Vivian Reding: The overhaul of EU rules on Data Protection: making the single market work for business

Vivian Reding is Vice President of the European Commission and EU Justice Commissioner. Here is a link to the text of a speech given on 4 December 2012 in which she explains why she thinks we need a new data protection regulation.

It is unlikely that anyone will argue with the idea that a directive made in 1995 is inadequate for the challenges of 2011 now that the Internet, social networking, cloud computing and sheer volume have changed our concept of what data is, and have introduced new problems along with many benefits. We cannot argue either with the idea that any new regulation should be ideally be consistent across the EU and that it should be backed by sanctions consistently applied.

Consistency, however comes at a price, and that price is the acceptance that the EU Commission is entitled to impose a consistent regulation across diverse jurisdictions and cultures and that it has any idea how to make such a thing work. The Commission will say that this is precisely what the EU is for. Many of us will see that as a drawback, in both nationalistic and practical terms. The idea that anything emanating from the Commission will cut red tape – an express ambition behind the regulation and referred to in the speech – is frankly laughable. Read the rest of this entry »

A Hong Kong eDiscovery snapshot in the company of Epiq Systems

On the surface, my area of professional interest looks pretty narrow. When I launched the eDisclosure Information Project, its proposed scope was implied by the word “eDisclosure” – only the civil jurisdiction of England and Wales uses the term “disclosure”, and I set myself the task of carrying information between courts, lawyers, clients and providers in that narrow context. That proved limiting very quickly: civil litigation is only one of the reasons why parties need to identify, analyse and review electronic information, and England and Wales is only one of several jurisdictions which impose such requirements. The US, Australia, Singapore, Hong Kong, Canada, New Zealand and Ireland have relevant obligations in civil litigation and they – the US in particular – export those obligations by expecting foreign parties to comply with their domestic rules when they litigate in US courts or fall within the powers of a regulator or state enforcement body.

That brings in countries with no discovery tradition, including EU countries and those of the Asia-Pacific region, such as China, who have increasing amounts of trade with the US but whose data protection and privacy laws, as well as culture, are inimical to common law discovery demands.

I could purport to cover all this by sitting at home in Oxford distilling what I find on the Internet, and communicating with people around the world by email and video-conferencing calls. That would certainly be easier than what I actually do, which is to get on a plane to go and see things for myself. I don’t kid myself that I become expert in a jurisdiction by dropping in from time to time, but the “carrying messages” part of my role is better fulfilled if I go occasionally to talk with (not just talk to – the listening matters more) people who practice in other places. That took me to Hong Kong for a quick visit to Epiq Systems there earlier this month.

Epiq Systems

Epiq Systems has three business activities, of which the eDiscovery solutions component (the others are bankruptcy solutions and class-action solutions) plays an ever-bigger part in each succeeding year’s accounts. It has grown from being a software-led company (with its processing tool eDataMatrix and review tool DocuMatrix), to being a broadly-based eDiscovery consulting company offering forensics and collections, processing, document prioritisation and document review services. Its first non-US office was in London, which is where I came across it, and it subsequently opened an office in Hong Kong. Epiq uses Equivio’s Relevance product (now part of Equivio Zoom) for predictive coding and document prioritization, and recent acquisitions bring it a wide range of review tools, including kCura’s Relativity, iCONECT and Concordance FYI together with expansion of its managed review services. Epiq’s most recent development has been the opening of a document review service in Hong Kong, allowing it to offer a full range of consultative, technology and review services in the Asia-Pacific region. Read the rest of this entry »

What is legal when collecting and processing personal data?

As with so many subjects, cross-border discovery has many aspects to cover, and it is sometimes helpful to pull out a sub-set and look at it on its own.

A helpful page on the European Commission Justice website called Collecting and Processing of Personal data: What is legal?  focuses narrowly on the circumstances in Article 7 of the 1995 Data Protection Directive in which the collection and processing of personal data of individuals is legitimate. For those who want the full version, the text of the relevant parts of that is here.

The ones which cause trouble are the third and sixth in this summary list, that is, c) and f) in the actual Directive.

c) If processing is required by a legal obligation

f) If the data controller or a third party has a legitimate interest in [the collection and processing]

The last one carries its own restrictions by making it clear that the “legitimate interest” referred to must be balanced against the interests of the individual – the precise words are “except where such interests are overridden by the interests of fundamental rights and freedoms of the data subject”.

The third one, compliance with a legal obligation, raises the appearance of the hope that the “legal obligation” to comply with a US discovery request is enough to legitimise any data processing. It does not. For one thing, the legal obligation must be one to which the data controller is subject, and not all discovery demands impose such an obligation on the data controller.

More importantly, these criteria for making data processing legitimate are not exceptions to the general protection given by Article 6 of the Data Protection Directive (though they are sometimes described as such). Even where the discovery demand appears to impose an obligation on the data controller, it does not oust his obligations given by Article 6 which, for example, refer three times to “the purposes for which the data were collected”, providing expressly that data must not be “further processed” in a way “incompatible with the original purpose”.

That refers to the original collection, whose purpose will rarely have been for compliance with the present discovery demand. The “legal obligation” clause does not entitle companies to ignore for discovery purposes the basic principles which apply to all data processing.

I will stick to my expressed intention to keep this simple. If you want a fuller explanation of the inter-relation between Article 6 and Article 7, CyberMatron’s article called Curbing unwholesome desires spells it out. The context is the information which can be obtained from ISPs rather than eDiscovery, but paragraphs 8 and 9 are worth reading for their wider implications.

Home

Regional and personal data privacy controls in the local cloud from Bloomberg Vault

Compliance with data privacy controls is much more than an eDiscovery / eDisclosure problem. Those whose primary focus is eDiscovery tend to see data privacy compliance as an obstacle which stands in the way and complicates data collection for litigation or regulatory purposes, but the privacy laws of the EU and, increasingly, of other regions, present compliance challenges quite apart from potential discovery obligations.

The solution to a wide range of discovery problems lies increasingly in pre-emptive action – in defensible deletion, in pre-emptive tagging to give searchable labels at the moment of creation, and in instituting policies which define the status and life-cycle of data. This applies in any context, but is particularly valuable where personal data is or may be involved. Put the stuff in the right bucket, so the inescapable logic goes, and you simultaneously flag it for general compliance purposes and make it easy to identify for discovery reasons.

The latest extension to Bloomberg’s cloud-based enterprise information management service, Bloomberg Vault, gives physical form to this approach by the concept of the “Local Vault” which allows data compliance and archiving policies to be configured at the employee level by reference to the regional regulations which apply to the content, including e-mail, mobile communications, social media, instant messaging, files and documents. Read the rest of this entry »

Notes from Hong Kong – talking about world eDiscovery

This is a continuation of a series of mini-posts following my recent visit to Hong Kong.

Browning Marean of DLA Piper US is one of the few US lawyers who understands the difference between eDiscovery messages which travel and those which do not, and who is able to discriminate between messages of universal application, messages which apply only within the US, and messages which represent the necessary compromises which must be made where US discovery meets more restrictive rules elsewhere.

His secret lies partly in the comparative observations derived from his own travels, but more significantly from the fact that he bothers to read and understand local rules and culture before opining on the merits of the American way.  It is always a pleasure to speak alongside Browning for this reason, and I was delighted to be asked to talk to litigation lawyers at DLA Piper’s Hong Kong office and, via video link, to people in DLA’s Shanghai, Beijing and Singapore offices.

I called my talk eDiscovery Round the World, and covered recent pending rule changes in the UK (the eDisclosure Practice Direction and Electronic Documents Questionnaire, the new Rule 31.5 and costs management) and in Australia, Singapore and New Zealand, all of whom have made changes this year.

Some messages are universal – competence, cooperation, proportionality, and the growing trend towards proactive information governance as a substitute for mere reaction to events.

DLA Piper knows more about international eDiscovery than most – it has, for example, recently published a useful booklet called Data Protection Laws of the World. It was a privilege to be asked to speak to so many of its lawyers, and to hear something of the issues faced by all who practice in the region.

Home

EU Commission under fire for its data protection reforms

EUObserver.com reports that EU Justice Commissioner Viviane Reding has come under fire, from the Article 29 Data Protection Working Party amongst others, for the scope of and proposed timescale for her proposed new data protection rules.

These are seen by some as a “power grab” (What? The EU seeking to grab powers?) and fundamental issues arise not only about the speed with which implementation is planned but about the constitutional propriety of the proposals. Those of us who fully expected that the 2009 Treaty of Lisbon would be abused feel vindicated by the EU Commission’s claimed right to alter fundamental laws without reference to member states.

Don’t misunderstand me here. I am all for reigning in the abusive use of what should be personal information, and Commissioner Reding is probably the right person to take on the task. If the EU is to serve any purpose at all (and its primary purpose so far as I’m concerned is to provide employment for its elected members and bureaucrats) then this is the sort of thing it should be thinking about.

The key word here, however, is “thinking”, and it would be good to see some evidence that the full consequences of the proposals have been thought through before it is dumped on member states by ambitious politicians and job-creationist bureaucrats.

In particular, one would like to see some analysis of the “savings for business” which have been claimed for the proposals. I  can see that a unified set of regulations ought to be easier to navigate. The EU does not work like that, however, and every new set of regulations brings with it greater powers for arrogant officials to interfere and get in the way, whether or not any benefit results from the intervention.

Money drops from the sky at the end of every month for an EU civil servant, and none is ever dismissed for sloth or incompetence. They have no understanding of the needs of businesses and no incentive to make this work for them.

Home

Patel v Unite – order for investigation of deleted Internet forum

Here is an interesting judgment, Patel v UNITE the Union [2012] EWHC 92 (QB) (27 January 2012), which Professor Dominic Regan has pointed me to. The target of postings on a union Internet forum alleges defamation and harassment. The union claims that the forum has been deleted and that they cannot identify those who made the postings. What help will the court give to the alleged victim in his efforts to identify those who wrote about him?

The story, put as briefly as possible, is that anonymous union members made observations about Mr Patel which give rise to potential causes of action against them. He claims both that the postings amount to actionable libels and, in the alternative, that he has a cause of action under the Protection from Harassment Act 1997.  The forum had warned its members that their true identities might be disclosed to third parties, subject to relevant data protection and privacy rights.

Patel obtained a court order against Unite requiring them to make a reasonable search for the information and to serve a witness statement. Unite claimed that the information was no longer available, and resisted an order for examination of the relevant servers on grounds which included the data protection and privacy rights not only of those who made the postings but of everyone else who had used the forum.

The judge concluded that he had power to make such an order on the basis that, whilst identification of the alleged wrongdoers may not be achieved as a result, it certainly could not be achieved without the order. Protection against intrusiveness would be achieved by the appointment of an independent expert agreed on by the parties who would provide nothing more to Mr Patel then “information which identifies those responsible for the posts complained or which explains why (if that be the case) they cannot be identified”.

This, said the judge, met the requirements both of proportionality and of protection of privacy and data protection rights.

Home

EU promises data protection savings and reduced burdens on business

The European Commission has collected together information about its proposed reforms of the EU Data Protection Rules, including the press release of 21 January, the press conference with Vice President Viviane Reding of the same date, and a number of fact sheets, surveys, legislative texts and other information.

For those who like their source material raw, this is the place to look.

Vice President Reding has followed that up with an article on CNN called How Europe is Dealing with Online Privacy. Call me cynical, but if her “one-stop shop for businesses to deal with regulators”, and the employment of Eurocrats to run it, results in the promised reduction of administrative burdens and a saving of €2.3 billion a year for businesses then I will eat my proverbial hat. Read the rest of this entry »

Words are the easy bit: EU Parliament debates EU – US data privacy concerns

An article on EUObserver.com reports on a debate last week in the European Parliament which highlighted the conflict between US demands for data and EU privacy legislation.

The article’s title is Commission Downplays Parliament EU–US Data Privacy Concerns – “downplays” being Eurospeak for “brush it under the carpet and pretend it is not a problem”. Justice Commissioner Viviane Reding’s answer that a US law enforcement authority would have to use “existing channels of cooperation and mutual legal assistance agreements” to get data from companies in the EU does not reflect the view taken hitherto by those authorities when they make their demands. “Stand and deliver” better describes their approach.

It is not just US authorities. As an MEP pointed out, the “existing channels” do not help much when a US civil court requires the disclosure of data stored in the EU. Fears that US law could have “extraterritorial effect within Europe” and that European laws “could be over-ruled by third country laws” are legitimate fears as a practical and pragmatic matter – there is no need for US courts to assert expressly the primacy of US law when they can simply punish a party for failing to produce documents.

One MEP pointed out that it would be “ironic if it were easier for third countries to process European citizens’ data in their territory than for European entities to do so in Europe”.  It is not really a matter of one being “easier” than the other. The data is processed in the US in possible breach of EU laws either because the parties and courts are unaware of the restrictions or because the parties take the view that the Scylla of sanctions is more palatable than the Charybdis of EU fines and other penalties.

As I have reported elsewhere, we are beginning to see an appreciation on the US side not only that the comity of nations requires respect for the laws of foreign jurisdictions but that a combination of cooperation, transparency and technology ought to allow a reconciliation between US demands and EU restrictions, with recent recommendations from both the ABA and the Sedona Conference to that effect. Read the rest of this entry »

Huron eDiscovery Panel at LegalTech as the cross-border climate begins to change

My wide-angle lens is being repaired, so I have no photograph of the panel which Nigel Murray of Huron Legal moderated at LegalTech. There were eleven of us at the table for two consecutive sessions with the title A GC’s Nightmare – a US EDiscovery Request into Europe. The first part outlined the problems raised by the EU’s attitude to data protection and privacy and its conflict with US ediscovery requirements; the second part looked at practical ways to deal with the issues which arise. More than 140 people came to one or both sessions.

The panelists were chosen to give a rounded view of the legal and the practical problems from both sides of the Atlantic. Craig Cannon from Bank of America and Carter White of Lummus Technology Inc. represented the ones with the nightmares, the sleepless representatives of major US corporations whose business inevitably takes them into areas – and not just Europe – where US eDiscovery requirements conflict with more restrictive ideas about the use of documents and data. Amor Esteban of Hardy Shook & Bacon and Browning Marean of DLA Piper US offered the view from the US lawyers based in the US, whilst Farrah Pepper, recently moved from Gibson, Dunn & Crutcher to a role as in-house discovery counsel at GE had both viewpoints to offer. Natascha Gerlach is an attorney at Clearly Gottlieb in Brussels and she and Vince Neicho of Allen & Overy in London had the hands-on view from the European end. US Magistrate Judge Frank Maas of SDNY and Senior Master Steven Whitaker from the High Court in London gave the viewpoint of judges who deal with either end of the relevant requests. My role was to talk on the theme “How others see us” and to cover information governance. Nigel Murray was his usual urbane self, the conductor of an international choir whose singers were not guaranteed to sing to any pre-conceived score (there wasn’t one), but whose contributions covered every aspect of the problem.

With 300 words down just to say who was there, it would be foolish of me to try and summarise what each panelist said. Quite apart from anything else, whilst we had each chosen or been given our defined topics, there was no published running order. This allowed Nigel to follow themes as they developed, but since none of us knew who was going to be called next, this scribe had no realistic chance of capturing the contributions as they emerged – try doing this when you are on a panel, and you end up missing your own cue, conscious, perhaps, that you have just been asked a question in front of 140 people but with no idea what it was. Read the rest of this entry »

Information Governance, UK eDisclosure and International Discovery in three days

In an ideal world, I would keep the week before LegalTech free.  Product announcements pour out with accompanying (and welcome) invitations in advance to find out about the new developments (that is preferable, incidentally, to those who make big announcements and assume that I will pick up on them). The diary needs constant adjustment as I ditch optional LegalTech sessions in favour of fitting in meetings. My own LegalTech sessions (of which more below) require preparation. Computers, cameras, address books need preparatory attention, and reference papers must be copied somewhere accessible. A week away involves boring domestic details of shirts and shoes and suits, and you just can’t get the servants these days.

Just the week, all in all, to have a big webinar to moderate, a seminar to lead in the North of England and an invitation to speak at a conference in Brussels on three consecutive days.  And in the middle of all that, the EU commission announces a re-revised data protection regulation just as I have finished reading the 116 page leaked version.

Two consequences follow. One is this, a compendium article (which I rarely do) pulling together multiple threads as an alternative to overlooking them all. The other is that I have undoubtedly missed things which I would normally have caught. For the avoidance of doubt (and conscious as I am of a rough duty of balance in what I write) the difference between things I have covered and things I have not written about is one of timing rather than any perceived priority of importance.  if the news broke whilst I was in an aeroplane or under the Channel, then I may have missed it. Read the rest of this entry »

Delay for Draconian Data Protection Regulation

The term “displacement activity” has a technical meaning in animal biology, something I am happy to leave to the animal biologists. The lay use of the term connotes some activity undertaken in order to avoid having to do something else which is both imminent and important. I spent most of the run-up to my College of Law exams, for example, writing stories and articles about things which interested me – anything to defer having to learn about trusts and torts.

I am fortunate that I eventually found a way to monetise my displacement activity, making a business out of writing stories and articles about things which interest me. Even now, however, it occasionally becomes necessary to focus on something inherently dull, and nothing can be duller than an EU regulation  (or, come to that, anything else which emanates from Brussels – even its scandals make one yawn). I was not therefore thrilled when someone leaked the draft texts of the General Data Protection Regulation and the Police and Criminal Justice Data Protection Directive, because that imposed a duty to read at least the first of these. It runs to 116 pages in its English-language version, so it could, if you printed it, serve as a pillow when your eyelids start to droop, as they will about three pages in.

A quick skim took me to the usual bit which describes how many more EU bureaucrats will be needed to carry on the good work, and I closed it quickly in case I broke something in rage (in the interests of wider Anglo-EU understanding, I should tell you that the French for “pen-pusher” is “gratte-papier”). Read the rest of this entry »

Plenty happening in eDiscovery for the beginning of 2012

If Friday’s flurry of activity on my Google+ page and on Twitter suggests catch-up and deck-clearing then that is exactly what it was. The Google+ page was set up for short snippets which, whatever weight they actually deserved, were not going to get a lovingly-polished and fully hyperlinked blog post. They are a way of expanding on my tweets, re-tweets and favourites; the full rationale for this is set out in my post New eDisclosure Information Project page on Google Plus for short eDiscovery posts.

The deck-clearing was needed for two reasons in addition to the obvious wish not to miss good content. The planning calls have started for forthcoming webinars and conferences, and I wanted the weekend clear for follow-ups to them, for other things which need prolonged concentration and for planning for that annual quart-into-a-pint-pot, the LegalTech calendar – I know I will not make it to most of the sessions I mark down, but it seems respectful to try. As today’s posts show, Friday morning’s catch-up was rather defeated by Friday afternoon’s new announcements.

It is perhaps worth setting out what January’s events are, pulling together posts which I have already written about them.

ESIBytes podcast on the New York Model Rules

I am taking part in a podcast recording on Monday 9 January organised by Karl Schieneman of ESIBytes. The subject is the Pilot Project regarding Case Management Techniques for Complex Civil Cases in the Southern District of New York. The more important participants are Ariana Tadler from Milberg and Maura Grossman from Wachtell Lipton who were involved in the Pilot Project.  My role is to talk about the UK’s eDisclosure Practice Direction 31B and the Electronic Documents Questionnaire annexed to it. Whilst the UK was the first to formalise the structured exchange of information in advance of a case management conference, those of us who drafted it were influenced by the lessons, positive and negative, coming out of the FRCP meet and confer process. This iterative exchange of ideas is valuable beyond the two jurisdictions taking part in this podcast. Read the rest of this entry »

European Data Protection: Coming of Age – Brussels 25–27 January 2012

The Fifth International Computers, Privacy and Data Protection Conference takes place in Brussels between 25 and 27 January 2012 under the title European Data Protection: Coming of Age.

Monique Altheim of The Law Office of Monique Altheim is organising and moderating eDiscovery sessions on Thursday 26 January. I am on the panel, together with several others including James Daley of Daley & Fey LLP, Willem Debeuckelaere of the Belgian Privacy Commission and the Article 29 Working Party, Amor Esteban of Shook, Hardy & Bacon, Dominic Jaar of KPMG, Nigel Murray of Huron Legal, George Rudoy of Integrated Legal Technology LLC, and Master Steven Whitaker of the Royal Courts of Justice.

Between us, we will cover eDiscovery rules and regulations relating to basic principles such as preservation, litigation hold, the EDRM and spoliation, we will look in a practical way at problems arising from cross-border eDiscovery in the EU, and will also cover newer trends such as predictive coding, social media and the cloud.

Electronic discovery is only one of the subjects covered during the three days. The full programme is available here.

A few days later, three of us from that panel – Nigel Murray, Master Whitaker and I – with others, will be speaking in a two-part session at LegalTech in New York run by Huron Legal with the title A GC’s Nightmare: a US eDiscovery Request into Europe. The other panellists are Craig Cannon of Bank of America, Rich Chandler of CB&I, US Magistrate Judge Frank Maas, Browning Marean of DLA Piper US, Vince Neicho of Allen & Overy, and Farrah Pepper of Gibson, Dunn & Crutcher.

The world has moved on in the five years since I first started speaking about the conflict between US discovery and EU data protection and privacy. EU audiences are coming to see eDiscovery as more than just US legal imperialism; US lawyers and courts, at least those who attend LegalTech, are beginning to understand that data protection and privacy laws must be managed rather than trampled on. It is good to have the opportunity to speak to both audiences within a few days.

Brussels is easy to get to from London – indeed, it is easy from Manchester, which is where I will be on the night before our panel at a seminar with Hobs Legal Docs. Any lawyer, whether in-house or external, whose company or firm has any interests beyond its own postcode would do well to be there, and not just for the eDiscovery panel.

Home

Oxford tramples on privacy with CCTV in taxis

Given that privacy is one of my professional subjects, it is interesting that my home city, Oxford, should be blazing a trail in trampling on privacy rights, with a compulsory scheme requiring taxis to make video and sound recordings of their passengers – the BBC story is here.

One of the expressed reasons for this is the protection of taxi drivers themselves, despite the fact that most of the taxi drivers are opposed to the scheme – not least, one supposes, because the cost of installing the equipment amounts to yet another tax on living imposed on businesses by pen-pushers who are themselves immune from commercial pressures. There are exceptions, of course, but English local authorities are generally staffed with low-grade troglodytes whose ability to comprehend anything falls far short of complex concepts like privacy, and who have gathered power in recent years far outstripping their abilities or intellectual capacities. Again, there are exceptions, even in Oxford, but the councillors who notionally lead such authorities tend to be very small people with delusions of their own importance.

Oxford is a breeding-ground for political and bureaucratic meddling as well as the home of the Clarendon Building, the Bodleian, the Emperors and the Sheldonian (Photo by Chris Dale)

The word “Regulation” in the title of Labour’s Regulation of Investigatory Powers Act 2000 somehow implies greater control over those who exercise powers of investigation. In fact, the act authorised even little drones from local authorities to make use of covert surveillance, and many of them set to with a will for what were often, according to the House of Commons Home Affairs Committee, “petty and vindictive” cases. Even Labour became concerned at the extent to which the paper-shufflers abused their powers, and new rules imposed some restrictions and authorisation procedures.

The compulsory use of CCTV in taxis represents a slightly different strand – Big Brother’s Little Helper may now have to ask his line manager before going through your dustbins, but remains free to impose his care and concern for your welfare, whether you like it or not. This is part of the stifling interference in every aspect of life which was so characteristic of the Labour years and which the coalition government has failed to cut back despite its promises – a drawback, perhaps, of having to appease the Liberal Democrats, whose solicitous care about us over-rides our expectations from both parts of their name – there is little which is either liberal or democratic about them, but I guess that “Redistributive, Anti-Business, Pro-European Control-Freaks” would not make a good campaigning label. Read the rest of this entry »

IQPC Munich eDiscovery themes recur around the world

I was not sorry when my plane’s wheels touched down at Heathrow on my return from IQPC’s Information Retention and eDiscovery Exchange in Munich on Wednesday night, bringing to an end 28,000 miles of eDiscovery travel in six weeks. A few hours later, I was on my way to London to talk to a law firm about the UK eDisclosure Practice Direction in the company of Nigel Murray of Huron Legal – the e-Disclosure Information Project back on home turf. Meanwhile, US Magistrate Judge David Waxse, Judge Herbert Dixon and Jason Baron were all on their way from Munich to Washington for the Georgetown Advanced eDiscovery Institute. Within hours of my saying goodbye to Judge Waxse in Munich, tweets started rolling up my screen reporting on his contributions to a judicial panel at Georgetown.

The Problems and the Players

E-Discovery touches a lot of corners. It has multiple players: there are the companies whose data must be found and produced for court proceedings, for a regulatory investigation or for internal purposes, and within the companies are multiple duties and responsibilities which are not necessarily aligned. We have the lawyers who advise them, all too often reactively rather than in anticipation of problems. There are the judges and regulators who manage proceedings and who have an interest in efficient and proportionate outcomes. Lastly, there are the suppliers whose technology and consultancy helps address the problems. eDiscovery has many facets – an ever-wider range of data sources and types, matters of budget and reputation, and overlays of privacy and HR; the issues arise in very similar form in many different jurisdictions.

Conferences like IQPC’s Munich event provide an opportunity for all these people to discuss the problems and the solutions in the sessions, in prearranged one-to-one meetings and in less formal gatherings in bars and restaurants. One must pay a particular tribute to the two US judges mentioned above, Judge Waxse and Judge Dixon, and to the UK’s HHJ Simon Brown QC, all of whom emphasised that they came to learn as well as to speak about the issues which face court users.

Welcome to Munich

IQPC’s European events seem to get more than their fair share of external complications. Two years ago, the ash cloud prevented the attendance of several delegates, speakers and sponsors in Brussels; last year we were nearly snowed in in Munich; this year fog caused delays and, for some, re-routing via Stuttgart. Most of us got there in the end. The venue was the Kempinski Hotel Airport Munich,  a short walk from the terminals, and nothing at all like the picture which the dread words “airport hotel” usually imply. It  is a stylish place, with a big attractive bedrooms, good food, a convenient set of conference rooms and a bar which seemed to have no closing time.

I inevitably come across the occasional minor problem on my travels – screaming brats on planes, setting off without my passport, losing my luggage, or not being able to find a decent cup of coffee or somewhere to smoke. This is the first time, however, that I have heard the receptionist say “We have no booking in that name”, followed by “…and we have a big conference going on” (to get the full flavour of this, you need to imagine that it is very late at night, with cold fog swirling around what may be the only accommodation for miles). Fortunately, they found me a room. The coolness of my reception was washed away by the fact that the bar was full of the agreeable people whom one meets at many conferences. Read the rest of this entry »

Huron Legal: Cross-Border eDiscovery Breakfast in New York on 21 September

The US is considering possible rule changes in relation to preservation. The UK is tackling case management and costs management. Australia is chewing over the recent report on electronic discovery. New Zealand has a new ediscovery practice direction coming shortly. There are are different points of view being expressed about all these things, but they have in common that their underlying problems, however difficult, are capable of resolution. We may have different views on what must be done to reduce the time and costs of managing electronic discovery, but there is no deep conflict as to the objective within each jurisdiction.

Cross-border eDiscovery, like anything else which involves the laws and practices of more than one jurisdiction, inevitably has an additional dimension.  That goes beyond relatively straightforward questions, occurring in many matters of law, as to  whose rules to play by, because discovery often raises direct conflicts which seem incapable of resolution. This operates at many levels, from fundamental differences of principle down to matters of mechanics. If your starting point is that one jurisdiction favours openness above all whilst another believes that privacy and data protection rules are paramount, then real conflicts are inevitable.

The Huron Legal Institute is giving a complimentary breakfast briefing about Cross-border eDiscovery on 21st September in New York, starting at 8.30am. The speakers come from the judiciary, from corporate counsel and from lawyers skilled in this area as well as from Huron Legal, and the agenda is as comprehensive a survey of the issues and approaches as one could hope for.

The program is here and it includes a link to enable registration. I know most of the participants and am willing to guarantee that this event will amply repay your attendance.

Home

EU-US EDiscovery – Data Transfer Role-Play at CEIC

One of my reasons for going to CEIC 2011 in Orlando was to take part in a panel about international EDiscovery. The panel was called International EDiscovery: Data Protection, Privacy and Cross-Border Issues and was led by Patrick Burke, Assistant General Counsel at Guidance Software. The rest of the panel consisted of Conor Crowley of the Crowley Law Office, Dominic Jaar of KPMG.

One is well used to the idea that different jurisdictions have different discovery rules, and we may sometimes find other peoples’ rules incomprehensible. Someone at CEIC described the UK disclosure obligation to me as “I’ll give you what I feel like giving you”. That is not a description we recognise, but we can see that our rules (which require a lawyer to disclose all documents which are supportive or adverse to the case of his own client and of any other party) appear as treason to those from a jurisdiction where the scope of a Request is a fiercely fought over. For our part we think of the US approach as “Gimme everything you’ve got which might have any bearing on anything which might conceivably be relevant to the issues or I will have you sanctioned”. US lawyers see that as fighting hard for their clients; we see it as a grotesque waste of time and money. Chacun à son goût – we can each play as we like in our own playgrounds. Read the rest of this entry »

AccessData conference carries electronic discovery message to Germany

I am very much looking forward to moderating an electronic discovery conference in Frankfurt on 22 March. The hosts are AccessData and the speakers are drawn from a broad range of legal, technical and compliance backgrounds, and from well-known firms and companies such as the Luther Law Firm, Siemens AG, DRSDigital, Allen & Overy and Alvarez & Marsal. The programme is here.

Between them, these speakers will cover the growing importance of ediscovery in Germany, forensic services from the viewpoint both of those who collect and manage data and of those who advise on it, and matters of compliance and due diligence. Brian Karney, President and COO of AccessData, rounds the conference off with a session called Getting the Job Done: the Technology. My role is to open the show with a welcome and introduction, to keep us to time (no small challenge with this number of speakers crammed into one afternoon) and to lead the closing panel.

The number of corporate counsel at IQPCs ediscovery conference in Munich last year showed what an appetite there is for discussion about ediscovery in Germany. This is hardly surprising: Germany has the fifth largest economy in the world and the largest in Europe, with a 3.3% rise in GDP in 2010 following an earlier fall. Its exports in 2010 are estimated at $1.337 trillion; 6.7% of this went to the US, which also provided 5.9% of its imports.

That volume of trade with the US, quite apart from US investment interests, inevitably brings US-related litigation, regulatory and compliance implications. Germany’s position in the EU brings growing activity of the same kind, both from Brussels and of domestic origin. The last two years have seen Germany as one of the leading (perhaps the leading) player in the development of data protection and privacy activity. Like other civil countries of mainland Europe, Germany has no discovery tradition such as is found in the US, the UK and other common law countries.

There is, therefore, much to learn in a short time. Anecdotally at least, there seems to be recognition of this, at least amongst the bigger German companies and I anticipate a good turnout for an event as broadly structured as this one and with a cast of this calibre.

The venue is the Schlosshotel Kronberg outside Frankfurt. Who could not warm to an establishment which describes itself as Very Britisch and talks of Tradition, Hightea-Kultur und Schlossatmosphäre (Tradition, high-tea culture and castle atmosphere) which, it says “are inevitably associated with Great Britain”. Quite so. The conference finishes with a dinner at which I suspect the day’s discussions will continue.
There are places left for this event. The AccessData contact details are on the programme.

Welcome to First Advantage as a sponsor of the E-disclosure Information Project

I am very pleased to welcome First Advantage Litigation Consulting as a new sponsor of the e-Disclosure Information Project.  First Advantage was already a well-established forensics, litigation consulting and eDiscovery company when I met them at my first LegalTech in 2007; they set up in London shortly afterwards. I often come across Robert Brown, now VP of Eurasia Operations, at conferences, where he speaks lucidly about forensic data collection amongst other things; and I knew Drew Macaulay, Director of Business Development, before he joined First Advantage.

Back in 2007, the forensic and litigation function appeared on the First Advantage website as just one component amongst a broad range of business and information services. The wider group still does all that, but over the years the litigation arm acquired a strong identity of its own (as First Advantage Litigation Consulting) in the US, the UK, Europe, India and the Far East. First Advantage was acquired by Symphony Technology Group at the end of 2010. The result is a niche specialist company within a strong umbrella group.

After that first meeting at LegalTech, I met up with the then Executive Vice President for Litigation Consulting to talk about the company’s plans – it was exactly 4 years ago this week as it happens, and he was in London to recruit staff for the new office. The move to London, he said, was made largely because of the litigation and regulatory involvement in Europe of First Advantage US clients. Proximity was the initial driver for the move to London, as well as the need to manage EU privacy and data protection laws. The ambition was to make the London (and Brussels) offices into players with local business in their own markets within two years. I would guess (I don’t know) that the target was reached well within the two years and First Advantage Litigation Consulting has become an established player in the London e-disclosure market. Read the rest of this entry »

Cross-Border and Multi-National eDiscovery at LegalTech from FTI and Epiq

I have written already about those sessions at LegalTech 2011 in New York which have a UK element in them (see Strong UK presence at LegalTech 2011). As I said in that article, it is impossible to list, let alone expand on, every session which is likely to be interesting or which involves someone I know.

As always, I marked down the sessions I wanted to attend but have gradually had to concede them as the time needed for meetings, and for the two sessions which I am moderating (Monday at 14.00 and Wednesday at 12.15 since you ask), began to exceed the total time available. I have managed to cling on to the Tuesday morning sessions.

Last year at LegalTech I was involved in two panels on multinational and cross-border disputes, a subject of inexhaustible importance to US lawyers. With a bit of rushing about, I should be able to attend at least parts of the three overlapping sessions which cover cross-border matters this year on LegalTech Day 2.

I have already mentioned the two sessions run by Epiq Systems, Navigating the Challenges of Cross-Border Regulatory Investigations at 9.00am on Tuesday, and Managing a Global Review while Minimising Risk at 10:45am. Between them, they include three UK people with whom I speak regularly at conferences, Vince Neicho of Allen & Overy, Professor Dominic Regan and Senior Master Steven Whitaker as well as other people worth hearing.

Overlapping them, however, is a session run by FTI called Multinational Discovery: Privacy and Process. Joe Looby, Senior Managing Director at FTI, is the US lead on FTI Investigate , which pulls together the human and technology elements needed for rapid investigations across national boundaries. The thorny problem there, apart from the logistical one, is often the conflict between the need to extract as much information as quickly as possible and the restrictions of local data privacy laws. I interviewed Craig Earnshaw, FTI Managing Director – Technology in London, about this recently and am looking forward to this session to round out a paper which want to write on the broad issues as well as on FTI’s specific service.

The FTI Investigate web page has some case studies which I commend to anyone who is interested in this area. I have mentioned before the  RAND Europe Two-Part Report: E-Discovery and Legal Frameworks Governing Privacy and Data Protection in European Countries which came out in October and which gives a good overview of the issues arising in the EU. That can be found here on FTI’s website.

The other main draw for this session is Amor Esteban of Shook Hardy Bacon LLP. I did a panel with him at the Georgetown Advanced Ediscovery Institute (see  International discovery, sanctions, ethics and US-UK comparisons at Georgetown and will be glad to hear him again.

Home

Strong UK presence at LegalTech 2011

LegalTech 2011 is only a few days away and the programme is packed. Almost everyone whose name has appeared in these pages is taking part in something, and I will not attempt to list them all. Following on, however, from my recent piece about the Georgetown Advanced e-Discovery Institute (see International discovery, sanctions, ethics and US-UK comparisons at Georgetown) and the growing mutual interest in US e-Discovery and UK e-Disclosure, I thought it worth drawing your attention to the sessions involving UK participants. If I have missed any, please let me know.

Epiq Systems have two panels involving well-known UK participants. Greg Wildisen of Epiq moderates a panel called Navigating the Challenges of Cross-Border Regulatory Investigations with panelists including Professor Dominic Regan and David Cracknell of Slaughter and May’s London office. That is followed by a panel called Managing a Global Review while Minimising Risk moderated by Laura Kibbe of Epiq. The panelists include Senior Master Whitaker and Neil Mirchandani of Hogan Lovells in London. Non-UK participants known to readers of this blog include US Magistrate Judge Andrew Peck (who has teamed up with Master Whitaker in various jurisdictions, including Brussels and Hong Kong), and David Kessler who has recently moved to become Co-Head of E-Discovery at Fulbright & Jaworski – an entertaining and informative fellow, David, as I discovered to my relief when he was on a LegalTech panel which I moderated for Epiq last year (I say “relief” because it can be an interesting business, moderating panels of people you have never met before). Anyone interested in global and cross-border matters should attend these sessions.

Andrew Szczech of Kroll OnTrack UK takes part in a panel called Trends in Social Media and Cloud Computing. Jan Durant, IT Director of Lewis Silkin is on a panel called Business Processes Utilising SharePoint. Alex Dunstan-Lee of KPMG in London is doing a session called The Clearwell E-Discovery Platform: did you know? UK solicitor Mark Ross, VP legal solutions at Integreon, is covering Legal Process Outsourcing: Ethical, Practical and Legislative Considerations.

Apart from the UK, the non-US world is represented by Michelle Mahoney, Director of Applied Legal Technology at Mallesons Stephen Jaques in Australia, talking about the Intersection of Project Management and Practice Support. She was anointed Practice Management Champion at ILTA last year, so knows what she is talking about. Read the rest of this entry »

The cost of data security breach notifications

At first sight, the publication on 10 December of an article headed Data security – is Europe still lagging behind the US? brings a wry smile here. We are used to US articles speaking in condescending terms about everything from our teeth to our discovery processes, so it was faintly amusing to see such a heading in the week after the US managed to mislay so much diplomatically sensitive material.

The article is written by an insurer with an interest in encouraging awareness of data security risks, but that does not invalidate the message that companies must understand the potential costs. The article focuses on the cost of complying with the data breach notification requirements, particularly those of the US, when private information has been compromised. It does indeed seem anomalous that the privacy-conscious EU should be behind the US (at least from the perspective of an insurer) in facing up to the risk of security breaches. The article refers to “the lack of any uniform regulatory status of notification requirements” in the EU as being a reason why European companies are “lagging” in this respect. One might expect that lack of uniformity leads to an increased risk, so I am not sure that that is the cause of the disparity when it comes to buying cover.

It may be that EU companies have weighed the risk and decided advisedly that their risk profile is not such as to warrant the purchase of cover. It is also possible that, with money tight, budgets are being spent on reducing the risk than in insuring against the consequences of breach. A further possibility, and one which I favour, is that few companies have undertaken the risk assessment which sets the burden of compliance with security regulations against the cost of insuring against failures to comply. Read the rest of this entry »

IQPC Exchange in Munich: Information Retention and eDiscovery in Europe

The civil law jurisdictions of mainland Europe have no discovery tradition as it is understood in common law countries like the US and UK. The IQPC Information Retention and eDiscovery Exchange in Munich was an opportunity for corporate counsel to find out what matters, why it matters and what to do about it, as well as to meet service providers who can help them. The “adequate procedures” defence given by the UK Bribery Act sets a target which acts as a spur to the initiation of pre-emptive measures regarding information management.

Any discussion about electronic discovery in common law jurisdictions comes freighted with history, not all of it helpful. Common law discovery rules require the exchange of documentary evidence between parties to litigation. Our definitions vary, and our rules, case law and practice can produce different results; there may be more (the US) or less (the UK) skirmishing in advance as to the proper scope of discovery, and different jurisdictions have different ways of measuring compliance and of punishing defaults. The end result, however, is that a lot of documents are handed over. I may have strong views on how we should go about this and about how we can reduce the volumes in play without any risk to justice, but I will fight to defend the principles of common law discovery.

Civil jurisdictions, such as those in Europe, have none of this. I simplify for the sake of brevity, but the general approach in these jurisdictions is that the court decides what documents it needs to reach a conclusion. Those who seek other documents must specify them with a degree of particularity which effectively requires that they can say exactly what they are looking for.

The privacy and data protection laws which limit what you may hand over are less onerous when viewed in the context of this civil framework, for the fairly obvious reason that the discoverable volumes are smaller. It becomes easier to understand the EU Commission’s attitude to the impact of privacy restrictions once you appreciate how little is exchanged. This is the world for which the data protection and privacy laws were invented – Europe not only has incentives for minimising document exchange derived from its political history, but has no tradition anyway of handing over documents in civil proceedings.

US lawyers tend to see an obstructive Europe standing in the way of legitimate demands for information. It looks rather different from the perspective of a French or German company which, with no discovery tradition, finds itself under siege. Its links with US companies, whether as a parent, a subsidiary, sister company, or as just as a business or trading partner, bring demands for US-style discovery which appears to recognise no jurisdictional limits. A range of US authorities claim both regulatory and criminal rights over their documents. The EU has its own regulatory authorities and an unquenchable zeal for interference. There is proactive assertion of the rights of the individual against the state and against corporations. On top of all these external pressures comes the recognition that we cannot just go on collecting information at the rate at which we can now create it – a business incentive added to the external factors.

All this gives a different flavour to e-discovery conferences in mainland Europe, even where the organiser (in this case IQPC) has a well-established London conference with almost the same title, and where many of the speakers are the same as those I meet everywhere else. The Munich event was, in IQPC parlance, an “Exchange” rather than a “Summit”, which means that the corporate counsel (who are the main audience) have pre-arranged meetings with suppliers whose offerings have been pre-matched to their expressed needs. The impression I got from speaking to both providers and delegates was that there was a high compatibility rate. The Exchange format also provides conventional speaker and panel sessions plus the opportunity to mingle and talk in the gaps and over meals. If my primary reason for going to these events is to speak at them, I am equally interested in meeting informally with delegates and suppliers, with as much emphasis on listening as talking. Read the rest of this entry »

Premonitions of what was to come

I have no idea what is happening in this photograph:

That is not strictly true – I know that it was taken at IQPC in Munich last week just as I was about to moderate a panel on data protection with Senior Master Whitaker and Denise Backhouse of Morgan Lewis. I know too that everything was prepared – slides in order, confident of my subject, panel present and correct, audience in its seats, right country, trousers on, all the standard things to run through as a panel is about to begin. I had slept well, drunk little and felt fine. So why am I clutching my head?

Perhaps I had subliminal premonitions of things which awaited me – of the next day’s take-off in blinding snow, of the urgent demands by conference organisers for next year’s session topics which would hit me before I had written up this year’s, of the e-mail which observed in a non-specific way how interesting it is that my web site looks different in every browser when I thought I had fixed all that, or the letter from my accountant demanding last year’s figures which I would find on my return.

I was probably in fact just pushing my glasses up as we were about to begin. The session seemed to go well, and the conference as a whole was useful and interesting. A report follows shortly.

Home

International discovery, sanctions, ethics and US-UK comparisons at Georgetown

I was, I think, the only UK speaker (or, indeed, delegate) at the Georgetown Advanced e-Discovery Institute. If the primary reason for going was to talk about US-EU differences, there was progress made too on the continuing US-UK dialogue about our respective disclosure rules and practice. There is two-way value in seeing how others see us.

A great deal of ground was covered, much of which illuminated the divide between US and UK practice and procedure. I make no apology for the fact that the result is a rather longer article than my usual ones.

Introduction

The Georgetown Advanced e-Discovery Institute is a polite, learned event, some of whose sessions, one feels, may actually change things, not merely report or comment on them. There is certainly a mood for change, in the sense that no-one involved in US eDiscovery believes that the present approach is sustainable. An outsider sees what appear to be obvious places to start which inevitably centre round the points of differences with one’s own jurisdiction and, indeed, the UK rules came in for much positive comment, as I report below. We in the UK, in turn, need to raise the level at which we discuss the issues, and get more people, particularly judges, to engage in that discussion in the manner so impressively displayed at Georgetown. We might then see a convergence between our rules and the way they work in practice.

Any attempt to translate these thoughts into positive recommendations founders on deep cultural differences plus the knowledge that whilst the UK rules may be fit for their purpose, the practice has a long way to go. Do US lawyers and jurists bang on so much about ethics and keep each other in line with sanctions because they are more ethical than we are or less so? Do parties collect so much data because a) they really think that proportionate justice is to be found that way b) because the fear of being sanctioned has driven all reason out of litigation or c) because the lawyers and technology providers make a lot of money that way? Or is it just that the wheel is going round so fast – technology catching up with volumes and driving expectations – that no-one can stop it now?

And is it presumptuous of us from the UK to accept praise for our rules and for the proportionate spirit behind our rules, when so few UK judges take e-disclosure seriously, when parties in big UK cases can still assert that the disclosure of electronic documents is ipso facto disproportionate, and when we have just had to fight a long hard battle to persuade our Civil Procedure Rule Committee even to accept that the subject is worth raising?

Whilst the English say “electronic discovery is something Americans do, and look what a mess they make of it”, Americans say “England is two years behind the US”. Well, I for one will not disparage the US approach any more severely than they do for themselves, and if a two-year lag saves us from the worst excesses of US discovery, then can we have longer please? The reality is that we can both learn from each other.  The dream combination, perhaps, would be the rules of England & Wales managed by the array of US judges who were present at Georgetown. My view is obviously a partial one.

I will try and pick out the subjects which have most relevance across the jurisdictions, either because there are parallels, or because their absence is itself a matter of note. Read the rest of this entry »

Catching an eyeful in Leeds and a snowfall in Munich

The paucity of posts lately may lead you to think that all is quiet on the e-disclosure / e-discovery front. It is in fact a symptom of the opposite – there has been more than enough to keep me amused, and on things which seem to point to an increase in e-disclosure activity. My side-interest in civil liberties has provided a diversion, and I took a daring Saturday off to go to Leeds for a Phoenix Fall gig.

I have recorded October’s trips to Washington, Canada and Singapore. November has brought a London conference and one in Washington which I have yet to write up. I am just back from Munich for IQPC’s Information Retention and e-Discovery Exchange which I will also write up shortly.

These trips are the icing on a cake whose main ingredient is domestic and below the surface. I have been to a couple of major regional cities to talk to firms with the potential to capture work from larger but less agile players, and done the same with some London law firms. The expressed motive behind their invitations is to hear about the Practice Direction and Electronic Documents Questionnaire, which gives me the opportunity to suggest to solicitors that we have a window in which we can shape e-disclosure as we think it should be. The window will close if we start seeing judgments which apply old principles to new problems.

You will see shortly from my pending report of an impressive judicial panel at the Georgetown Advanced e-Discovery Institute that the developments in England & Wales – the Practice Direction, the Goodale judgment, the Birmingham costs-management trial, the spate of cases – are exciting attention in the home of electronic discovery; all we have to do is make the practice conform to the framework of rules which others are beginning to envy. If there is plenty to fear (have a look at these cases, for example), there is also opportunity to capture work from others and to offer new skills to clients. Read the rest of this entry »

A useful guide to sources on EU Data Privacy Laws

The Guidance Software Newsroom carries a new article by Denise Backhouse of the eData Practice of Morgan, Lewis & Bockius, LLP headed Master European Data Privacy Laws. I refer you to it because it is expressly intended as a guide to useful sources of information on EU data privacy and data protection, a subject which exercises many US lawyers but not, apparently, to the extent that they feel the need to learn about it in advance of their next major EU data collection exercise. Denise’s article may help them to understand what the issues are.

One key to understanding the problem is to know that no one has all the answers, and Denise rightly draws attention to the need to take local advice in each jurisdiction in which the data may have to be collected. As she points out, a “jurisdiction” is not just the whole EU, nor merely any legal state within the EU, but can include smaller units like individual Länder in Germany. Knowing even that much is a good start for those who tend to approach EU data collections as if the writ of an American court runs everywhere.

Denise and I were on a Guidance Software panel at IQPC’s conference in Brussels last year, and were more recently on a London panel organised by Recommind. The subject comes up again on a panel I am on at Georgetown on 18th and 19th November, and Denise and I are covering the subject, together with Master Whitaker at IQPC’s Document Retention and EDiscovery conference in Munich starting on 29 November. I am moderating, and Denise is the main speaker, as befits her status as one of the few US lawyers who is authoritative on the subject. Master Whitaker will talk about the use (and misuse) of the Hague Convention, and I will talk about the cultural differences which lie at the root of the conflict between US demands for documents and EU unwillingness to part with them.

You need practical as well as legal help when stepping into the deep waters of EU data collection, and that means a technology supplier with experience in the area. Sticking to those who have come to my attention recently (so don’t all write in if I have missed you off my list), FTI have recently announced a new consultancy service FTI Investigate aimed at helping with EU collections, I have written a paper (not yet published) about Iron Mountain’s services on this subject, Epiq Systems has a fully-staffed office in Brussels, and Trilantic (now part of Huron Consulting Group) has a section of its website which links to the laws of every relevant jurisdiction.

Look, perhaps, at the list of those sponsoring the IQPC Munich event referred to above which, in addition to most of those already mentioned above, includes AccessData, Alvarez & Marsal, Clearwell, Commvault, Ernst & Young, KPMG and Symantec. They will be there because this is territory which they know, so ring one (or more) of them up before you pack your bags to set off on what may appear to be a routine data collection exercise. But perhaps read Denise’s article first, and follow some of its useful links.

Home

Turning e-discovery news and views into a community of interest

Those of us who work in e-discovery / e-disclosure get better and better at passing information and views between ourselves.  Web sites, blogs and Twitter allow us to keep up with developments – new products, company news and cases – in a market which changes all the time. Improvements in the mechanics of information delivery do not make it easier for new readers (which is the audience which matters) to understand it all. Can we turn this stream of information into a community of interest?

The word “community” has been hi-jacked by the woolly thinkers of the soft left. Private Eye runs a regular column pillorying those who write of meaningless “communities” whenever two or more people have some characteristic in common.  The expression “community of interest” has a meaning worth keeping, however, and is correctly used (and hard to replace) when different groups have common ground. The one in which I am interested is the loose assembly of lawyers, their clients, judges and technology providers who aspire to the proportionate use of electronic documents in litigation. That aspiration is purely notional in many cases, mainly because many of the players do not fully understand what the others need or can offer.

This article began as a way of covering many apparently disparate pieces of news or information in one place. As I wrote it, themes began to emerge which mapped on to some of the conversations which I have with lawyers seeking a quick ramp into the broad options which they face when e-disclosure becomes inevitable. We who have grown up as the industry grew up throw names and terms at each other, as if the audience shared the building-blocks of knowledge. They do not. Running several stories together may make for a long article, with loops and digressions as I expand on things which seem obvious to industry regulars, but those to whom it is all new may find that helpful.

One of the links which I intended to pass on anyway happened to be an interview in which Richard Susskind argued for better use of social media and for the development of a community of interest between the participants in the wider legal IT industry. That neatly tied in with my plan to base this article round a series of tweets, and suggested by extension that Twitter provides a ready-made core for such a community. It does so already for those on the inside. We need to invite the users in. Read the rest of this entry »

International eDiscovery Panel at CEIC

There is one major difference between the general run of discovery problems and those relating to international and cross-border discovery. The former are soluble – competence and co-operation coupled with judicial management would fix most ediscovery problems tomorrow; the trans-jurisdictional issues involve serious conflicts, not just of laws but of culture. As things stand, these seem irreconcilable, and it sometimes feels that the best we can do is to make people aware of and sensitive to the issues.

The panel assembled to discuss these matters at CEIC was well-qualified. M James Daley of Daley & Fey, LLP is Co-Chair of The Sedona Conference Working Group on International Electronic Information Management, Discovery and Disclosure (WG6) and a member of a delegation which recently met with the Article 29 Working Party in Brussels (see my article Sedona Conference WG6 presentation to Article 29 Working Party in Brussels. Dominic Jaar of Ledjit Consulting Inc., is Chief Executive Officer at Canadian Centre for Court Technology and is a member of The Sedona Conference’s working groups 1 (USA) and 6 (International). George Rudoy of Shearman & Sterling, LLP has more practical experience than almost anyone of managing and doing foreign data collections. Patrick Burke of Guidance Software was the moderator. Read the rest of this entry »

CEIC 2010 comes to an end

CEIC 2010 is winding down here in Las Vegas. Whatever measure you take – the quality of the sessions, the opportunity to catch up with people and meet new ones, the sheer numbers of people attending (1,300 or so), the venue, or the glimpses through the bus windows of this not-quite-real city on the way back from dinner last night – it has been a great success.

For those unfamiliar with it, CEIC stands for Computer and Enterprise Investigations Conference and is run by Guidance Software, whose data collection and processing applications are used all over the world for everything from one-off defensible collections to enterprise-wide network collection applications and the consultancy which goes with it. My particular interest, electronic discovery, is only a part of what the applications are used for – internal investigations, HR incidents, government and military needs, and rapid reaction to external or internal demands for information, are all covered. It is deeply technical stuff, and its users need technical training to match. CEIC allows all those involved – from hands-on lab types to decision-makers – to gather once a year, to top up their skills, to meet others with the same or adjoining skills, and to find out what drives the other players. The technical people increasingly need to know about the context in which they collect data, and those who devise strategy must have some idea of technical difficulties and solutions. Read the rest of this entry »

Listening to myself talking about e-Disclosure for the IQPC Information Retention and E-Disclosure Summit

I have been listening to a podcast which I made recently for IQPC as part of the run-up to their Information Retention & E-Disclosure Management Summit in London on 17-19 May 2010. It can be accessed from the Summit’s home page. It is not that I reckoned to learn anything new, you understand, nor is there any narcissistic pleasure in hearing the sound of my own voice, but it is no bad thing occasionally to know what the audience is hearing, as Gordon Brown discovered last week.

The recording covers recent cases, the proposed e-Disclosure practice direction and ESI Questionnaire, and the e-Disclosure elements in Lord Justice Jackson’s Report. It also considers the importance of learning about what happens in other jurisdictions, and the collision between the US and the EU on matters of privacy and data collection. It ends with the observation that this subject is one with opportunities as well as risks – there is work to be won by those who take the trouble to learn a little about e-Disclosure problems and the solutions. It ends with the exhortation that “‘Get on with it’ has to be the message of 2010″.

The recording is intended to provide a context for the Summit, in particular for the US-UK judicial panel. Read the rest of this entry »

The Franco-British Lawyers Society on cross-border e-Disclosure 17th of May 2010

The Franco British Lawyers Society have organised an evening session called Searching for evidence: a panel discussion on cross-border e-Disclosure from an English and French perspective. The event takes place on Monday, 17 May at 6 pm at Pinsent Masons, 30 Aylesbury Street, London EC1R 0ER.

The speakers are:

• Mark Surguy: Legal Director at Pinsent Masons LLP.
• Caroline Jan: Solicitor at Pinsent Masons LLP.
• Claire Picard: Avocat at Salans.
• Vicky Harris: Business Development Director at Merrill Corporation.

Registration is solely via the FBLS and places are limited. The event is free and includes a drinks reception. Contact Marie-Blanche Camps by email at yfb31@dial.pipex.com

You might also be interested in the FBLS events programme. I see from it that I missed an event in Edinburgh called The use of modern technologies in the Scottish and French court systems. The speakers included the Unit Manager of the Electronic Service Delivery Unit ‐ Scottish Courts and the Senior Legal Adviser of the E‐Justice working group of the Council of Bars & Law Societies of Europe. Both E-Justice and the use of technology in Scottish legal practice catch my interest, and I would have promoted this talk, or even attended it, if I had known about it.

I cannot, unfortunately, attend the 17 May Anglo-French event because I will be out at an Anglo-US dinner that evening with a group of judges – e-Discovery experts all – from both sides of the Atlantic. If we merged the two events, we could probably resolve any number of multi-jurisdictional discovery problems.

Home

EDiscoveryMap helps navigate cross-border issues

Monique Altheim, a New York qualified lawyer, has quickly established her blog, EDiscoveryMap, as a mine of information on matters of personal data, privacy, data transfer and cross-border transfers. I follow her on Twitter as EUDiscovery and EDiscoveryMap which keep me up to date both with her own writing and with other sources.

Monique attended the IAPP International Association of Privacy Professionals Global Privacy Summit 2010 in Washington recently. Many from Europe failed to make it thanks to the volcano. They, and anyone else interested in this topic (judging by Monique’s blog hits, a great many people) ought to look at her blog which, as I write, includes near the top several video interviews with people who are knowledgeable in this area. Read the rest of this entry »

Germany focuses on data protection and privacy

Americans may be tempted to think of EU data protection and privacy laws as being an obstacle deliberately placed in the way of conscientious US lawyers who are merely trying to do their job. That reaction is unsurprising, since that is the context in which they come across a set of laws which are remote from their domestic experience. It may help if I point you to four recent articles about Germany, only one of which has a direct connection with electronic discovery. The others may serve to provide a context. Read the rest of this entry »

Gucci v Curveal: a blow for US interests – whichever way you understand that expression

British 19th Century “gunboat diplomacy” and the song The Wreck of the Old 97 are what came to mind when I read the latest Opinion of a US court about the relative importance of US interests and the laws of other countries restricting the discovery of private information. Carry on like this, USA, and you may well need a gunboat to support document collections.

The article by the respected US e-Discovery commentator Tom O’Connor Why the Rest of the World Thinks we are Crazy concerns an Opinion of the District Court of the Southern District of New York which orders a Malaysian bank, not party to the proceedings, to produce documents despite a Malaysian statute prohibiting them from doing so. I volunteer to speak on the half of “the Rest of the World” Read the rest of this entry »

Talking rather than writing – normal service will be resumed soon

The relative silence on these pages recently does not imply that I have run out of things to say (sorry about that) merely that I have had a good run of being out and about, or making plans for future events here and abroad. All good, all interesting, and all indicative of a rise in interest in e-Disclosure / e-Discovery amongst those who need to know about it, but not consistent with much considered writing.

Gucci America v Curveal has not passed unnoticed, and there is an article coming up which invokes 19th Century British gun-boat diplomacy and The Wreck of the Old 97 as parallels for the US approach to trifles like the laws of other countries. Another article, consistent with my current theme about objectives being more important than processes, shows how a PR agency can be 100% successful in getting its client’s name out there, whilst making it deeply hated – the SEO is great, chaps, but the effect is wholly negative.

All this and more when I get back from the third in my sequence of post-Jackson talks in London. Tomorrow’s one is to ALPS, the Association of Litigation Professional Support Professionals, in company with Vince Neicho of Allen & Overy – an important and knowledgeable audience. There is one more after that, on Thursday, at which I am listening rather than speaking, and then I am back at my desk for a bit and can catch up.

Home

The Readership of the e-Disclosure Information Project

I have just been asked to give some statistics for readership of my blog and, having done the research, I might as well summarise it here. It happened to be quite a good day to ask – there were 436 page views that day (Monday), my second-highest daily hit rate, and 432 today.

Although I am obviously interested in knowing how many people take the trouble to read what I write, mere numbers are not a particular ambition. I am more interested in being thought of as authoritative and interesting to those who actually want to know about the subject, not to attract numbers for their own sake. My aim is to make sure that anyone who is interested in the subject of e-Disclosure / eDiscovery will come across my sites either directly or by reference from elsewhere. I am perfectly happy with 5,000 to 7,000 page views per month on a narrow subject, but it is not what I “sell”. I value the anecdotal evidence that people notice what I write ahead of the bare statistics.

Let us take the actual statistics first. The graph below shows page views since August 2007. They settled at around the 5,000 mark in September, October and November 2009; numbers were down, inevitably, for December (the same is true of the summer holidays) and then shot up to over 7000 in January and a little less in February. Read the rest of this entry »

Anonymisation, the Hague Convention and US judicial notice of EU privacy protection

I expressed puzzlement recently at the high proportion of page views from the US over a period when most of my focus has been on the UK draft practice direction. I know, of course, that there is much US interest in developments in other jurisdictions, particularly the UK, and there is an obvious connection between Judge Scheindlin’s Pension Committee Opinion with its huge potential to drive litigation costs upwards, and the focus of the Jackson Report on Litigation Costs which is to drive them down.

It is more likely, in fact, that the recent US interest is based on two of my recent posts which concern the collision between US data demands and EU privacy restrictions. The two articles were Sedona Conference WG6 presentation to Article 29 Working Party in Brussels and The extent of the right to privacy in French employee’s e-mails. Both of these have been picked up by US commentators, and it is likely that the high proportion of US-derived page views come, in part at least, from these articles. Read the rest of this entry »

The extent of the right to privacy in French employee’s e-mails

The expression “grasping at straws” has seafaring origins – a drowning man grasps at straws in the absence of anything more solid to cling to. It comes to mind whenever the subject of EU data privacy comes up in the context of US litigation where US lawyers, already drowning in electronic documents, an unrelenting timetable, and the fear of sanctions, will grab hopefully at anything which may save them from the additional difficulties posed by EU privacy rules. They read, for example, of what appears to be a “litigation exemption” and hope that it gets them clear of the whole data privacy problem.

This attitude follows from the feeling that the whole privacy regime is an anti-US device, something invented by Europeans (mainly the French and the Germans) to impede the due process of US law. This perception inevitably generates a backlash, and the language of many US courts implies not merely a defence but counter-attack. I have only just discovered, for example, that a 1987 case called Minpeco S.A. v. Conticommodity Servs., Inc., 116 F.R.D. 517 at 528 (S.D.N.Y. 1987 referred expressly to a “sham law such as a blocking statute”. More recently, the cases of In re Global Power Equipment Group Inc., and Accessdata v Alste appear, to European eyes at least, to imply contempt for the whole privacy business. Read the rest of this entry »

A short video could win you free tickets and accommodation at CEIC

The use of video turns up in these pages either where a supplier has used the medium to educate or to promote a product, or in a slightly embarrassed reference to my own reluctant appearances in front of the camera.

CEIC (Computer and Enterprise Investigations Conference) has come up with an interesting new use for the medium. They are offering free entry and accommodation for CEIC 2010 to the person who makes the best short video explaining why the maker wants to go to CEIC. The competition details are here.

CEIC was in Orlando last year. I was there in my capacity as a member of Guidance Software’s Strategic Advisory Board and thoroughly enjoyed it, despite torrential downpours. This year, the conference is at Summerlin in Nevada, so bad weather is unlikely. Read the rest of this entry »

Mixing eDiscovery business with pleasure at LegalTech 2010

I write each February after LegalTech in New York to try and convey how this event is simultaneously hard work and good fun. Certain times and cultures are inherently suspicious of the idea that you can enjoy yourself whilst working, and this may be one of those times. I stand, however, by my usual proposition to the effect that anyone whose work involves the management of electronic documents for litigation etc, whether as lawyer, judge, client, supplier or consultant, should be there, and that their attendance will be repaid by the knowledge and information which they acquire. That knowledge and information is gained equally by going to sessions, seeing applications, and talking to people, whether in formal meetings, in chance encounters in corridors, or in the bar.

This is the more true in a year when one of the themes is collaboration and cooperation. That collaboration is needed between lawyers and their clients, and between suppliers and those who instruct them; it operates at a business process level and at a technical level, and it extends, by virtue of common sense as well as the rules, into cooperation between lawyers on opposing sides. If you must collaborate with people then it makes sense to know something about them, and the shared experience of LegalTech is the best place to mix professional relationships with the personal ones which are the oil in two figurative senses – the oil in the machinery which keeps the processes running, and the oil on what are occasionally troubled waters. If you know the people, the processes run better and the difficulties are more easily sorted out. Read the rest of this entry »

US claims Global Power to Access Data despite EU data protection laws

Another decision of a US court shows the supremacy of the US courts over EU laws, at least as seen from the US. It doubtless plays well in Utah, but is probably bad news for US evidence-collection in the long term.

Before I begin, it would be kind to explain my title for those who are not au fait with recent US cases on data collection in Europe and with the claimed supremacy of the Federal Rules of Civil Procedure over EU data protection laws. In ordinary parlance, a “global power” is what the USA sees itself as. Nobody argues with that although, as events unfold before the Chilcot Inquiry into the decision to join America in the Iraq war, we do not share Tony Blair’s view that our relative status requires us to yap support like a sycophantic poodle whenever America condescends to speak to us. Access to data needs no explanation but, curiously, gives rise to much the same feeling in Europe vis à vis the US. By chance, the two most recent cases involving the claimed supremacy of American courts over trifling matters like EU data protection law are called, respectively, In Re Global Power Equipment Group, Inc and AccessData v Alste (see as to the first of these cases a helpful article by Morgan Lewis called French Blocking Statute still gets no respect from US court). Read the rest of this entry »

Trilantic assembles experts for International eDiscovery Track at LegalTech

UK-based legal support provider Trilantic has put together a double panel session on EU data privacy and related subjects which takes place on the first day at LegalTech, Monday, 1 February.

Subjects covered will include privacy considerations and EU data protection rules, compliance with them, and the proper response by corporations to US litigation and regulatory matters involving data held in the EU.

These subjects increase in importance each year. US courts and regulators are becoming more demanding whilst, simultaneously, EU countries become more and more protective of data held within their borders. Read the rest of this entry »

The e-Disclosure Information Project in 2009 and 2010

My e-Disclosure predictions for 2010 are up on the website of the Society for Computers and Law. I have not checked back to my previous years’ SCL predictions, but I think that this batch have much more, and much better-grounded, optimism in them than was the case in previous years.

I will come back in a moment to my own ambitions for 2010, but it is worth first having a quick review of 2009. I wrote about 250 blog posts during the year, bringing the total to 489. There is no easy way of calculating the word-count, but that would add up to a fair-sized book. I was a speaker, panelist or chairman at 12 public conferences in 2009 and attended others. Venues included the US more than once, Brussels, Sydney and Singapore as well as the UK. I got involved in a couple of cases at a strategy level (that has not been the priority for the last couple of years). The rest of the time was spent in meetings or talking about e-Discovery / e-Disclosure in restaurants or bars. Read the rest of this entry »

Gartner points to non-US E-Discovery market growth

Gartner predicts an eDiscovery software market worth $1.2 billion in 2010. More than 10% of that will be outside the US. Software suppliers may be ready to run with this, but where are the skilled people?

Gartner’s report of 16 December E-Discovery Software Marketplace is Set to Continue High-Growth Pace has inevitably interested the Twitterati today. Picture Shackleton glimpsing the South Georgia whaling station after his epic journey from Elephant Island; imagine a French Legionnaire seeing an oasis, a besieged wagon train catching the sound of the 7th Cavalry bugle or the defenders of Lucknow hearing Campbell’s relief column battling to lift the siege (I could go on for pages like this, but you get the picture – the end appears to be in sight).

Gartner foresees that worldwide eDiscovery software revenues will reach $1.2 billion in 2010, an increase of 23% over 2009. They point to “unplanned events” such as “litigation regarding bribery and corruption, foreign corrupt practices, securities and financial fraud, government contracting abuses, and healthcare fraud” as the main drivers for the growth which will, they say, bring market and technology consolidation, expansion of product and services portfolios and new customer bases. I have not read the report itself, but one can probably take it for granted that these conclusions are underpinned by Gartner’s usual research and analysis. Read the rest of this entry »

Kind words from the Posse List eDiscovery Reading Room

If a supplier asked me what to do if it received unsolicited praise from a respected source, I would tell them to stick it up on their web site. What is the proper reaction when someone says nice things about me?

My own shy and retiring nature is at odds with my role as cheer-leader for the e-Disclosure / eDiscovery industry and its players. This very English reserve extends to my own articles: Google alerts for, say “eDiscovery”, pick them up, sometimes within minutes, but I have usually by then moved on to something else. I see the heading and think “that looks interesting”, only to realise that it is my own. It is, of course, unsurprising that I should be interested in the topic about which I write several thousand words a week, but I ought to be able to recognise my own articles.

An alert turned up a few days ago about a blog: “… incisive and trenchant showing a penetration to the heart of a subject with clear, sharp, and vigorous expression”. Wow, I thought. I wouldn’t mind that as my epitaph – only to discover that the extract was in fact about me. Read the rest of this entry »

451 Group reports on IQPC in New York

I was not at IQPC’s E-discovery conference in New York last week (see IQPC New York – minimizing risks, costs and challenges). Fortunately the 451 Group’s Katey Wood was there and her report is here.

Two of the points which caught Katey Wood’s eye are of particular interest. One is the session in which Deborah Baron of Autonomy interviewed Karla Wehbe of Bechtel. My article had made the point that client case studies are only interesting if they recount triumph over difficulties. This one seems to have done just that, with sceptical external lawyers now apparently onside and (a much overlooked benefit of in-house control) a proportion of reviewed documents now reusable. My spies tell me that this session was well received – not surprising, perhaps, given the article’s conclusion about “the shifting of roles between e-discovery vendors, service providers, general counsel and law firms as technology moves in-house”.

The other point of interest springs from Katey Wood’s account of the session about collection of international ESI, whose speakers included the well-regarded Denise Backhouse of Morgan Lewis. The sentence about the EU’s fundamental human right to privacy being “literally a foreign concept to those of us accustomed to living under the Patriot Act” is a good way of illustrating how much there is to do to convey to US lawyers that language is not the only thing which is foreign once you cross the Atlantic. Privacy laws and data protection need more than a check-list, as the article says. It would be a good start, however, if the subject did at least appear on the check-lists of those who need to collect data from Europe.

I have yet to see a report about the large judges’ panel at this conference. I will pass it on when I find out what was covered.

Home

IQPC New York – minimizing risks, costs and challenges

Minimizing risks, costs and challenges is the title of the IQPC eDiscovery conference taking place in New York from 7 to 9 December 2009. I will not be there, but the agenda offers more opportunities than its title suggests.

I would have gone, for example, to the Judicial Perspectives panel which Patrick Burke of Guidance Software is moderating, with no fewer than six US Magistrate Judges. At the top of the six bullet points which form the agenda is Sedona Cooperation Proclamation – should lawyers cooperate with each other? It would be interesting, would it not, to get a glimpse now of the six hot topics for the agendas for, say, December 2012 or (which is more feasible) to look at old topic listings and compare and contrast them with today’s. When did “co-operation” first make an appearance on the agendas? Patrick is good at spotting what is coming next and, if my own experience on his panels is a guide, will make good use of his army of panellists. Read the rest of this entry »

UK Information Commissioner publishes plain English data protection guide

The UK Information Commissioner’s Office (ICO) has produced a guide in plain English which aims to make it easier for the non-expert to understand what is involved. That is all to the good, but this is not one of these situations where tout comprendre c’est tout pardonner.

I thought you wouldn’t mind a bit of French in the circumstances. Those trying to get data from France (or anywhere else in the EU, but France more than most) for use in US proceedings rarely forgive what they learn about the restrictive nature of EU data protection, even when they understand it – perhaps especially when they understand it. Indeed, the expression “Pardon my French”, used by the English to exculpate themselves after using some vile swear word, might well be helpful to those who have just discovered what those implications are – the language which results is often unsuitable for what used to be called “mixed company”. Read the rest of this entry »