This site uses cookies to store information on your computer. Some are essential to make our site work; others help us improve the user experience. By using the site, you consent to the placement of these cookies. Read our privacy policy to learn more.

Overcoming Cross-Border Data Privacy Issues with Localized E-Discovery Collection Centers

Created on October 16, 2012

The Sedona Conference has aptly pointed out that cross-border e-discovery presents something of a legal “catch-22" because the need to gather relevant electronically stored information (ESI) from foreign jurisdictions often conflicts with blocking statutes and international data privacy regulations. The challenges associated with cross-border e-discovery have only been intensified as more and more corporations have extended their reach across the globe.

There are a multitude of considerations that go into conducting e-discovery across national borders, far too many to address in a single blog post. The E-Discovery Beat has addressed some of the key issues in the past, with posts on the recent EU Data Protection Regulation and applying workflows to cross-border e-discovery projects.

One of the most difficult challenges that U.S. legal teams face is in the handling of foreign data.

Generally speaking, the U.S. has relatively lax data privacy laws compared to other parts of the world, especially the European Union (EU). As The Sedona Conference observes, “in much of the world, data privacy is a fundamental human right." The U.S. uses a "sectoral" model that looks at the nature of the personally identifiable information (PII) in question and protects accordingly. Consequently, there are regulations in place which restrict the movement of data across borders, say from Germany to the United States, without special authorization from the courts. The challenge for legal teams is to simultaneously comply with foreign privacy regulations and U.S. discovery laws, all which require potentially relevant ESI to be preserved and assessed for responsiveness.

One solution that has emerged is the concept of localized e-discovery collection centers. Traditionally, potentially relevant ESI related to a matter is identified, collected into a centralized repository and ultimately reviewed for responsiveness. Collection centers function as independent, user defined, location-centric physical or logical sets of collectors, storage systems, servers and repositories (or vaults). This gives users the ability to remotely use the set's own processing power and other capabilities to search ESI across disparate sources at a specific center, collect and process it, and then conduct review that incorporates local protocols. The concept may be best illustrated through the following hypothetical scenario:

ACME Corporation is headquartered in the United States and operates in 35 countries worldwide, including China and France. One of ACME's products has been recalled due to a safety hazard and may soon be subject to a slew of lawsuits, so the company's legal team is taking steps to preserve all ESI that may be responsive to the pending litigation.

While the product was initially conceptualized in the U.S., the actual engineering took place in China. Meanwhile, product marketing efforts were shared between the company's U.S. and French offices.

Based on the nature of the situation, ACME's legal team can safely assume there will be at least some responsive ESI in all three locations. Rather than attempt the precarious circumvention of local data privacy restrictions or seek waivers from local courts to move the foreign ESI into a centralized U.S. repository, the company could instead setup localized collection centers in each of the three countries.

As described above, the collection centers would offer all the capabilities of a centralized repository in the U.S. without requiring any transferring of data from country to country. Of course, once collected locally, the company would ultimately still need to get an exception to move the ESI to the United States. But such exceptions are much easier to obtain if it can be shown that the ESI was carefully assessed in its native environment before an attempt was made to move it out.

Collection centers surely don't remedy all cross-border e-discovery concerns, but they do demonstrate the important role technology can play in helping legal teams comply with international data privacy regulations during e-discovery.

You can learn more about this topic and other issues surrounding cross-border e-discovery on Exterro's upcoming webcast, “Cross-Border E-Discovery Beyond the EU: Recent Developments, Practical Advice." Register here.