LITIGATION SUPPORT TIP OF THE NIGHT

Just his month, the Sedona Conference published a new report entitled, Practical In-House Approaches for Cross-Border Discovery & Data Protection. The new report can be downloaded here. The report promotes Sedona's International Litigation Principles as a means to minimize problems in international discovery and in the protection of personal data. There are six principles:

1. Court and parties have to show deference to the data protection laws of all countries.

2. Where there is a conflict between compliance with data protection laws and full compliance with discovery obligations, a party's conduct should be judged on a standard of good faith and reasonableness.

3. Preservation and discovery should be limited to evidence of claims and defenses in order to minimize problems with complying with laws and reduce the impact on individuals.

4. Court orders should be issued to protect personal data and minimize conflicts between data protection laws and discovery / preservation obligations.

5. A data controller needs to demonstrate that data protection obligations are met and safeguards are implemented.

6. Protected data should only be retained as long as necessary to meet business needs or legal obligations.

The Sedona report recommends issuing different legal holds to American and European employees. It notes that snapshots of data preserved as back-ups will likely fall under the EU definition of processing and require the protection of personal data. It promotes the use of its template case management form to support claims of good faith and reasonableness in complying to legal obligations. The form is contained in Appendix B to the report.

It encourages counsel to discuss data protection issues very early in order to lay a basis that compliance with data protection requirements can be costly. Being transparent about its steps to collect potentially personal data may include the disclosure by company of diagrams or detailed collection scripts. Sedona recommends that employees be given the opportunity to conduct their own privacy reviews.

When parties to a legal proceeding outside of the United State want to obtain discovery of evidence in the United States, they more often do so under federal statute 28 U.S.C. 1782. This statute is more often a means for international discovery than the Hague Convention. There is no need under 28 U.S.C. 1782 to have first requested the discovery from a foreign court. The statute merely requires that the individual requesting discovery be an interested party in a foreign proceeding and that the person from which they want the discovery is in the district of the court with which an application for discovery has been filed.

In Intel Corp v. Advanced Micro Devices, Inc., 542 U.S. 241 (2004), the Supreme Court of the United States held international discovery could be sought prior to the initiation of a legal proceeding in the United States and that the information need not be discoverable in the foreign jurisdiction.

If you're looking for an authoritative guide to data protection laws in different countries, check out DLA Piper's guide, "Data Protection Laws of the World". There is an interactive guide on this site, and also a 509 page report which can be downloaded from the same site.

As you can see the guide provides a color coded map of countries showing the level of protection offered by their laws from heavy to limited.

The site allows you to compare the laws of two different countries side by side in a number of different fields including Collection & Processing, Security, Online Privacy, and Breach Notification.

A comparison between two currently selected countries can also be downloaded as a PDF by clicking on the 'DOWNLOAD current jurisdiction(s)' option.

The EDRM has endorsed DLA Piper's guide, by incorporating it into its site.