SlideShare una empresa de Scribd logo
1 de 29
1© Copyright 2010 EMC Corporation. All rights reserved.
Be st Practice We binar
eDiscovery& eDisclosure:
US & UK e Disco ve ry and Privacy Laws
e Disco ve ry series sponsored by
EMC SourceOne eDiscovery - Kazeon
2© Copyright 2010 EMC Corporation. All rights reserved.
eDiscovery& eDisclosure: US & UK e Disco ve ry and Privacy Laws
Panelists
Quentin Archer – Partner at Hogan Lovells, London and
Co-Chair of Sedona Conference Working Group 6.
James D. Shook – Director, EMC eDiscovery and
Compliance Legal Group; member Sedona Conference
WG1 and WG6.
J. David Morris - webinar moderator
3© Copyright 2010 EMC Corporation. All rights reserved.
The Data Explosion
Different Worlds
The UK DPA
Meeting Cross-Border Challenges
The Sedona Conference
eDiscovery& eDisclosure: US & UK e Disco ve ry and Privacy Laws

4© Copyright 2010 EMC Corporation. All rights reserved.
Information Today – The Big Picture
1.8ZbLots of It
Mostly Unstructured 95%
Mostly Unmanaged 85%
Becoming More Regulated ▲
Created by Organizations 85%
Information
5© Copyright 2010 EMC Corporation. All rights reserved.
Average US eDiscovery Costs
10x
increased costs
to outsource
$1.5M
average cost
per incident
$34M
average annual
legal costs
89%
of companies
face litigation
$18M+
cost to review
1 TB of info
6© Copyright 2010 EMC Corporation. All rights reserved.
67% of eDiscovery Cases Awarded Sanctions in 1H2010
(31 Cases Requested Sanctions; 21 Cases Awarded
Sanctions)
Source: DIGITAL DISCOVERY & E-EVIDENCE REPORT ISSN 1941-3882
7© Copyright 2010 EMC Corporation. All rights reserved.
The Data Explosion
Different Worlds
The UK DPA
Meeting Cross-Border Challenges
The Sedona Conference
eDiscovery& eDisclosure: US & UK e Disco ve ry and Privacy Laws

8© Copyright 2010 EMC Corporation. All rights reserved.
World Litigation Overview
US
Common law
Broad, expansive
discovery
“E-discovery”
Generally bear fees &
costs
UK
Common law
Reasonable discovery
“E-disclosure”
Loser pays
CN
Common Law
Broad, includes e-data
Civil Code
Limited disclosure
9© Copyright 2010 EMC Corporation. All rights reserved.
Worlds Apart?
US UK/CN EU
Privacy Very little in the
workplace
Strong protection for
employees
Very strong
Data
Ownership
Employer-focused Employee-focused Employee-focused
eDiscovery Broad, expensive UK: Growing but <
US
Typically very
limited
10© Copyright 2010 EMC Corporation. All rights reserved.
Privacy Concerns
Source: Fulbright and Jaworski, 7th Annual Litigation Trends Survey Report
11© Copyright 2010 EMC Corporation. All rights reserved.
The Data Explosion
Different Worlds
The UK DPA
Meeting Cross-Border Challenges
The Sedona Conference
eDiscovery& eDisclosure: US & UK e Disco ve ry and Privacy Laws

12© Copyright 2010 EMC Corporation. All rights reserved.
UK Data Protection Act 1998
• Implements EU Data Protection Directive 1995
• Regulates the activities of "data controllers", who
control the purposes for which data is processed
• "Processing" covers just about any activity relating to
data
• "Personal data" is data relating to an identifiable living
individual
• Data in manual unstructured filing systems is not
included
eDiscovery& eDisclosure: US & UK e Disco ve ry and Privacy Laws
13© Copyright 2010 EMC Corporation. All rights reserved.
The Data Protection Principles
• Personal data must be processed in accordance with
eight data protection principles
• Breach of the principles can lead to enforcement
action by the Information Commissioner, or a private
action for damages
• Deliberate or reckless breaches can result in penalties
of up to £500,000
• Breaches in the financial services field can also attract
the attention (and fines) of the Financial Services
Authority
eDiscovery& eDisclosure: US & UK e Disco ve ry and Privacy Laws
14© Copyright 2010 EMC Corporation. All rights reserved.
Principles 1 to 4
• Personal data must be processed fairly and lawfully
• Personal data must be obtained for specified
purposes and not processed in a manner
incompatible with those purposes
• Personal data must be adequate, relevant and not
excessive
• Personal data shall be accurate and (where
necessary) kept up to date
eDiscovery& eDisclosure: US & UK e Disco ve ry and Privacy Laws
15© Copyright 2010 EMC Corporation. All rights reserved.
Principles 5 to 8
• Personal data must not be kept longer than
necessary
• Personal data must be processed in accordance with
the rights of data subjects
• Appropriate technical and organisational measures
must be taken against unauthorised processing, and
against loss or destruction
• Personal data must not be transferred to a country
outside the EEA unless that country ensures an
adequate level of protection for the rights and
freedoms of data subjects in relation to personal data
eDiscovery& eDisclosure: US & UK e Disco ve ry and Privacy Laws
16© Copyright 2010 EMC Corporation. All rights reserved.
Controllers and processors
• An entity which processes personal data on behalf of a data
controller is a "data processor"
• There must always be a written contract between the data
controller and the data processor
• Contracts must require the processor to act only on the
instructions of the controller, and to comply with the security
conditions in the seventh principle
• The security conditions require:
• The implementation of appropriate technical and
organisational measures to protect against unauthorised or
unlawful processing, taking into account the harm that might
result
• Taking steps to ensure reliability of employees
eDiscovery& eDisclosure: US & UK e Disco ve ry and Privacy Laws
17© Copyright 2010 EMC Corporation. All rights reserved.
Exporting personal data
• No transfer of personal data outside the EEA unless
the destination territory ensures an adequate level of
protection for the rights and freedoms of data
subjects in relation to the processing of personal data
• “Transfer” and “adequate level of protection” are
important concepts
• Several cases where the general rule does not apply
eDiscovery& eDisclosure: US & UK e Disco ve ry and Privacy Laws
18© Copyright 2010 EMC Corporation. All rights reserved.
What is a transfer?
• No transfer merely by placing material on the Web
(Lindqvist case, November 2003)
• But placing material on an intranet, where the
intention is to make it available to people in different
countries, may be subject to different criteria
• Mere transit (e.g. routing emails through a third
country) unlikely to amount to a "transfer"
eDiscovery& eDisclosure: US & UK e Disco ve ry and Privacy Laws
19© Copyright 2010 EMC Corporation. All rights reserved.
Who determines adequacy?
• Exporting data controller must assess adequacy
• If there is a Community finding of adequacy, the
controller can rely on that
• In the case of a controller-processor transfer, the
Commissioner may presume adequacy:
• Data controller remains liable
• Must be a written contract in place
• Must be no particular risks in destination country
eDiscovery& eDisclosure: US & UK e Disco ve ry and Privacy Laws
20© Copyright 2010 EMC Corporation. All rights reserved.
EU findings of adequacy for non-EEA countries
• Andorra
• Argentina
• Canada (but only to activities covered by the Personal
Information Protection and Electronic Documents Act)
• Faeroe Islands
• Guernsey
• Isle of Man
• Israel
• Jersey
• Switzerland
• USA (Safe Harbor and passenger data only)
eDiscovery& eDisclosure: US & UK e Disco ve ry and Privacy Laws
21© Copyright 2010 EMC Corporation. All rights reserved.
Where export is possible, even if no adequate protection
• If the data subject has given consent
• If the transfer is necessary for the performance of a contract with
the data subject
• If the transfer is necessary for the purposes of:
• Legal proceedings
• Obtaining legal advice
• Establishing, exercising or defending legal rights
• Use of model contract clauses
• Binding corporate rules
eDiscovery& eDisclosure: US & UK e Disco ve ry and Privacy Laws
22© Copyright 2010 EMC Corporation. All rights reserved.
Differences within the EU
• Concept of personal data is narrower in the UK than
in the rest of the EU (Durant case) which has caused
difficulties
• Many EU regulators exercise greater supervision,
including a requirement to approve contracts for the
export of personal data
• Fines can be larger than the UK
eDiscovery& eDisclosure: US & UK e Disco ve ry and Privacy Laws
23© Copyright 2010 EMC Corporation. All rights reserved.
The Data Explosion
Different Worlds
The UK DPA
Meeting Cross-Border Challenges
The Sedona Conference
eDiscovery& eDisclosure: US & UK e Disco ve ry and Privacy Laws

24© Copyright 2010 EMC Corporation. All rights reserved.
Between A Rock and A Hard Place
• Claim for unpaid invoices
– AccessData sued ALSTE, a German
company
• ALSTE objected to discovery
requests
– Claimed violation of GDPA and
German Constitution
• Court disagreed, ordered production
"[i]t is well settled
that such [blocking]
statutes do not
deprive an American
court of the power to
order a party subject
to its jurisdiction to
produce evidence
even though the act
of production may
violate that statute."
See Societe
Nationale Industrielle
Aerospatiale, 482
U.S. 522, 544
(1987).
AccessData Corp. v. ALSTE Technologies GmbH, 2010 WL 318477 (D. Utah
Jan. 21, 2010)
25© Copyright 2010 EMC Corporation. All rights reserved.
Some Practical Issues
Inter-country data transfers
- Backup strategies
- Email Archiving / Management
- HR Systems
- The Cloud
US Litigation
eDiscovery& eDisclosure: US & UK e Disco ve ry and Privacy Laws
26© Copyright 2010 EMC Corporation. All rights reserved.
The Data Explosion
Different Worlds
The UK DPA
Meeting Cross-Border Challenges
The Sedona Conference
eDiscovery& eDisclosure: US & UK e Disco ve ry and Privacy Laws

27© Copyright 2010 EMC Corporation. All rights reserved.
The Sedona Conference
• A non-profit educational and research institute dedicated to the
advanced study of law and policy
• Promotes dialogue (rather than debate) as the best means of
promoting developments in the law in a reasoned and just
fashion
• Concentrates on antitrust law, intellectual property and complex
litigation
• Seven Working Groups focussing on different aspects of the law
eDiscovery& eDisclosure: US & UK e Disco ve ry and Privacy Laws
28© Copyright 2010 EMC Corporation. All rights reserved.
Sedona Conference WG6
• Mission of Sedona Working Group 6 is to address issues that
arise in the context of e-information management and e-
disclosure for organizations subject to litigation and regulatory
oversight in multiple jurisdictions with potentially conflicting
internal laws.
• Framework for Analysis of Cross-Border Conflicts was released
in 2008 and cited shortly thereafter by the European
Commission's Article 29 Working Party
• Continuing dialogue with EU Commission, Article 29 Working
Party, regulators and US judiciary on proper approach to
resolving conflicts between disclosure and data protection laws
eDiscovery& eDisclosure: US & UK e Disco ve ry and Privacy Laws
29© Copyright 2010 EMC Corporation. All rights reserved.
Question and Answers
Quentin Archer - quentin.archer@hoganlovells.com
James D. Shook, Esq. – jim.shook@emc.com
J. David Morris – david.morris@emc.com
Hogan Lovells - www.hoganlovells.com
Discover More!
www.kazeon.com/discover
www.kazeon.com/blog - case coverage and eDiscovery topics
eDiscovery& eDisclosure: US & UK e Disco ve ry and Privacy Laws

Más contenido relacionado

La actualidad más candente

Privacy and Data Security: Risk Management and Avoidance
Privacy and Data Security:  Risk Management and AvoidancePrivacy and Data Security:  Risk Management and Avoidance
Privacy and Data Security: Risk Management and AvoidanceAmy Purcell
 
Privacy Practice Fundamentals: Understanding Compliance Regimes and Requirements
Privacy Practice Fundamentals: Understanding Compliance Regimes and RequirementsPrivacy Practice Fundamentals: Understanding Compliance Regimes and Requirements
Privacy Practice Fundamentals: Understanding Compliance Regimes and RequirementsAnitafin
 
Bridging U.S. Cross-Border Ediscovery Obligations and EU Data Protection Obli...
Bridging U.S. Cross-Border Ediscovery Obligations and EU Data Protection Obli...Bridging U.S. Cross-Border Ediscovery Obligations and EU Data Protection Obli...
Bridging U.S. Cross-Border Ediscovery Obligations and EU Data Protection Obli...AltheimPrivacy
 
Arve Foyen_ IT sourcing outside EU
Arve Foyen_ IT sourcing outside EUArve Foyen_ IT sourcing outside EU
Arve Foyen_ IT sourcing outside EUItera Consulting
 
Privacy & Data Breach: 2012 Recap, 2013 Predictions
Privacy & Data Breach: 2012 Recap, 2013 PredictionsPrivacy & Data Breach: 2012 Recap, 2013 Predictions
Privacy & Data Breach: 2012 Recap, 2013 PredictionsResilient Systems
 
ICANN Rules vs Privacy
ICANN Rules vs PrivacyICANN Rules vs Privacy
ICANN Rules vs PrivacyBlacknight
 
Comparing EU and Council of Europe Data Protection Standards in the Context o...
Comparing EU and Council of Europe Data Protection Standards in the Context o...Comparing EU and Council of Europe Data Protection Standards in the Context o...
Comparing EU and Council of Europe Data Protection Standards in the Context o...David Erdos
 
GDPR, DPAs and the Journalistic Media: Walking the Regulatory Tightrope
GDPR, DPAs and the Journalistic Media:  Walking the Regulatory TightropeGDPR, DPAs and the Journalistic Media:  Walking the Regulatory Tightrope
GDPR, DPAs and the Journalistic Media: Walking the Regulatory TightropeDavid Erdos
 
Keeping Information Safe: Privacy and Security Issues
Keeping Information Safe: Privacy and Security IssuesKeeping Information Safe: Privacy and Security Issues
Keeping Information Safe: Privacy and Security Issuesipspat
 
The UK and EU Personal Data Regime After Brexit: Another Switzerland?
The UK and EU Personal Data Regime After Brexit: Another Switzerland?The UK and EU Personal Data Regime After Brexit: Another Switzerland?
The UK and EU Personal Data Regime After Brexit: Another Switzerland?David Erdos
 
Licenses and Licensing
Licenses and LicensingLicenses and Licensing
Licenses and LicensingKevin Pomfret
 
Wsgr eu data protection briefing march 20 2013 - final
Wsgr   eu data protection briefing march 20 2013 - finalWsgr   eu data protection briefing march 20 2013 - final
Wsgr eu data protection briefing march 20 2013 - finalValentin Korobkov
 
Ch. 12 FIT5, CIS 110 13F
Ch. 12 FIT5, CIS 110 13FCh. 12 FIT5, CIS 110 13F
Ch. 12 FIT5, CIS 110 13Fmh-108
 
Privacy and missing persons
Privacy and missing personsPrivacy and missing persons
Privacy and missing personsmpcislides
 
Internet user's rights and fundamental freedoms day
Internet user's rights and fundamental freedoms dayInternet user's rights and fundamental freedoms day
Internet user's rights and fundamental freedoms daymoldovaictsummit2016
 
Data Protection and Journalism: The Changing Landscape
Data Protection and Journalism: The Changing LandscapeData Protection and Journalism: The Changing Landscape
Data Protection and Journalism: The Changing LandscapeDavid Erdos
 

La actualidad más candente (20)

Ppt
PptPpt
Ppt
 
Privacy and Data Security: Risk Management and Avoidance
Privacy and Data Security:  Risk Management and AvoidancePrivacy and Data Security:  Risk Management and Avoidance
Privacy and Data Security: Risk Management and Avoidance
 
Privacy Practice Fundamentals: Understanding Compliance Regimes and Requirements
Privacy Practice Fundamentals: Understanding Compliance Regimes and RequirementsPrivacy Practice Fundamentals: Understanding Compliance Regimes and Requirements
Privacy Practice Fundamentals: Understanding Compliance Regimes and Requirements
 
Bridging U.S. Cross-Border Ediscovery Obligations and EU Data Protection Obli...
Bridging U.S. Cross-Border Ediscovery Obligations and EU Data Protection Obli...Bridging U.S. Cross-Border Ediscovery Obligations and EU Data Protection Obli...
Bridging U.S. Cross-Border Ediscovery Obligations and EU Data Protection Obli...
 
Arve Foyen_ IT sourcing outside EU
Arve Foyen_ IT sourcing outside EUArve Foyen_ IT sourcing outside EU
Arve Foyen_ IT sourcing outside EU
 
Privacy & Data Breach: 2012 Recap, 2013 Predictions
Privacy & Data Breach: 2012 Recap, 2013 PredictionsPrivacy & Data Breach: 2012 Recap, 2013 Predictions
Privacy & Data Breach: 2012 Recap, 2013 Predictions
 
File000167
File000167File000167
File000167
 
ICANN Rules vs Privacy
ICANN Rules vs PrivacyICANN Rules vs Privacy
ICANN Rules vs Privacy
 
Comparing EU and Council of Europe Data Protection Standards in the Context o...
Comparing EU and Council of Europe Data Protection Standards in the Context o...Comparing EU and Council of Europe Data Protection Standards in the Context o...
Comparing EU and Council of Europe Data Protection Standards in the Context o...
 
Pls780 week 2
Pls780 week 2Pls780 week 2
Pls780 week 2
 
GDPR, DPAs and the Journalistic Media: Walking the Regulatory Tightrope
GDPR, DPAs and the Journalistic Media:  Walking the Regulatory TightropeGDPR, DPAs and the Journalistic Media:  Walking the Regulatory Tightrope
GDPR, DPAs and the Journalistic Media: Walking the Regulatory Tightrope
 
Keeping Information Safe: Privacy and Security Issues
Keeping Information Safe: Privacy and Security IssuesKeeping Information Safe: Privacy and Security Issues
Keeping Information Safe: Privacy and Security Issues
 
Pls 780 week 9
Pls 780 week 9Pls 780 week 9
Pls 780 week 9
 
The UK and EU Personal Data Regime After Brexit: Another Switzerland?
The UK and EU Personal Data Regime After Brexit: Another Switzerland?The UK and EU Personal Data Regime After Brexit: Another Switzerland?
The UK and EU Personal Data Regime After Brexit: Another Switzerland?
 
Licenses and Licensing
Licenses and LicensingLicenses and Licensing
Licenses and Licensing
 
Wsgr eu data protection briefing march 20 2013 - final
Wsgr   eu data protection briefing march 20 2013 - finalWsgr   eu data protection briefing march 20 2013 - final
Wsgr eu data protection briefing march 20 2013 - final
 
Ch. 12 FIT5, CIS 110 13F
Ch. 12 FIT5, CIS 110 13FCh. 12 FIT5, CIS 110 13F
Ch. 12 FIT5, CIS 110 13F
 
Privacy and missing persons
Privacy and missing personsPrivacy and missing persons
Privacy and missing persons
 
Internet user's rights and fundamental freedoms day
Internet user's rights and fundamental freedoms dayInternet user's rights and fundamental freedoms day
Internet user's rights and fundamental freedoms day
 
Data Protection and Journalism: The Changing Landscape
Data Protection and Journalism: The Changing LandscapeData Protection and Journalism: The Changing Landscape
Data Protection and Journalism: The Changing Landscape
 

Destacado

Cut End-to-End eDiscovery Time in Half: Leveraging the Cloud
Cut End-to-End eDiscovery Time in Half: Leveraging the CloudCut End-to-End eDiscovery Time in Half: Leveraging the Cloud
Cut End-to-End eDiscovery Time in Half: Leveraging the CloudDruva
 
Transforming methodology into tools srt v2
Transforming methodology into tools srt v2Transforming methodology into tools srt v2
Transforming methodology into tools srt v2Russell Kromminga
 
Cortical mastoidectomy
Cortical mastoidectomy Cortical mastoidectomy
Cortical mastoidectomy Mamoon Ameen
 
Amalan terbaik dalam pembangunan sosial lmcp1522
Amalan terbaik dalam pembangunan sosial lmcp1522Amalan terbaik dalam pembangunan sosial lmcp1522
Amalan terbaik dalam pembangunan sosial lmcp1522liyana izzati
 
Gdz ruskiy bukova_ru
Gdz ruskiy bukova_ruGdz ruskiy bukova_ru
Gdz ruskiy bukova_ruLucky Alex
 
Actividad 4; bloque 1. bullying por Desirée Manzano Aragüez
Actividad 4; bloque 1. bullying por Desirée Manzano AragüezActividad 4; bloque 1. bullying por Desirée Manzano Aragüez
Actividad 4; bloque 1. bullying por Desirée Manzano AragüezDESIREE MANZANO
 
Herramienta web 2.0 udelas
Herramienta web 2.0  udelasHerramienta web 2.0  udelas
Herramienta web 2.0 udelasJosé C.
 
Social Networking Sites in Learning Environments: What Students Want?
Social Networking Sites in Learning Environments:  What Students Want?Social Networking Sites in Learning Environments:  What Students Want?
Social Networking Sites in Learning Environments: What Students Want?Plamen Miltenoff
 

Destacado (20)

eDiscovery Infographic
eDiscovery InfographiceDiscovery Infographic
eDiscovery Infographic
 
Cut End-to-End eDiscovery Time in Half: Leveraging the Cloud
Cut End-to-End eDiscovery Time in Half: Leveraging the CloudCut End-to-End eDiscovery Time in Half: Leveraging the Cloud
Cut End-to-End eDiscovery Time in Half: Leveraging the Cloud
 
Transforming methodology into tools srt v2
Transforming methodology into tools srt v2Transforming methodology into tools srt v2
Transforming methodology into tools srt v2
 
Acute Coronary Syndrome
Acute Coronary SyndromeAcute Coronary Syndrome
Acute Coronary Syndrome
 
Cortical mastoidectomy
Cortical mastoidectomy Cortical mastoidectomy
Cortical mastoidectomy
 
RFID Perú - Retail
RFID Perú - RetailRFID Perú - Retail
RFID Perú - Retail
 
Nume feminine
Nume feminineNume feminine
Nume feminine
 
Paket wisata flores murah
Paket wisata flores murahPaket wisata flores murah
Paket wisata flores murah
 
Assignment 56
Assignment 56Assignment 56
Assignment 56
 
Anejo n
Anejo nAnejo n
Anejo n
 
Chemiluminescence
ChemiluminescenceChemiluminescence
Chemiluminescence
 
Amalan terbaik dalam pembangunan sosial lmcp1522
Amalan terbaik dalam pembangunan sosial lmcp1522Amalan terbaik dalam pembangunan sosial lmcp1522
Amalan terbaik dalam pembangunan sosial lmcp1522
 
Lo básico del Gótico
Lo básico del GóticoLo básico del Gótico
Lo básico del Gótico
 
Gdz ruskiy bukova_ru
Gdz ruskiy bukova_ruGdz ruskiy bukova_ru
Gdz ruskiy bukova_ru
 
Gătim împreună
Gătim împreunăGătim împreună
Gătim împreună
 
Actividad 4; bloque 1. bullying por Desirée Manzano Aragüez
Actividad 4; bloque 1. bullying por Desirée Manzano AragüezActividad 4; bloque 1. bullying por Desirée Manzano Aragüez
Actividad 4; bloque 1. bullying por Desirée Manzano Aragüez
 
Roteiros de Química - Farmácia
Roteiros de Química - FarmáciaRoteiros de Química - Farmácia
Roteiros de Química - Farmácia
 
Herramienta web 2.0 udelas
Herramienta web 2.0  udelasHerramienta web 2.0  udelas
Herramienta web 2.0 udelas
 
Social Networking Sites in Learning Environments: What Students Want?
Social Networking Sites in Learning Environments:  What Students Want?Social Networking Sites in Learning Environments:  What Students Want?
Social Networking Sites in Learning Environments: What Students Want?
 
Sipe 2017 roma
Sipe 2017 romaSipe 2017 roma
Sipe 2017 roma
 

Similar a US eDiscovery v UK eDisclosure

Mind Your Business: Why Privacy Matters to the Successful Enterprise
 Mind Your Business: Why Privacy Matters to the Successful Enterprise Mind Your Business: Why Privacy Matters to the Successful Enterprise
Mind Your Business: Why Privacy Matters to the Successful EnterpriseEric Kavanagh
 
Legal and privacy implications of IoT
Legal and privacy implications of IoTLegal and privacy implications of IoT
Legal and privacy implications of IoTAndres Guadamuz
 
Kawser Hamid : ICO and Data Protection in the Cloud
Kawser Hamid : ICO and Data Protection in the CloudKawser Hamid : ICO and Data Protection in the Cloud
Kawser Hamid : ICO and Data Protection in the CloudGurbir Singh
 
International privacy with kevin haley
International privacy with kevin haleyInternational privacy with kevin haley
International privacy with kevin haleySarah Fletcher
 
Data protection For CYP Organisations
Data protection For CYP OrganisationsData protection For CYP Organisations
Data protection For CYP OrganisationsCliff Ashcroft
 
ARMA - eDiscovery Behind the Firewall
ARMA - eDiscovery Behind the FirewallARMA - eDiscovery Behind the Firewall
ARMA - eDiscovery Behind the FirewallJ. David Morris
 
What All Organisations Need to Know About Data Protection and Cloud Computing...
What All Organisations Need to Know About Data Protection and Cloud Computing...What All Organisations Need to Know About Data Protection and Cloud Computing...
What All Organisations Need to Know About Data Protection and Cloud Computing...Brian Miller, Solicitor
 
Data Protection and the Cloud (Part 2) by Brian Miller Solicitor and Vicki Bo...
Data Protection and the Cloud (Part 2) by Brian Miller Solicitor and Vicki Bo...Data Protection and the Cloud (Part 2) by Brian Miller Solicitor and Vicki Bo...
Data Protection and the Cloud (Part 2) by Brian Miller Solicitor and Vicki Bo...Brian Miller, Solicitor
 
Safe Harbor Webinar
Safe Harbor WebinarSafe Harbor Webinar
Safe Harbor WebinarEthisphere
 
Att. patrizia giannini fordham university new york 19 july 2013 - electroni...
Att. patrizia giannini   fordham university new york 19 july 2013 - electroni...Att. patrizia giannini   fordham university new york 19 july 2013 - electroni...
Att. patrizia giannini fordham university new york 19 july 2013 - electroni...Amministratore Bluefactor
 
DMA Legal update: autumn 2013 - Tuesday 1 October
DMA Legal update: autumn 2013 - Tuesday 1 OctoberDMA Legal update: autumn 2013 - Tuesday 1 October
DMA Legal update: autumn 2013 - Tuesday 1 OctoberRachel Aldighieri
 
How To Do Data Transfers Between EU-US in 2023
How To Do Data Transfers Between EU-US in 2023How To Do Data Transfers Between EU-US in 2023
How To Do Data Transfers Between EU-US in 2023TrustArc
 
Be careful what you wish for: the great Data Protection law reform - Lilian E...
Be careful what you wish for: the great Data Protection law reform - Lilian E...Be careful what you wish for: the great Data Protection law reform - Lilian E...
Be careful what you wish for: the great Data Protection law reform - Lilian E...IISPEastMids
 
Kroll.cross border ediscovery-2016
Kroll.cross border ediscovery-2016Kroll.cross border ediscovery-2016
Kroll.cross border ediscovery-2016Kate Chan
 
Legal Issues in Research Data Collection and Sharing: An Introduction by EUDA...
Legal Issues in Research Data Collection and Sharing: An Introduction by EUDA...Legal Issues in Research Data Collection and Sharing: An Introduction by EUDA...
Legal Issues in Research Data Collection and Sharing: An Introduction by EUDA...EUDAT
 
Draft data protection regn 2012
Draft data protection regn 2012Draft data protection regn 2012
Draft data protection regn 2012lilianedwards
 
Cloud Computing and the Public Sector
Cloud Computing and the Public SectorCloud Computing and the Public Sector
Cloud Computing and the Public SectorMHCCloud
 

Similar a US eDiscovery v UK eDisclosure (20)

Mind Your Business: Why Privacy Matters to the Successful Enterprise
 Mind Your Business: Why Privacy Matters to the Successful Enterprise Mind Your Business: Why Privacy Matters to the Successful Enterprise
Mind Your Business: Why Privacy Matters to the Successful Enterprise
 
Legal and privacy implications of IoT
Legal and privacy implications of IoTLegal and privacy implications of IoT
Legal and privacy implications of IoT
 
Kawser Hamid : ICO and Data Protection in the Cloud
Kawser Hamid : ICO and Data Protection in the CloudKawser Hamid : ICO and Data Protection in the Cloud
Kawser Hamid : ICO and Data Protection in the Cloud
 
International privacy with kevin haley
International privacy with kevin haleyInternational privacy with kevin haley
International privacy with kevin haley
 
Data protection For CYP Organisations
Data protection For CYP OrganisationsData protection For CYP Organisations
Data protection For CYP Organisations
 
ARMA - eDiscovery Behind the Firewall
ARMA - eDiscovery Behind the FirewallARMA - eDiscovery Behind the Firewall
ARMA - eDiscovery Behind the Firewall
 
What All Organisations Need to Know About Data Protection and Cloud Computing...
What All Organisations Need to Know About Data Protection and Cloud Computing...What All Organisations Need to Know About Data Protection and Cloud Computing...
What All Organisations Need to Know About Data Protection and Cloud Computing...
 
Data Protection and the Cloud (Part 2) by Brian Miller Solicitor and Vicki Bo...
Data Protection and the Cloud (Part 2) by Brian Miller Solicitor and Vicki Bo...Data Protection and the Cloud (Part 2) by Brian Miller Solicitor and Vicki Bo...
Data Protection and the Cloud (Part 2) by Brian Miller Solicitor and Vicki Bo...
 
Safe Harbor Webinar
Safe Harbor WebinarSafe Harbor Webinar
Safe Harbor Webinar
 
Sible 09
Sible 09Sible 09
Sible 09
 
Att. patrizia giannini fordham university new york 19 july 2013 - electroni...
Att. patrizia giannini   fordham university new york 19 july 2013 - electroni...Att. patrizia giannini   fordham university new york 19 july 2013 - electroni...
Att. patrizia giannini fordham university new york 19 july 2013 - electroni...
 
DMA Legal update: autumn 2013 - Tuesday 1 October
DMA Legal update: autumn 2013 - Tuesday 1 OctoberDMA Legal update: autumn 2013 - Tuesday 1 October
DMA Legal update: autumn 2013 - Tuesday 1 October
 
How To Do Data Transfers Between EU-US in 2023
How To Do Data Transfers Between EU-US in 2023How To Do Data Transfers Between EU-US in 2023
How To Do Data Transfers Between EU-US in 2023
 
The GDPR for Techies
The GDPR for TechiesThe GDPR for Techies
The GDPR for Techies
 
Be careful what you wish for: the great Data Protection law reform - Lilian E...
Be careful what you wish for: the great Data Protection law reform - Lilian E...Be careful what you wish for: the great Data Protection law reform - Lilian E...
Be careful what you wish for: the great Data Protection law reform - Lilian E...
 
Kroll.cross border ediscovery-2016
Kroll.cross border ediscovery-2016Kroll.cross border ediscovery-2016
Kroll.cross border ediscovery-2016
 
eDiscovery
eDiscoveryeDiscovery
eDiscovery
 
Legal Issues in Research Data Collection and Sharing: An Introduction by EUDA...
Legal Issues in Research Data Collection and Sharing: An Introduction by EUDA...Legal Issues in Research Data Collection and Sharing: An Introduction by EUDA...
Legal Issues in Research Data Collection and Sharing: An Introduction by EUDA...
 
Draft data protection regn 2012
Draft data protection regn 2012Draft data protection regn 2012
Draft data protection regn 2012
 
Cloud Computing and the Public Sector
Cloud Computing and the Public SectorCloud Computing and the Public Sector
Cloud Computing and the Public Sector
 

Más de J. David Morris

Gamification: Leveraging Game Strategies & Big Data to Drive Business with Dr...
Gamification: Leveraging Game Strategies & Big Data to Drive Business with Dr...Gamification: Leveraging Game Strategies & Big Data to Drive Business with Dr...
Gamification: Leveraging Game Strategies & Big Data to Drive Business with Dr...J. David Morris
 
Dr. Bob Hayes Big Data and the Total Customer Experience
Dr. Bob Hayes Big Data and the Total Customer ExperienceDr. Bob Hayes Big Data and the Total Customer Experience
Dr. Bob Hayes Big Data and the Total Customer ExperienceJ. David Morris
 
Wayne Eckerson: Secrets of Analytical Leaders webinar
Wayne Eckerson: Secrets of Analytical Leaders webinarWayne Eckerson: Secrets of Analytical Leaders webinar
Wayne Eckerson: Secrets of Analytical Leaders webinarJ. David Morris
 
Laura Madsen Healthcare Webinar - Big Answers
Laura Madsen Healthcare Webinar - Big AnswersLaura Madsen Healthcare Webinar - Big Answers
Laura Madsen Healthcare Webinar - Big AnswersJ. David Morris
 
Cetas Analytics as a Service for Predictive Analytics
Cetas Analytics as a Service for Predictive AnalyticsCetas Analytics as a Service for Predictive Analytics
Cetas Analytics as a Service for Predictive AnalyticsJ. David Morris
 
Jason Baron, Esq. and James Shook, Esq. - An Inevitable Reality: Machine-base...
Jason Baron, Esq. and James Shook, Esq. - An Inevitable Reality: Machine-base...Jason Baron, Esq. and James Shook, Esq. - An Inevitable Reality: Machine-base...
Jason Baron, Esq. and James Shook, Esq. - An Inevitable Reality: Machine-base...J. David Morris
 
IQPC eDiscovery Goverment - Washington D.C.
IQPC eDiscovery Goverment - Washington D.C.IQPC eDiscovery Goverment - Washington D.C.
IQPC eDiscovery Goverment - Washington D.C.J. David Morris
 
The Catch 22 of Cross Border eDiscovery
The Catch 22 of Cross Border eDiscoveryThe Catch 22 of Cross Border eDiscovery
The Catch 22 of Cross Border eDiscoveryJ. David Morris
 
Overcoming In-house Politics to Implement eDiscovery
Overcoming In-house Politics to Implement eDiscoveryOvercoming In-house Politics to Implement eDiscovery
Overcoming In-house Politics to Implement eDiscoveryJ. David Morris
 
Esoteric ESI eDiscovery webinar
Esoteric ESI eDiscovery webinarEsoteric ESI eDiscovery webinar
Esoteric ESI eDiscovery webinarJ. David Morris
 
IQPC NY Financial Conference on eDiscovery: Legal Speaks Greek and IT Speaks ...
IQPC NY Financial Conference on eDiscovery: Legal Speaks Greek and IT Speaks ...IQPC NY Financial Conference on eDiscovery: Legal Speaks Greek and IT Speaks ...
IQPC NY Financial Conference on eDiscovery: Legal Speaks Greek and IT Speaks ...J. David Morris
 
It takes a village - LegalTech NY 2011
It takes a village - LegalTech NY 2011It takes a village - LegalTech NY 2011
It takes a village - LegalTech NY 2011J. David Morris
 
eDiscovery and Records Oh...My!
eDiscovery and Records Oh...My!eDiscovery and Records Oh...My!
eDiscovery and Records Oh...My!J. David Morris
 
LegalTech Cross Border Disputes
LegalTech Cross Border DisputesLegalTech Cross Border Disputes
LegalTech Cross Border DisputesJ. David Morris
 
EMC SourceOne for SharePoint
EMC SourceOne for SharePointEMC SourceOne for SharePoint
EMC SourceOne for SharePointJ. David Morris
 
eDiscovery Turf Wars at LegalTech 2011
eDiscovery Turf Wars at LegalTech 2011eDiscovery Turf Wars at LegalTech 2011
eDiscovery Turf Wars at LegalTech 2011J. David Morris
 
Mc Carterand English 06152010 F
Mc Carterand English 06152010 FMc Carterand English 06152010 F
Mc Carterand English 06152010 FJ. David Morris
 

Más de J. David Morris (20)

Gamification: Leveraging Game Strategies & Big Data to Drive Business with Dr...
Gamification: Leveraging Game Strategies & Big Data to Drive Business with Dr...Gamification: Leveraging Game Strategies & Big Data to Drive Business with Dr...
Gamification: Leveraging Game Strategies & Big Data to Drive Business with Dr...
 
Dr. Bob Hayes Big Data and the Total Customer Experience
Dr. Bob Hayes Big Data and the Total Customer ExperienceDr. Bob Hayes Big Data and the Total Customer Experience
Dr. Bob Hayes Big Data and the Total Customer Experience
 
Wayne Eckerson: Secrets of Analytical Leaders webinar
Wayne Eckerson: Secrets of Analytical Leaders webinarWayne Eckerson: Secrets of Analytical Leaders webinar
Wayne Eckerson: Secrets of Analytical Leaders webinar
 
Laura Madsen Healthcare Webinar - Big Answers
Laura Madsen Healthcare Webinar - Big AnswersLaura Madsen Healthcare Webinar - Big Answers
Laura Madsen Healthcare Webinar - Big Answers
 
Cetas Analytics as a Service for Predictive Analytics
Cetas Analytics as a Service for Predictive AnalyticsCetas Analytics as a Service for Predictive Analytics
Cetas Analytics as a Service for Predictive Analytics
 
KMWorld Presentation
KMWorld PresentationKMWorld Presentation
KMWorld Presentation
 
Jason Baron, Esq. and James Shook, Esq. - An Inevitable Reality: Machine-base...
Jason Baron, Esq. and James Shook, Esq. - An Inevitable Reality: Machine-base...Jason Baron, Esq. and James Shook, Esq. - An Inevitable Reality: Machine-base...
Jason Baron, Esq. and James Shook, Esq. - An Inevitable Reality: Machine-base...
 
IQPC eDiscovery Goverment - Washington D.C.
IQPC eDiscovery Goverment - Washington D.C.IQPC eDiscovery Goverment - Washington D.C.
IQPC eDiscovery Goverment - Washington D.C.
 
The Catch 22 of Cross Border eDiscovery
The Catch 22 of Cross Border eDiscoveryThe Catch 22 of Cross Border eDiscovery
The Catch 22 of Cross Border eDiscovery
 
Overcoming In-house Politics to Implement eDiscovery
Overcoming In-house Politics to Implement eDiscoveryOvercoming In-house Politics to Implement eDiscovery
Overcoming In-house Politics to Implement eDiscovery
 
Esoteric ESI eDiscovery webinar
Esoteric ESI eDiscovery webinarEsoteric ESI eDiscovery webinar
Esoteric ESI eDiscovery webinar
 
IQPC NY Financial Conference on eDiscovery: Legal Speaks Greek and IT Speaks ...
IQPC NY Financial Conference on eDiscovery: Legal Speaks Greek and IT Speaks ...IQPC NY Financial Conference on eDiscovery: Legal Speaks Greek and IT Speaks ...
IQPC NY Financial Conference on eDiscovery: Legal Speaks Greek and IT Speaks ...
 
It takes a village - LegalTech NY 2011
It takes a village - LegalTech NY 2011It takes a village - LegalTech NY 2011
It takes a village - LegalTech NY 2011
 
eDiscovery and Records Oh...My!
eDiscovery and Records Oh...My!eDiscovery and Records Oh...My!
eDiscovery and Records Oh...My!
 
LegalTech Cross Border Disputes
LegalTech Cross Border DisputesLegalTech Cross Border Disputes
LegalTech Cross Border Disputes
 
Pardon the eDiscovery
Pardon the eDiscoveryPardon the eDiscovery
Pardon the eDiscovery
 
EMC SourceOne for SharePoint
EMC SourceOne for SharePointEMC SourceOne for SharePoint
EMC SourceOne for SharePoint
 
eDiscovery Turf Wars at LegalTech 2011
eDiscovery Turf Wars at LegalTech 2011eDiscovery Turf Wars at LegalTech 2011
eDiscovery Turf Wars at LegalTech 2011
 
Apps Preso
Apps PresoApps Preso
Apps Preso
 
Mc Carterand English 06152010 F
Mc Carterand English 06152010 FMc Carterand English 06152010 F
Mc Carterand English 06152010 F
 

US eDiscovery v UK eDisclosure

  • 1. 1© Copyright 2010 EMC Corporation. All rights reserved. Be st Practice We binar eDiscovery& eDisclosure: US & UK e Disco ve ry and Privacy Laws e Disco ve ry series sponsored by EMC SourceOne eDiscovery - Kazeon
  • 2. 2© Copyright 2010 EMC Corporation. All rights reserved. eDiscovery& eDisclosure: US & UK e Disco ve ry and Privacy Laws Panelists Quentin Archer – Partner at Hogan Lovells, London and Co-Chair of Sedona Conference Working Group 6. James D. Shook – Director, EMC eDiscovery and Compliance Legal Group; member Sedona Conference WG1 and WG6. J. David Morris - webinar moderator
  • 3. 3© Copyright 2010 EMC Corporation. All rights reserved. The Data Explosion Different Worlds The UK DPA Meeting Cross-Border Challenges The Sedona Conference eDiscovery& eDisclosure: US & UK e Disco ve ry and Privacy Laws 
  • 4. 4© Copyright 2010 EMC Corporation. All rights reserved. Information Today – The Big Picture 1.8ZbLots of It Mostly Unstructured 95% Mostly Unmanaged 85% Becoming More Regulated ▲ Created by Organizations 85% Information
  • 5. 5© Copyright 2010 EMC Corporation. All rights reserved. Average US eDiscovery Costs 10x increased costs to outsource $1.5M average cost per incident $34M average annual legal costs 89% of companies face litigation $18M+ cost to review 1 TB of info
  • 6. 6© Copyright 2010 EMC Corporation. All rights reserved. 67% of eDiscovery Cases Awarded Sanctions in 1H2010 (31 Cases Requested Sanctions; 21 Cases Awarded Sanctions) Source: DIGITAL DISCOVERY & E-EVIDENCE REPORT ISSN 1941-3882
  • 7. 7© Copyright 2010 EMC Corporation. All rights reserved. The Data Explosion Different Worlds The UK DPA Meeting Cross-Border Challenges The Sedona Conference eDiscovery& eDisclosure: US & UK e Disco ve ry and Privacy Laws 
  • 8. 8© Copyright 2010 EMC Corporation. All rights reserved. World Litigation Overview US Common law Broad, expansive discovery “E-discovery” Generally bear fees & costs UK Common law Reasonable discovery “E-disclosure” Loser pays CN Common Law Broad, includes e-data Civil Code Limited disclosure
  • 9. 9© Copyright 2010 EMC Corporation. All rights reserved. Worlds Apart? US UK/CN EU Privacy Very little in the workplace Strong protection for employees Very strong Data Ownership Employer-focused Employee-focused Employee-focused eDiscovery Broad, expensive UK: Growing but < US Typically very limited
  • 10. 10© Copyright 2010 EMC Corporation. All rights reserved. Privacy Concerns Source: Fulbright and Jaworski, 7th Annual Litigation Trends Survey Report
  • 11. 11© Copyright 2010 EMC Corporation. All rights reserved. The Data Explosion Different Worlds The UK DPA Meeting Cross-Border Challenges The Sedona Conference eDiscovery& eDisclosure: US & UK e Disco ve ry and Privacy Laws 
  • 12. 12© Copyright 2010 EMC Corporation. All rights reserved. UK Data Protection Act 1998 • Implements EU Data Protection Directive 1995 • Regulates the activities of "data controllers", who control the purposes for which data is processed • "Processing" covers just about any activity relating to data • "Personal data" is data relating to an identifiable living individual • Data in manual unstructured filing systems is not included eDiscovery& eDisclosure: US & UK e Disco ve ry and Privacy Laws
  • 13. 13© Copyright 2010 EMC Corporation. All rights reserved. The Data Protection Principles • Personal data must be processed in accordance with eight data protection principles • Breach of the principles can lead to enforcement action by the Information Commissioner, or a private action for damages • Deliberate or reckless breaches can result in penalties of up to £500,000 • Breaches in the financial services field can also attract the attention (and fines) of the Financial Services Authority eDiscovery& eDisclosure: US & UK e Disco ve ry and Privacy Laws
  • 14. 14© Copyright 2010 EMC Corporation. All rights reserved. Principles 1 to 4 • Personal data must be processed fairly and lawfully • Personal data must be obtained for specified purposes and not processed in a manner incompatible with those purposes • Personal data must be adequate, relevant and not excessive • Personal data shall be accurate and (where necessary) kept up to date eDiscovery& eDisclosure: US & UK e Disco ve ry and Privacy Laws
  • 15. 15© Copyright 2010 EMC Corporation. All rights reserved. Principles 5 to 8 • Personal data must not be kept longer than necessary • Personal data must be processed in accordance with the rights of data subjects • Appropriate technical and organisational measures must be taken against unauthorised processing, and against loss or destruction • Personal data must not be transferred to a country outside the EEA unless that country ensures an adequate level of protection for the rights and freedoms of data subjects in relation to personal data eDiscovery& eDisclosure: US & UK e Disco ve ry and Privacy Laws
  • 16. 16© Copyright 2010 EMC Corporation. All rights reserved. Controllers and processors • An entity which processes personal data on behalf of a data controller is a "data processor" • There must always be a written contract between the data controller and the data processor • Contracts must require the processor to act only on the instructions of the controller, and to comply with the security conditions in the seventh principle • The security conditions require: • The implementation of appropriate technical and organisational measures to protect against unauthorised or unlawful processing, taking into account the harm that might result • Taking steps to ensure reliability of employees eDiscovery& eDisclosure: US & UK e Disco ve ry and Privacy Laws
  • 17. 17© Copyright 2010 EMC Corporation. All rights reserved. Exporting personal data • No transfer of personal data outside the EEA unless the destination territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data • “Transfer” and “adequate level of protection” are important concepts • Several cases where the general rule does not apply eDiscovery& eDisclosure: US & UK e Disco ve ry and Privacy Laws
  • 18. 18© Copyright 2010 EMC Corporation. All rights reserved. What is a transfer? • No transfer merely by placing material on the Web (Lindqvist case, November 2003) • But placing material on an intranet, where the intention is to make it available to people in different countries, may be subject to different criteria • Mere transit (e.g. routing emails through a third country) unlikely to amount to a "transfer" eDiscovery& eDisclosure: US & UK e Disco ve ry and Privacy Laws
  • 19. 19© Copyright 2010 EMC Corporation. All rights reserved. Who determines adequacy? • Exporting data controller must assess adequacy • If there is a Community finding of adequacy, the controller can rely on that • In the case of a controller-processor transfer, the Commissioner may presume adequacy: • Data controller remains liable • Must be a written contract in place • Must be no particular risks in destination country eDiscovery& eDisclosure: US & UK e Disco ve ry and Privacy Laws
  • 20. 20© Copyright 2010 EMC Corporation. All rights reserved. EU findings of adequacy for non-EEA countries • Andorra • Argentina • Canada (but only to activities covered by the Personal Information Protection and Electronic Documents Act) • Faeroe Islands • Guernsey • Isle of Man • Israel • Jersey • Switzerland • USA (Safe Harbor and passenger data only) eDiscovery& eDisclosure: US & UK e Disco ve ry and Privacy Laws
  • 21. 21© Copyright 2010 EMC Corporation. All rights reserved. Where export is possible, even if no adequate protection • If the data subject has given consent • If the transfer is necessary for the performance of a contract with the data subject • If the transfer is necessary for the purposes of: • Legal proceedings • Obtaining legal advice • Establishing, exercising or defending legal rights • Use of model contract clauses • Binding corporate rules eDiscovery& eDisclosure: US & UK e Disco ve ry and Privacy Laws
  • 22. 22© Copyright 2010 EMC Corporation. All rights reserved. Differences within the EU • Concept of personal data is narrower in the UK than in the rest of the EU (Durant case) which has caused difficulties • Many EU regulators exercise greater supervision, including a requirement to approve contracts for the export of personal data • Fines can be larger than the UK eDiscovery& eDisclosure: US & UK e Disco ve ry and Privacy Laws
  • 23. 23© Copyright 2010 EMC Corporation. All rights reserved. The Data Explosion Different Worlds The UK DPA Meeting Cross-Border Challenges The Sedona Conference eDiscovery& eDisclosure: US & UK e Disco ve ry and Privacy Laws 
  • 24. 24© Copyright 2010 EMC Corporation. All rights reserved. Between A Rock and A Hard Place • Claim for unpaid invoices – AccessData sued ALSTE, a German company • ALSTE objected to discovery requests – Claimed violation of GDPA and German Constitution • Court disagreed, ordered production "[i]t is well settled that such [blocking] statutes do not deprive an American court of the power to order a party subject to its jurisdiction to produce evidence even though the act of production may violate that statute." See Societe Nationale Industrielle Aerospatiale, 482 U.S. 522, 544 (1987). AccessData Corp. v. ALSTE Technologies GmbH, 2010 WL 318477 (D. Utah Jan. 21, 2010)
  • 25. 25© Copyright 2010 EMC Corporation. All rights reserved. Some Practical Issues Inter-country data transfers - Backup strategies - Email Archiving / Management - HR Systems - The Cloud US Litigation eDiscovery& eDisclosure: US & UK e Disco ve ry and Privacy Laws
  • 26. 26© Copyright 2010 EMC Corporation. All rights reserved. The Data Explosion Different Worlds The UK DPA Meeting Cross-Border Challenges The Sedona Conference eDiscovery& eDisclosure: US & UK e Disco ve ry and Privacy Laws 
  • 27. 27© Copyright 2010 EMC Corporation. All rights reserved. The Sedona Conference • A non-profit educational and research institute dedicated to the advanced study of law and policy • Promotes dialogue (rather than debate) as the best means of promoting developments in the law in a reasoned and just fashion • Concentrates on antitrust law, intellectual property and complex litigation • Seven Working Groups focussing on different aspects of the law eDiscovery& eDisclosure: US & UK e Disco ve ry and Privacy Laws
  • 28. 28© Copyright 2010 EMC Corporation. All rights reserved. Sedona Conference WG6 • Mission of Sedona Working Group 6 is to address issues that arise in the context of e-information management and e- disclosure for organizations subject to litigation and regulatory oversight in multiple jurisdictions with potentially conflicting internal laws. • Framework for Analysis of Cross-Border Conflicts was released in 2008 and cited shortly thereafter by the European Commission's Article 29 Working Party • Continuing dialogue with EU Commission, Article 29 Working Party, regulators and US judiciary on proper approach to resolving conflicts between disclosure and data protection laws eDiscovery& eDisclosure: US & UK e Disco ve ry and Privacy Laws
  • 29. 29© Copyright 2010 EMC Corporation. All rights reserved. Question and Answers Quentin Archer - quentin.archer@hoganlovells.com James D. Shook, Esq. – jim.shook@emc.com J. David Morris – david.morris@emc.com Hogan Lovells - www.hoganlovells.com Discover More! www.kazeon.com/discover www.kazeon.com/blog - case coverage and eDiscovery topics eDiscovery& eDisclosure: US & UK e Disco ve ry and Privacy Laws

Notas del editor

  1. Quentin Archer Quentin specialises in matters involving computers, communications and other aspects of high technology. He regularly advises on the resolution of technical disputes, the preparation and negotiation of outsourcing and other IT agreements, and on regulatory issues such as data protection. Quentin is the co-chair of the Sedona Working Group on International Data Privacy issues. Jim Shook Jim is a recognized authority on legal discovery and compliance issues related to electronic information. In his role as the Director of EMC’s eDiscovery and Compliance Legal Team, Jim regularly counsels EMC’s customers in helping them to solve challenges with eDiscovery, compliance, and privacy. He is a long-time, active member of The Sedona Conference. David Morris
  2. Information is at the heart of your business and fundamentally there’s a lot of it. There is forecast to be 1.8 zetabytes of information by 2011, so there is lot of information out there. Most of that information is not sitting inside of databases. In fact, 95 percent of information is unstructured. That’s emails, files, videos – any type of content that is out in your environment today. What you will find is that most of it in your organization is unmanaged. We estimate that 85 percent of all information that sits out in an organization today is unmanaged and that means there is no formal retention policy, no formal data protection policy in place for managing that information. In fact, even though individuals create a great amount of information today, organizations are accountable for also about 85 percent of the information overall in the industry today. So there’s a lot of information out there. It’s not very well managed, and it’s becoming more and more regulated. And information across the organization and the penalties for not properly managing the organization are getting more and more severe. If you do the math, by 2011 there is 1.2 zetabytes of information out there and that information is in organizations and needs to be looked at, to be managed, and it’s not being done today. And that’s really the challenge and the opportunity that we see in this marketplace today. Uncontrollable growth of information: SharePoint: 2 billion seats, growing at 25%, will surpass $5 billion by 2012 More than half of organizations are running SharePoint Email is growing at 20% * Risks and costs of litigation: 40% of largest companies spend over $5 million annually on litigation ** Hyundai was fined $8M for willfully failing to comply with discovery requests *** 80% of electronic discovery includes email****
  3. Growing need for eDiscovery amongst corporations Once a Litigation event occurs the Corporation must by law respond. There is no OPT out. 89% of companies face litigation (Fulbright &amp; Jaworski 6th annual litigation study) Chances are high that they have some internal investigation or audit now It costs $18M to handle eDiscovery for 1 TB of information if you are not prepared (Gartner) The costs of complete outsourcing could be as high as 10x the cost of internal handling of eDiscovery Risks and costs of litigation: 40% of the largest companies spend over $5 million annually on litigation (Fulbright and Jaworski) Willful destruction of evidence lead to sanctions – E.g. $29 million in damages (Zubulake vs. UBS Warburg) Average annual cost of litigation preparedness and response is $34M for large corporations Federal Rules of Civil Procedure (FRCP) – speed is of the essence for eDiscovery (Summaries from slide 4) There are compelling statistics about eDiscovery. 89% of companies face litigation … and nearly all companies have some kind of internal investigation or audit at any given point in time. With average costs of incidents being $1.5M it’s important to have cost containment strategies and repeatability. Further, the costs of outsourcing, not to mention the resulting lack of control, are reasons to strongly consider deploying in-house eDiscovery technology. 10x came from the Kazeon site with side by side differences for in-house vs. a 3rd party
  4. Today we’ll discuss a content intelligence challenge that faces numerous businesses like yours—unmanaged file growth. Examples of questions to answer are where is it located, how much do you have, and when can you delete it. We will then examine EMC&amp;apos;s offering to address this business challenge, EMC SourceOne File Intelligence. We will then follow up with some representative use cases and conclude with a summary.