RVM’s Managing Director of Professional Services Laura Kibbe shares her thoughts on the changes and challenges that have impacted the eDiscovery industry this year, and what we should expect from the fast approaching year 2016.
Could you talk to us about the potential legal conflicts created by the preservation and production of “international” information, and the power of domestic privacy laws over that information?
With the fall of safe harbor and certain local European DPAs suggesting that even model contracts or BCRs might not offer adequate protection, the global company needing to transfer personal data to the US for any reason could find itself in a very real conflict situation: meeting US regulatory or litigation requirements vs. non-compliance with data privacy requirements. While safe harbor in the past offered a practical way to appease these competing tensions, in light of the Schrems decision, as of right now, there is no “safe” alternative. The reality is that every day companies are making that risk decision when they have to move data to do business globally.
Another challenge of the future is the reduction of eDiscovery costs. What should lawyers expect when they hear the words “information governance”?
Information governance is a buzzword that encompasses a lot of things. It could mean litigation readiness, litigation hold, data framework… In general, companies should consider information as an asset. They should create a budget to protect that asset. General Counsels shouldn’t be shocked if a judge asked “Why is your house not in order?” Service providers can certainly help determine which projects to undertake, and help execute these projects. Information governance is essential to be better prepared during litigation.
You mentioned the amended FRCP. Could you tell us more about how these revisions will improve e-Discovery?
I think the biggest thing to note about the rules is that in large part they are a codification of what many of us have been preaching as best practices for a number of years. Of course they are a compromise portion—which means both sides are not completely happy—but in general, they strike the position that if you are reasonable and proceed in good faith, if inadvertent mistake should happen, there should not be case altering draconian sanctions. And if you ask for something that is so disproportionate to the case at issue, you probably shouldn’t get it. That should give companies some solace that cases will be fought on the merits, and plaintiffs a cautionary warning that frivolous “gotcha” actions are a thing of the past. All in all, I believe they move the ball forward, maybe not as far as all would like it but certainly they help create a framework I am comfortable working with my clients within.
 On October 6, 2015, the Court of Justice of the European Union declared in a judgment in case C-362/14, Schrems v. Data Protection Commissioner, that safe harbor rules don’t automatically ensure an adequate level of protection of personal data transferred across state lines. Therefore, national supervisory authorities are allowed to examine levels of protection of personal data, and increase that protection if necessary.