Turning GDPR from a headache into an opportunity: A guide
So now we know. The EU General Data Protection Regulation (GDPR), which comes into force in May 2018, will apply to the UK. Most of us knew this anyway, since Brexit was not going to happen soon enough to make us exempt, and the Information Commissioner’s Office (ICO) had given strong indications of support.2.6KViews2likes0CommentsThe Global Impact of eDiscovery and Data Protection Laws in Germany
The acknowledged power of Continental Europe is Germany. Its steady economy and stable politics offer foreign companies an inviting prospect for investment. And yet, as organizations explore and begin developing business opportunities in Germany, they often become entangled in a web of unfamiliar legal issues. These issues, particularly eDiscovery and data protection laws, can be a costly and time consuming trap for unsuspecting companies. To avoid becoming ensnared by legal minutiae, attorney fees and lost opportunities, companies should consider gaining at least a basic understanding regarding the German eDiscovery and data protection landscape. Discovery in Germany By way of introduction, it should be noted that Germany, like most European countries, is a civil code country whose legal traditions are distinct from the common law notions that characterize the United States. According to its legal precepts, civil litigation in Germany is conducted in a vastly different fashion than in the U.S. For example, “discovery,” as it is known in the United States, does not exist in Germany. Interrogatories, categorical document requests and requests for admissions are simply unavailable as discovery devices. Instead, Germany only allows a limited exchange of documents, with the parties typically only disclosing information that supports their claims. The U.S. Court of Appeals for the Seventh Circuit recently commented on this key distinction when it observed in Heraeus Kulzer v. Biomet that “the German legal system . . . does not authorize discovery in the sense of Rule 26 of the Federal Rules of Civil Procedure.” The court went on to explain that “[a] party to a German lawsuit cannot demand categories of documents from his opponent. All he can demand are documents that he is able to identify specifically—individually, not by category.” Another key distinction to discovery in Germany is the lack of rules or case law requiring the preservation of ESI or paper documents. This stands in sharp contrast to American jurisprudence, which typically requires organizations to preserve information as soon as they “reasonably anticipate” litigation. Data Protection in Germany Another critical, distinguishing characteristic of Germany’s legal traditions are its notions of data protection and individual privacy. Unlike the mostly laissez-faire approach in the U.S. to data protection, Germany has adopted a comprehensive framework to secure personal information from unreasonable government and corporate intrusions. To guard against such intrusions, Germany has strict requirements that govern any “processing” of personal information. In addition, corporate data processing in Germany must satisfy company Works Councils, which represent the interests of employees and protect their privacy rights. Those protections extend to domestic litigation and international data transfers, to which Works Councils and company Data Protection Officers may object. Another important aspect to German data protection laws are the restrictions they place on transferring personal information across international borders. Companies with offices in Germany must ensure that the country where such data will be transferred has enacted laws that meet EU data protection standards. Transfers of personal data to countries that do not meet those standards are generally forbidden, with substantial fines imposed for non-compliance. This backdrop of complexity suggests that companies exploring business opportunities in Germany should obtain a better understanding of its discovery and data protection laws. There are various resources that provide straightforward answers to these issues at no cost to the end-user. For example, global legal expert James Daley recently recorded two podcasts that discuss the challenges associated with German discovery and data privacy laws. Think tanks such as The Sedona Conference have also made available materials that provide significant detail on these issues, including its “International Overview of Discovery, Data Privacy, and Disclosure Requirements.” By obtaining a greater awareness of the legal workings inside Germany, organizations can more capably develop a cooperative, proactive process for how they will address data preservation and production for cross-border litigation. By so doing, organizations can be better prepared to address potential eDiscovery and data protection snares that are inextricably intertwined with globalization.461Views2likes0CommentsDefensible Deletion: The Cornerstone of Intelligent Information Governance
The struggle to stay above the rising tide of information is a constant battle for organizations. Not only are the costs and logistics associated with data storage more troubling than ever, but so are the potential legal consequences. Indeed, the news headlines are constantly filled with horror stories of jury verdicts, court judgments and unreasonable settlements involving organizations that failed to effectively address their data stockpiles. While there are no quick or easy solutions to these problems, an ever increasing method for effectively dealing with these issues is through an organizational strategy referred to as defensible deletion. A defensible deletion strategy could refer to many items. But at its core, defensible deletion is a comprehensive approach that companies implement to reduce the storage costs and legal risks associated with the retention of electronically stored information (ESI). Organizations that have done so have been successful in avoiding court sanctions while at the same time eliminating ESI that has little or no business value. The first step to implementing a defensible deletion strategy is for organizations to ensure that they have a top-down plan for addressing data retention. This typically requires that their information governance principals – legal and IT – are cooperating with each other. These departments must also work jointly with records managers and business units to decide what data must be kept and for what length of time. All such stakeholders in information retention must be engaged and collaborate if the organization is to create a workable defensible deletion strategy. Cooperation between legal and IT naturally leads the organization to establish records retention policies, which carry out the key players’ decisions on data preservation. Such policies should address the particular needs of an organization while balancing them against litigation requirements. Not only will that enable a company to reduce its costs by decreasing data proliferation, it will minimize a company’s litigation risks by allowing it to limit the amount of potentially relevant information available for current and follow-on litigation. In like manner, legal should work with IT to develop a process for how the organization will address document preservation during litigation. This will likely involve the designation of officials who are responsible for issuing a timely and comprehensive litigation hold to custodians and data sources. This will ultimately help an organization avoid the mistakes that often plague document management during litigation. The Role of Technology in Defensible Deletion In the digital age, an essential aspect of a defensible deletion strategy is technology. Indeed, without innovations such as archiving software and automated legal hold acknowledgements, it will be difficult for an organization to achieve its defensible deletion objectives. On the information management side of defensible deletion, archiving software can help enforce organization retention policies and thereby reduce data volume and related storage costs. This can be accomplished with classification tools, which intelligently analyze and tag data content as it is ingested into the archive. By so doing, organizations may retain information that is significant or that otherwise must be kept for business, legal or regulatory purposes – and nothing else. An archiving solution can also reduce costs through efficient data storage. By expiring data in accordance with organization retention policies and by using single instance storage to eliminate ESI duplicates, archiving software frees up space on company servers for the retention of other materials and ultimately leads to decreased storage costs. Moreover, it also lessens litigation risks as it removes data available for future litigation. On the eDiscovery side of defensible deletion, an eDiscovery platform with the latest in legal hold technology is often essential for enabling a workable litigation hold process. Effective platforms enable automated legal hold acknowledgements on various custodians across multiple cases. This allows organizations to confidently place data on hold through a single user action and eliminates concerns that ESI may slip through the proverbial cracks of manual hold practices. Organizations are experiencing every day the costly mistakes of delaying implementation of a defensible deletion program. This trend can be reversed through a common sense defensible deletion strategy which, when powered by effective, enabling technologies, can help organizations decrease the costs and risks associated with the information explosion.1.1KViews1like10Comments