In This Issue:

	Feature Article: Data Protection & Privacy in International Electronic Discovery
	Case Law Updates
	News & Events

Feature Article: Data Protection & Privacy in International Electronic Discovery

Europe has a long and fierce history of preserving the individual's right to privacy and a complex network of legal rules exist to protect it. Therefore, companies engaged in legal disputes that involve European entities have to think carefully about how data is collected and processed, where document review databases are established and where the review team is located. Of course, careful thought also needs to be given to other specific local law issues (e.g., banking secrecy laws and employment laws) and differing privilege rules.

We suggest U.S. law firms and their corporate clients consider the following issues when the need to collect European data arises:

• Is it necessary to report the processing of data envisaged to and seek approval from the local data protection authority or employee-elected works councils?
• Is it necessary to notify or obtain the express consent of data custodians before collecting their data?
• Do the data custodians have to be told how the data is going to be interrogated?
• Are individuals whose data is to be collected entitled to be present when data is collected from their computers?
• Can data be transferred to the U.S. for e-discovery processing?
• Can data be reviewed in the U.S. via a web-based review tool?
• Do you need a local agent or nominated representative in the jurisdiction where the collection takes place?

Some providers have secured safe harbor status in the U.S., making it easier for data transfers to take place. The Safe Harbor framework is a set of standards developed by the United States Department of Commerce and the European Commission. Companies that adhere to the Safe Harbor framework are deemed to provide an adequate level of data protection, and data can be lawfully transferred from the E.U. to a compliant facility in the U.S. for processing in connection with an electronic discovery engagement.

When data collected in Europe needs to be transferred to the U.S., companies can rely on computer forensic experts to harvest data on-site in a targeted and rapid way. They can also rely on sophisticated filtering technology to search across potentially relevant data to identify key data. This reduces the risk of sending personal data out of Europe and ensures that only the information necessary for the legal proceedings is transferred. To further reduce the risk, the filtered data set can be reviewed for confidentiality in Europe, where references to individuals can be redacted before the data is accessed in the United States. Access to the data stored in Europe can be granted using a repository accessed via the Internet. There is some legal debate about whether access via the Internet constitutes a transfer of data. There are systems that allow documents in Europe to be viewed in foreign locations via the Internet without requiring the transmission or otherwise transferring of any portion of the documents across the Internet.

While it is possible to lawfully transfer data from Europe to the U.S. to comply with discovery obligations, many litigants are nevertheless adopting a conservative approach to such data transfers between jurisdictions because of concerns about criminal sanctions and the risk of civil liability attached to contraventions of data protection laws in some counties. Relying on local legal experts to navigate the complexities of data protection and privacy law in Europe is essential. It also makes a lot of sense to draw on the expertise and experience of local e-discovery experts familiar with the data-handling requirements in different countries. Technology can also be relied on to ensure that only data that is strictly necessary for legal proceedings is transferred out of Europe. Apart from ensuring that data protection laws are not breached, this approach also ensures that discovery costs are kept to a minimum.

Case Law Updates

Court Orders Forensic Imaging and Searching of Database and E-Mail Servers
Covad Comm. Co. v. Revonet, Inc., 2009 WL 1472345 (D.D.C. May 27, 2009). In this ongoing trade secrets misappropriation litigation, the plaintiff sought forensic images of the defendant's drives and computers as well as forensic searches of its database and e-mail servers. The defendant argued that its servers were too fragile for forensic images and that imaging constituted an undue burden. The defendant also objected to the forensic search of its servers, claiming it may reveal information that the defendant is obliged by contract to keep confidential. Disregarding the defendant's arguments, the court granted the plaintiff's request for forensic imaging, finding the imaging would not stress the servers any more than day-to-day use. The court also ordered the forensic search of the defendant's servers, stating that no alternative way existed and that any confidential material could be safeguarded by a protective order. Regarding the e-mail servers, the court determined insufficient authority existed to conclude ESI deficiency allegations automatically warranted forensic searches. The court reserved decision on whether forensic examination was appropriate until the plaintiff's expert's report was submitted. The court also ordered a comparison of servers to determine what data existed on non-operational servers that did not exist on the remaining operational one.

In-House Impact: Corporations must be aware that courts will go to great lengths—even allowing the forensic imaging of servers—to ensure that the scope of discovery is broad enough to reach all potentially relevant information. As such, issues involving the identification of potentially relevant information are best worked out as soon as possible – preferably in a Rule 26(f) Meet and Confer conference.

Court Stops Short of Default Judgment in "Textbook Case" of Discovery Abuse but Awards More Than $1 Million in Monetary Sanctions
Kipperman v. Onex Corp., 2009 WL 1473708 (N.D.Ga. May 27, 2009). In this constructive transfer and fraud case, the plaintiff sought sanctions in the form of a default judgment against the defendant for discovery abuses. The plaintiff asserted that the defendant repeatedly defied court orders, unilaterally narrowed the scope of restoration and production of court-ordered backup tapes, unilaterally redacted court-ordered produced documents to the point that such documents became unusable, and misrepresented to the court the likely relevance of e-mails sought. The defendant maintained that its redactions were in compliance with the court's orders and insisted that the broad discovery requested by the plaintiff would likely be fruitless. The court agreed with the plaintiff that the defendant had blatantly disregarded court orders by making misrepresentations during discovery and stated it was deeply disturbed by the defendant's discovery conduct in what it regarded as "a textbook case of discovery abuse." However, the court declined to order default sanctions, citing novel issues of liability and noting that granting a default judgment in this case might be a grant of the largest default judgment sought in United States history. The court alternatively awarded $1,022,700 in monetary sanctions against the defendant to be paid to the plaintiff.

In-House Impact: Corporations risk heavy penalty, both in discovery costs and possible sanctions, when discovery is mismanaged and subsequently goes awry. It is prudent to work collaboratively with outside counsel and formulate discovery strategies that are cost-effective and get at the merits of the case early on.

Mere Speculation of Destruction of Relevant E-Mails Insufficient to Justify Sanctions
Phillips v. Potter, 2009 WL 1362049 (W.D.Pa. May 14, 2009). In this sexual discrimination case, the plaintiff filed a motion for sanctions based on the defendant's failure to preserve electronically stored information; the defendant admitted that a litigation hold was not put into place after litigation became foreseeable and that e-mails were destroyed by an automatic deletion system as a result. The defendant argued that sanctions are nevertheless not appropriate because the e-mails destroyed were not relevant. The court agreed with the defendant that there was no evidence of destruction of relevant documents and refused to order sanctions arising out of mere speculation that relevant documents were destroyed, noting also that there was no indication of any bad intent on the part of the defendant.

In-House Impact: Corporations have a duty to preserve once litigation is anticipated. As such, corporate counsel is wise to work with IT, Risk Management and other areas of the business to ensure that proper document retention and destruction protocols are created and maintained.

News & Events

The ESI Report – Podcasts for In-House Attorneys Interested in ESI Trends
Want to know more about cross-border e-discovery in the current economy? In this edition of the ESI Report, host Gina Jytyla, Managing Staff Attorney in the Legal Technologies division at Kroll Ontrack, welcomes e-discovery experts Tracey Stretton, Legal Consultant with Kroll Ontrack's UK office, and Mark Surguy, a UK solicitor at Pinsent Masons LLP specializing in large-scale multiparty litigation. They will explore international litigation and investigations, specifically addressing the legal and pragmatic challenges of cross-border e-discovery in today's economy. In Bits & Bytes, Kroll Ontrack Legal Correspondent Kelly Kubacki will take a look at the discovery order issued in Mintel International Group, Ltd. v. Neergheen. Join thousands of other listeners by visiting www.krollontrack.com/legal-technologies-podcasts/.

Enhanced E-Discovery Certification Course Propels Litigation Teams to New Heights
Given the current economic condition, corporate clients are being forced to cut back legal and IT budgets, while the threat of sanctions due to improper ESI handling continues to rise. Become an e-discovery expert to prevent your firm or corporation from becoming the next headline. Kroll Ontrack's 2009 E-Discovery Certification Course is ideal for legal and technical professionals of all levels, especially in-house counsel, law firm attorneys, litigation support professionals, paralegals, IT staff, and members of the judiciary. Upon completion of this program, you will be able to make informed decisions regarding ESI, be prepared to negotiate at the meet and confer and understand the most current e-discovery law. For more information and to register for an upcoming course, visit www.krollontrack.com/certification-courses/.

Meet our representatives at the following events:

Visit www.krollontrack.com/upcoming-events/ for more information on these events and others.

Back To Top

We Request Your Input

This newsletter was written by Meridith Socha and Kelly Kubacki, Kroll Ontrack Law Clerks, with assistance from Regina Jytyla, Kroll Ontrack Managing Staff Attorney. Ms. Jytyla can be contacted by writing to gjytyla@krollontrack.com.

For more information about electronic discovery and computer forensics services, contact Kroll Ontrack at 800 347 6105 or visit www.krollontrack.com.