The Global Impact of eDiscovery and Data Protection Laws in Germany
The acknowledged power of Continental Europe is Germany. Its steady economy and stable politics offer foreign companies an inviting prospect for investment. And yet, as organizations explore and begin developing business opportunities in Germany, they often become entangled in a web of unfamiliar legal issues. These issues, particularly eDiscovery and data protection laws, can be a costly and time consuming trap for unsuspecting companies. To avoid becoming ensnared by legal minutiae, attorney fees and lost opportunities, companies should consider gaining at least a basic understanding regarding the German eDiscovery and data protection landscape. Discovery in Germany By way of introduction, it should be noted that Germany, like most European countries, is a civil code country whose legal traditions are distinct from the common law notions that characterize the United States. According to its legal precepts, civil litigation in Germany is conducted in a vastly different fashion than in the U.S. For example, “discovery,” as it is known in the United States, does not exist in Germany. Interrogatories, categorical document requests and requests for admissions are simply unavailable as discovery devices. Instead, Germany only allows a limited exchange of documents, with the parties typically only disclosing information that supports their claims. The U.S. Court of Appeals for the Seventh Circuit recently commented on this key distinction when it observed in Heraeus Kulzer v. Biomet that “the German legal system . . . does not authorize discovery in the sense of Rule 26 of the Federal Rules of Civil Procedure.” The court went on to explain that “[a] party to a German lawsuit cannot demand categories of documents from his opponent. All he can demand are documents that he is able to identify specifically—individually, not by category.” Another key distinction to discovery in Germany is the lack of rules or case law requiring the preservation of ESI or paper documents. This stands in sharp contrast to American jurisprudence, which typically requires organizations to preserve information as soon as they “reasonably anticipate” litigation. Data Protection in Germany Another critical, distinguishing characteristic of Germany’s legal traditions are its notions of data protection and individual privacy. Unlike the mostly laissez-faire approach in the U.S. to data protection, Germany has adopted a comprehensive framework to secure personal information from unreasonable government and corporate intrusions. To guard against such intrusions, Germany has strict requirements that govern any “processing” of personal information. In addition, corporate data processing in Germany must satisfy company Works Councils, which represent the interests of employees and protect their privacy rights. Those protections extend to domestic litigation and international data transfers, to which Works Councils and company Data Protection Officers may object. Another important aspect to German data protection laws are the restrictions they place on transferring personal information across international borders. Companies with offices in Germany must ensure that the country where such data will be transferred has enacted laws that meet EU data protection standards. Transfers of personal data to countries that do not meet those standards are generally forbidden, with substantial fines imposed for non-compliance. This backdrop of complexity suggests that companies exploring business opportunities in Germany should obtain a better understanding of its discovery and data protection laws. There are various resources that provide straightforward answers to these issues at no cost to the end-user. For example, global legal expert James Daley recently recorded two podcasts that discuss the challenges associated with German discovery and data privacy laws. Think tanks such as The Sedona Conference have also made available materials that provide significant detail on these issues, including its “International Overview of Discovery, Data Privacy, and Disclosure Requirements.” By obtaining a greater awareness of the legal workings inside Germany, organizations can more capably develop a cooperative, proactive process for how they will address data preservation and production for cross-border litigation. By so doing, organizations can be better prepared to address potential eDiscovery and data protection snares that are inextricably intertwined with globalization.461Views2likes0CommentsWould Rule Changes Alleviate eDiscovery Burdens?
You have heard this one before. Changes to the Federal Rules are in the works that could alleviate the eDiscovery burdens of organizations. Greeting this news with skepticism would probably be justified. After all, many feel that the last set of amendments failed to meet the hype of streamlining the discovery process to make litigation costs more reasonable. Others, while not declaring the revised Rules a failure, nonetheless believe that the amendments have been doomed by the lack of adherence among counsel and the courts. Regardless of the differing perspectives, there seems to be agreement on both sides that the Rules have spawned more collateral disputes than ever before about the preservation and collection of ESI. What is different this time is that the latest set of proposed amendments could offer a genuine opportunity for organizations to slash the costs of document preservation and collection. Chief among these changes would be a revised Rule 37(e). The current iteration of this rule is designed to protect companies from court sanctions when the programmed operation of their computer systems automatically destroys ESI. Nevertheless, the rule has largely proved ineffective as a national standard because it did not apply to pre-litigation information destruction activities. As a result, courts often bypassed the rule’s protections to punish companies who negligently, though not nefariously, destroyed documents before a lawsuit was filed. The current proposal to amend Rule 37(e) (see page 127) would substantially broaden the existing protection against sanctions. The proposal would shield an organization’s pre-litigation destruction of information from sanctions except where that destruction was “willful or in bad faith and caused substantial prejudice in the litigation” or “irreparably deprived a party of any meaningful opportunity to present a claim or defense.” In making a determination on this issue, courts would be forced to examine the enterprise’s information retention protocols through more than just the lens of litigation. Instead, they would have to consider the nature and motives behind a company’s decision-making process. Such factors include: The extent to which the party was on notice that litigation was likely The reasonableness and proportionality of the party’s efforts to preserve the information The nature and scope of any request received to preserve information Whether the party sought timely judicial guidance regarding any preservation disputes By seeking to punish only nefarious conduct and by ensuring that the analysis includes a broad range of considerations, organizations could finally have a fighting chance to reduce the costs and risks of preservation. Despite the promise this proposal holds, there is concern among some of the eDiscovery cognoscenti that provisions in the draft proposal to amend Rule 37(e) could water down its intended protections. Robert Owen, a partner at Sutherland Asbill & Brennan LLP and a leading eDiscovery thought leader, has recently authored an insightful articlethat spotlights some of these issues. Among other things, Owen points out that the “irreparably deprived” provision could end up diluting the “bad faith” standard. This could ultimately provide activist jurists with an opportunity to re-introduce a negligence standard through the backdoor, which would be a troubling development for clients, counsel and the courts. These issues and others confirm the difficulty of establishing national standards to address the factual complexities of many eDiscovery issues. They also point to the difficult path that the Civil Rules Advisory Committee still must travel before a draft of Rule 37(e) can be finalized for public comment. Even assuming that stage can be reached after the next rules committee meeting in April 2013, additional changes could still be forthcoming to address the concerns of other constituencies. Stay tuned; the debate over revisions to Rule 37(e) and its impact on organizations’ defensible deletion efforts is far from over.473Views1like3CommentsWhat Abraham Lincoln Teaches about Defensible Deletion of ESI
The reviews are in and movie critics are universally acclaiming Lincoln, the most recent Hollywood rendition regarding the sixteenth president of the United States. While viewers may or may not enjoy the movie, the focus on Abraham Lincoln brings to mind a rather key insight for organizations seeking to strengthen their defensible deletion process. Lincoln has long been admired for his astute handling of the U.S. Civil War and for his inventive genius (he remains the only U.S. President who patented an invention). Nevertheless, it is Lincoln’s magnanimous, yet shrewd treatment of his rivals that provides the key lesson for organizations today. With a strategy that inexplicably escapes many organizations, Lincoln intelligently organized his documents and other materials so that he could timely retrieve them to help keep his political enemies in check. This strategy was particularly successful with his Secretary of the Treasury, Salmon Chase, who constantly undermined Lincoln in an effort to bolster his own presidential aspirations. To blunt the effect of Chase’s treachery, Lincoln successfully wielded the weapon of information: Chase’s letters to Lincoln that were filled with problematic admissions. Doris Kearns Goodwin chronicled in her Pulitzer Prize winning book, Team of Rivals, how Lincoln always seemed to access that information at a moment’s notice to save him from Chase’s duplicity. Lincoln’s tactics reinforce the value of retaining and retrieving important information in a time of need. Lacking the organizational and technological capacity to do so may prevent companies from pulling up information at a crucial moment, be it for business, legal or regulatory purposes. For this and many other reasons, industry experts are recommending that organizations implement a defensible deletion strategy. Defensible Deletion Requires Deletion Such a strategy could have some success if it is powered by the latest in effective retention technologies such as data classification and automated legal hold. Such innovations will better enable organizations to segregate and preserve business critical ESI. And yet, it is not enough to just adopt the preservation side of this strategy, for the heart of defensible deletion requires just that – deleting large classes of superfluous, duplicative and harmful data – if its benefits are ever to be realized. Companies that fail to delete such ESI will likely never come off conqueror in the “battle of the data bulge.” Indeed, such a growing waistline of data is problematic for three reasons. First, it can place undue pressure on an organization’s storage infrastructure and needlessly increase the cost of data retention. It can also result in higher eDiscovery costs as the organization is forced to review and analyze all of that ESI largesse. Finally, a potentially fatal risk of producing harmful materials – kept beyond the time required by law – in eDiscovery will unnecessarily increase. All of which could have been obviated had the enterprise observed the rule of “good corporate housekeeping” by eliminating ESI in a manner approved by courts and the rules makers. For organizations willing to get rid of their digital clutter, defensible deletion offers just what they need so as to reduce the costs and risks of bloated ESI retention. Doing so will help companies make better use that information so, like Honest Abe, they can stave off troublesome challenges threatening the enterprise.425Views1like0CommentsDefensible Deletion: The Cornerstone of Intelligent Information Governance
The struggle to stay above the rising tide of information is a constant battle for organizations. Not only are the costs and logistics associated with data storage more troubling than ever, but so are the potential legal consequences. Indeed, the news headlines are constantly filled with horror stories of jury verdicts, court judgments and unreasonable settlements involving organizations that failed to effectively address their data stockpiles. While there are no quick or easy solutions to these problems, an ever increasing method for effectively dealing with these issues is through an organizational strategy referred to as defensible deletion. A defensible deletion strategy could refer to many items. But at its core, defensible deletion is a comprehensive approach that companies implement to reduce the storage costs and legal risks associated with the retention of electronically stored information (ESI). Organizations that have done so have been successful in avoiding court sanctions while at the same time eliminating ESI that has little or no business value. The first step to implementing a defensible deletion strategy is for organizations to ensure that they have a top-down plan for addressing data retention. This typically requires that their information governance principals – legal and IT – are cooperating with each other. These departments must also work jointly with records managers and business units to decide what data must be kept and for what length of time. All such stakeholders in information retention must be engaged and collaborate if the organization is to create a workable defensible deletion strategy. Cooperation between legal and IT naturally leads the organization to establish records retention policies, which carry out the key players’ decisions on data preservation. Such policies should address the particular needs of an organization while balancing them against litigation requirements. Not only will that enable a company to reduce its costs by decreasing data proliferation, it will minimize a company’s litigation risks by allowing it to limit the amount of potentially relevant information available for current and follow-on litigation. In like manner, legal should work with IT to develop a process for how the organization will address document preservation during litigation. This will likely involve the designation of officials who are responsible for issuing a timely and comprehensive litigation hold to custodians and data sources. This will ultimately help an organization avoid the mistakes that often plague document management during litigation. The Role of Technology in Defensible Deletion In the digital age, an essential aspect of a defensible deletion strategy is technology. Indeed, without innovations such as archiving software and automated legal hold acknowledgements, it will be difficult for an organization to achieve its defensible deletion objectives. On the information management side of defensible deletion, archiving software can help enforce organization retention policies and thereby reduce data volume and related storage costs. This can be accomplished with classification tools, which intelligently analyze and tag data content as it is ingested into the archive. By so doing, organizations may retain information that is significant or that otherwise must be kept for business, legal or regulatory purposes – and nothing else. An archiving solution can also reduce costs through efficient data storage. By expiring data in accordance with organization retention policies and by using single instance storage to eliminate ESI duplicates, archiving software frees up space on company servers for the retention of other materials and ultimately leads to decreased storage costs. Moreover, it also lessens litigation risks as it removes data available for future litigation. On the eDiscovery side of defensible deletion, an eDiscovery platform with the latest in legal hold technology is often essential for enabling a workable litigation hold process. Effective platforms enable automated legal hold acknowledgements on various custodians across multiple cases. This allows organizations to confidently place data on hold through a single user action and eliminates concerns that ESI may slip through the proverbial cracks of manual hold practices. Organizations are experiencing every day the costly mistakes of delaying implementation of a defensible deletion program. This trend can be reversed through a common sense defensible deletion strategy which, when powered by effective, enabling technologies, can help organizations decrease the costs and risks associated with the information explosion.1.1KViews1like10Comments