Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Law & Candor Season 12: Five Views of Innovation and Risk Impacting AI, eDiscovery, and Legal
AI, generative AI, antitrust, second requests, HSR, eDiscovery, review, information governance, healthcare, legal operations, law firm, corporate counsel ai-and-analytics; compliance; corporate; corporate-legal-ops; data-analytics; healthcare; healthcare-litigation; innovative-technology; innovation; information-governance; law-firm; mergers; modern-data; phi; pii; podcast; self-service, spectra; regulation; production mitch montoya In a year of unprecedented advancement in AI capabilities and economic uncertainty, legal teams and attorneys have been given both a compelling look into what the future of their work may look like and a sharp picture of today‚Äôs challenges. With a critical eye on how to manage and capitalize on these dueling perspectives that define legal‚Äôs current landscape, the guests on the new season of Law & Candor offer insights on a range of issues, including generative AI, new M&A guidelines and HSR rules, collaboration data, strategic partnerships, and the future of the industry. Listen for news, AI and technology updates, and best practices from leaders confronting these challenges and charting new paths forward. Episode 1: The Power of Three: Maximizing Success with Law Firms, Corporate Counsel, and Legal Technology Episode 2: What You Need to Know About the New FTC and DOJ HSR Changes Episode 3: Why Your eDiscovery Program and Technology Need Scalability Episode 4: Generative AI and Healthcare: A New Legal Landscape Episode 5: The Great Link Debate and the Future of Cloud Collaboration To keep up with news and updates on the podcast, follow Lighthouse on LinkedIn and Twitter . And check out previous episodes of Law & Candor at lighthouseglobal.com/law-and-candor-podcast. For questions regarding this podcast and its content, please reach out to us at firstname.lastname@example.org.
Navigating Cross-Border eDiscovery Issues in the Wake of a U.S. Adequacy Determination
At Lighthouse our teams have the benefit of working across numerous clients, cases, and jurisdictions. As a result, we are building deep institutional knowledge across many aspects of eDiscovery that may be more difficult for individuals or teams to amass organically. To benefit our clients, we regularly share these insights in an ongoing series of best practices articles. This article provides updated guidance on cross-border eDiscovery in the wake of a recent adequacy determination by the European Commission for EU-US data transfers.Best Practices to Support Cross-Border Data Transfers in eDiscovery In any matter that potentially involves the processing and transfer of personal data across country borders, case teams should consider the following factors before deciding on a strategy:The underlying company‚Äôs own policy governing the processing of personal data (including transfer mechanisms, such as consent and/or binding corporate rules)The specific countries at issue (some countries have additional requirements for data residency, heightened consent requirements, etc.)The nature of the data (including special categories of protected data, i.e., high risk data), as well as the importance of the custodian and uniqueness/criticality of the dataThe options and feasibility of obtaining custodian consent for the transfer of their data (e.g., time to obtain consent, employment status of the custodian, the impact of obtaining consent on an investigation)When evaluating options for where the data should be processed, case teams should also consider:The country where most custodians are located (i.e., where the largest volume of data will be located) Data center options (if no data center, consider other cloud based or remote kit options and the impact on downstream search/review)The pros and cons of processing data in a single data repositoryMinimization at the point of collection as opposed to once data is processed into a review toolNote that most clients follow a ‚Äúhub-centric‚Äù approach and process data in accordance with specific regions, e.g., data stored in the US is processed in the US; data stored in Europe is processed in a European data center; data stored in APAC is process either in APAC, depending on the country-specific laws, or in Europe, and so forth.Whenever non-U.S. data is present in a matter, case teams should consider the following best practices for cross-border data transfers:Establish lawful grounds for processing personal data (e.g., custodian consent, adequacy decision, or a legal exception defined by applicable data privacy regulations, such as the GDPR‚Äôs legitimate business interest exception). Note that many case teams choose not to rely solely on custodial consent for larger matters, unless the data originates from a highly restrictive jurisdiction (e.g., Switzerland, France, Germany, Luxembourg, etc.) or the matter involves specially protected data. Ensure there are adequate safeguards in place to support exceptions, such as the legitimate business interest exception. At a minimum, this includes efforts to ‚Äúminimize‚Äù what is being processed (i.e., collecting only data that is necessary for the activity at hand). Case teams can minimize the volume of data being processed by using keywords or other filters to reduce what is collected, culling data at the processing stage, conducting a search for certain categories of personal data, redacting personal data, and permitting a custodian to review data prior to transfer.Case teams should also follow specific best practices when encountering any of the below scenarios during eDiscovery: Matters involving U.S. litigations and eDiscovery: Consider adding supplemental data privacy safeguards, including putting a protective order in place that specifically addresses the handling of personal data subject to applicable law (e.g., GDPR and other applicable country specific regulations). This includes provisions to designate certain data as subject to the protective order and specific provisions that require the deletion of data (and confirmation of deletion) once the litigation concludes. Matters involving cross-border transfers from other (non-U.S.) countries: Ensure an appropriate cross-border transfer mechanism is in place for all data transfers. Common examples of appropriate cross-border transfer mechanisms include model contract clauses, intra-company agreements, and adequacy decisions rendered by the European Commission (including the adequacy decision for the new EU-U.S. Data Privacy Framework).Matters involving data originating in China (PRC): Take into consideration all data security implications and PRC laws before transferring any data out of the country (including the requirement to conduct a state-secrets review in-country before any data can be transferred outside the country).Matters involving data originating in countries with heightened privacy restrictions and/or sector-specific requirements (i.e., bank secrecy): Consider processing (and potentially reviewing) data in-country.Document the protocol adhered to for each matter.ConclusionWhile transferring personal data across borders may feel like an increasingly complicated task for legal and eDiscovery teams, it is also a task that will be increasingly necessary as corporate data volumes grow and spread. The good news is that case teams do not have to navigate those complexities alone. An experienced eDiscovery partner with a global footprint and information governance/legal experts on staff can work closely with both outside and in-house counsel to develop a solution for cross-border data transfers that meets the legal requirements and needs of each matter. resource-article; data-privacy; information-governanceCross-border data transfercross-border-data-transfersjamie brown
No items found. Please try different search parameters.