E-discovery special report: In darker waters
E-discovery special report: In darker waters
With the Safe Harbour framework crumbling and ‘shadow IT’ the new normal, the world of e-discovery and data risk is changing rapidly. Top practitioners from Hogan Lovells, Herbert Smith, Exigent Group, and Simmons & Simmons discuss trends shaping the eDiscovery space today.
Q: What impact will the recent ruling on Safe Harbour provisions have in the context of e-discovery?
Neil Mirchandani, litigation partner, Hogan Lovells: The recent decision of the Court of Justice of the European Union means that transfers of personal data from the EU to the US covered by the Safe Harbour framework will be unlawful unless authorised by data protection authorities or within one of the legal exemptions. Under certain circumstances e-discovery will qualify as an exemption but the situation will be different from state to state, so every potential transfer will need to be considered on a case-by-case basis.
Clients and their legal advisers managing e-discovery or other electronic document review exercises should ensure there is no unlawful transfer of personal data from the EU to the US at any point in the processing, hosting or review stages. Many external e-discovery vendors already have separate US and EU data centres for this purpose, but the ruling makes it even more important to minimise this risk.
Andrew Moir, partner, Herbert Smith Freehills: In the context of e-discovery, the most likely scenario is data being sent to the US from Europe for hosting or review, for example by an legal process outsourcer (LPO). Rather than rely on Safe Harbour it will now be necessary to comply with EU data protection requirements in other ways, such as by implementing model clauses in the contract with the LPO.
“Law firms should be managing risks including malware” – Andrew Moir
Cat Casey, vice-president, Exigent: Given the tenuous legal structure left after the invalidation of Safe Harbour, counsel facing cross-border discovery and investigation projects involving EU data must seek guidance on data collection, processing, hosting, review and access approaches to mitigate data privacy violation. E-discovery providers bringing EU data to the US must evaluate the 28 regulatory requirements and face increased risk should a privacy violation occur.
UK firms dealing with multinational organisations that may have data in the US, UK or EMEA must also be cautious when planning data collection, extraction and analysis.
Q: To what extent are technology-assisted review (TAR) and computer-assisted review helping in e-discovery?
Mirchandani: TAR has to date been used relatively infrequently in the UK, although when used appropriately it is an effective way of speeding up the document review process and controlling costs. TAR technologies such as predictive coding are particularly suited to document review exercises involving high volumes of data with tight deadlines, such as in regulatory investigatory work, where a manual linear review would not be feasible or cost-effective.
We expect TAR use to increase (the Irish High Court recently endorsed predictive coding, for example) and we will continue to monitor its use and the courts’ approach.
Casey: TAR is sometimes seen as one-size-fits-all, but it is more of a spectrum of solutions that can be applied based on your corporation or client’s risk profile. These solutions exist along a continuum that uses technology to reduce the volume of data to be manually reviewed. This can be done in several ways: prioritising batching to ensure relevant information is reviewed first, advance culling of data prior to loading it into a review tool and coding suggestions, through to applying an algorithm to code data once a model has reached stability.
Continue Reading Here
eDiscovery Cat 