?
• Do the data custodians have to be told how the data is going to be interrogated?¹
• Are individuals whose data is to be collected entitled to be present when data is collected from their computers?
• Can data be transferred to the US for e-discovery processing?
• Can data be reviewed in the US via a web-based review tool?
• Do you need a local agent or nominated representative in the jurisdiction where the collection takes place?

Some providers have secured safe harbor status in the US, making it easier for data transfers to take place. The Safe Harbor framework is a set of standards developed by the US Department of Commerce and European Commission. Companies that adhere to the Safe Harbor framework are deemed to provide an adequate level of protection for data and data can be lawfully transferred from the EU to a compliant facility in the US for processing in connection with an electronic discovery engagement.

Where data collected in Europe needs to be transferred to the US, companies can rely on computer forensic experts to harvest data onsite – in a very targeted and rapid way. They can also rely on sophisticated filtering technology to search across potentially relevant data to identify key data. This reduces the risk of sending personal data out of Europe and ensures that only that which is necessary for the legal proceedings is transferred. To further reduce the risk, the reduced data set can be reviewed for confidentiality in Europe and references to individuals redacted out before the data is accessed in the US. Access to the data stored in Europe can be granted in a repository accessed via the Internet. There is some legal debate about whether access via the internet constitutes a transfer of data.² There are systems which allow documents in Europe to be viewed in foreign locations via the Internet without requiring the transmission or otherwise transferring of any portion of the documents across the Internet.

While it is possible to lawfully transfer data from Europe to the US for the purposes of complying with discovery obligations, many litigants are nevertheless adopting a conservative approach to such data transfers between jurisdictions due to concerns about the criminal sanctions and risk of civil liability attached to contraventions of data protection laws in some counties. Relying on local legal experts to navigate the complexities of data protection and privacy law in Europe is essential. It also makes a lot of sense to draw on the expertise and experience of local e-discovery experts familiar with the data handling requirements in different countries. Technology can also be relied on to ensure that only that which is strictly necessary for legal proceedings is transferred out of Europe. Apart from ensuring that data protection laws are not breached, this approach also ensures that discovery costs are kept to a minimum.

Case Law Update

Court Refuses to Issue Sanctions Where Party Fails to Establish Relevance of Destroyed Evidence, but Orders Restoration and Search of Additional Backup Tapes
Treppel v. Biovail Corp., 2008 WL 866594 (S.D.N.Y. April 2, 2008). In this defamation suit involving numerous ongoing discovery conflicts, the plaintiff moved the court to compel production of additional electronic information and for sanctions for failure to preserve evidence. The plaintiff sought restoration and search of all backup tapes from two servers and one employee's laptop, arguing that the defendant's search was insufficient and possibly overlooked relevant data. The defendant argued its recovery and search of the December 2003 and March 2005 backups was sufficient as the events giving rise to the litigation occurred in the spring of 2002 and the complaint was filed in May 2003. For the most part, the court agreed with the defendant that the likelihood of finding additional relevant documents was exceedingly remote and therefore held that the burden outweighed the likely benefit. However, the court ordered restoration and search of one e-mail server for three specific days as well as two separate backups of another file server and e-mail server.

In-House Impact: Electronic discovery is no longer a mystery that corporations or their in-house attorneys can afford to ignore. Courts expect parties involved in litigation to be prepared to produce relevant information and will require restoration of backup tapes upon suspicion of missing information. Additionally, courts will impose sanctions against those that fail to produce all relevant information.

Court Sanctions Defendant for E-Mail Preservation Failure
Connor v. Sun Trust Bank, 2008 WL 623027 (N.D.Ga. Mar. 5, 2008). In this litigation alleging interference and retaliation claims under FMLA, the plaintiff filed a motion for sanctions based on the defendant's failure to produce a highly relevant e-mail during discovery. The plaintiff located, through other means, a relevant e-mail that explained her dismissal to other employees. The defendant moved for summary judgment relying on its 30-day e-mail destruction policy which automatically deleted e-mails that were thirty days old, unless they were first archived by the user. The court, un-persuaded by the defendant's reasoning, granted the plaintiff's motion for sanctions and issued an adverse jury instruction.

In-House Impact: Courts are willing to punish parties for not playing by the new e-discovery rules. The rules require reasonable data preservation practices, and a court will sanction a corporation for failing to preserve relevant information. Corporations seeking to stay on top of their discovery obligations will want to create a litigation hold procedure to ensure mistakes such as these are avoided at every turn.

News & Events

Kroll Ontrack Offers Redesigned Certification Course for 2008
The industry's legal technology thought leader has revamped its E-Discovery Certification Course for 2008 with updated topics, additional speakers, and dual track, customizable sessions to appeal to beginner, intermediate and advanced learners. The redesigned course curriculum is ideal for legal and technical professionals of all levels, including in-house counsel, law firm attorneys, litigation support professionals, paralegals and IT staff. For more information and to register for an upcoming course, visit: www.krollontrack.com/certification-courses/.

Meet our representatives at the following events:

Visit www.krollontrack.com/upcoming-events/ for more information on these events and others.

Back To Top

We Request Your Input

This newsletter is written by Gina Jytyla and Joni Shogren, Kroll Ontrack staff attorneys, with assistance from Meridith Socha and Kelly Kubacki, law clerks. Ms. Jytyla can be contacted by writing to gjytyla@krollontrack.com.

For more information about electronic discovery and computer forensics services, contact Kroll Ontrack at 800 347 6105 or visit www.krollontrack.com.