Last month’s Master’s Conference in London included presentations and discussions on issues relevant to electronic discovery, including artificial intelligence and different jurisdictions’ legislative and regulatory responses to that new technology, project management and legal operations issues, document review platforms, cross-border discovery, information governance, and data privacy. During these discussions, participants noted that the factors compelling organizations to improve their information governance and records management practices have changed over time.Read More
The suspense and anticipation were fun while they lasted, but proved quite short-lived for those of us excitedly awaiting the US Supreme Court’s consideration of an interesting question regarding attorney-client privilege. While oral argument was held in the case of In re Grand Jury, the US Supreme Court ultimately dismissed the case.Read More
Courts throughout the United States have different perspectives on the actions that constitute spoliation of evidence and the situations in which these actions should be sanctioned. Furthermore, as courts examine and re-examine these concepts over time, their perspectives shift. Therefore, attorneys, e-discovery practitioners, and parties in litigation must keep in mind the distinctions among different jurisdictions’ definitions of spoliation and their standards for when, and what types, of sanctions should be applied in light of such spoliation.
In its recent decision Seattle Tunnel Partners v. Great Lakes Reinsurance (UK) PLC, __ P.3d __ (Wash. Ct. App. Mar. 27, 2023), the Washington Court of Appeals, Division 1, discusses the evolution of Washington case law on spoliation of evidence and provides clarity around the circumstances that would justify the imposition of spoliation sanctions in this jurisdiction. Interestingly, the limits identified in this opinion regarding when spoliation sanctions are available differ from those in place in the federal courts and the courts of other states.Read More
K&L Gates participated in this week’s 2023 Legalweek in New York City. As members of our firm’s e-Discovery Analysis & Technology (“e-DAT”) Group attended panel discussions regarding emerging legal issues and met with vendors regarding evolving legal technologies, they noted three trends that were being discussed by everyone at the conference.Read More
Employees ten years ago could not have anticipated how quickly and completely our workplaces have evolved over the past decade. In the aftermath of the global pandemic, significant numbers of employees have transitioned to telecommuting for some or all of their workweeks. The enterprise collaboration platforms adopted by many workplaces to facilitate this transition include a variety of electronic communication tools through which employees may communicate in a less mindful style than they would use in e-mails or printed correspondence, which, in turn, has created additional risks related to communications created, sent, and stored through these tools.Read More
As discussed in a prior post on this blog, electronic discovery that requires the processing and use of records and information that includes the personal data of individuals residing in the and the European Economic Area (“EEA”) must often incorporate measures to allow for compliance with the European Union’s General Data Protection Regulation (“GDPR”), which contains a number of requirements and limitations regarding the processing of such personal data and its transfer to countries outside the EEA.Read More
Within each United States jurisdiction in which attorneys are licensed to practice law, the relevant rules of professional responsibility require attorneys to meet a duty of competence. Such competence is not limited to legal judgment and skill. Instead, this legal ethical duty has been interpreted by most of these jurisdictions to include a duty of technological competence. Technological competence is particularly important when attorneys advise clients regarding electronic discovery, information governance, and other legal issues involving electronic data and information systems.Read More
By addressing how e-discovery issues will be handled in a particular case, ESI protocols can serve a valuable role in escalating such issues for early resolution and reducing later disputes on these topics. Below are five simple reminders for the next time you draft and negotiate an ESI protocol.Read More
Electronic discovery for legal matters within the United States often involves preserving, collecting, processing, reviewing, and producing data that concern individuals living outside the United States. In some of these situations, the data privacy laws of jurisdictions outside the United States can complicate electronic discovery to be performed in the United States. Perhaps the most well-known data privacy law is the European Union’s General Data Protection Regulation (“GDPR”), which outlines requirements related to the processing of the personal data of individuals residing in the and the European Economic Area (“EEA”) and addresses the transfer of data outside the EEA.
Article 45 of GDPR forbids the transfer of the personal data of EEA residents (described as “data subjects”) to any country outside of the EEA unless (i) the EU determines that the country’s legal privacy frameworks and practices ensure an adequate level of protection for data subjects’ personal data (termed an “adequacy decision”), or (ii) one or more safeguards deemed appropriate by the EU are imposed on the cross-border data transfer. Accordingly, transfers of personal data of EEA residents to a country outside the EEA that lacks an adequacy decision must rely on such safeguards (or, alternatively, a derogation defined by Article 49 of GDPR). These safeguards can include use of data processing agreements that contain standard contractual clauses, binding corporate rules that address data privacy and protection concerns, and/or binding and enforceable commitments by the data controller or processor located in the country to which the data are being transferred.
Some legal matters requiring cross-border data transfer to the United States may not clearly fit within one of Article 49’s derogations, which may prompt the need to employ such a safeguard to accommodate the data transfer because the United States does not currently have an adequacy decision from the EU. However, such an adequacy decision may soon exist. On December 13, 2022, the European Commission published a draft adequacy decision for the United States, based largely on a new United States executive order that commits to changes to its foreign intelligence agencies’ access to personal data and the creation of a new system through which EU data subjects can seek redress for the infringement of their data privacy rights in the United States. This draft adequacy decision will now receive review and feedback from the European Data Protection Board, the Council of the European Union, and the European Parliament before its possible implementation.
With a GDPR adequacy decision possible for the United States by the summer of 2023, legal practitioners in the United States can consider how data transfer and review workflows in some circumstances could be streamlined in the wake of such an adequacy decision. The European Commission’s draft adequacy decision is available at https://commission.europa.eu/document/download/e5a39b3c-6e7c-4c89-9dc7-016d719e3d12_en?filename=Draft%20adequacy%20decision%20on%20EU-US%20Data%20Privacy%20Framework_0.pdf.