eDiscovery and Information Governance – Tip of the Month: Tips of the Month 2021: A Compilation – Privacy

United States: eDiscovery and Information Governance – Tip of the Month: 2021 Tips of the Month: A Compilation

To print this article, all you need to do is be registered or log in to Mondaq.com.

In 2021, litigants and eDiscovery practitioners faced a mix of new developments and ongoing challenges. Data privacy laws continued to evolve rapidly, while emerging technologies provided businesses with better ways to respond to data breaches. As the volume of electronic documents continued to grow, 2021 was a good year to take stock of document management policies and protocols for managing eDiscovery at scale. The year 2021 also saw several notable developments in the litigation process. Key highlights from Mayer Brown’s Tip of the Month coverage of these topics last year are summarized below.

Data Privacy and Data Breaches

  • GDPR. The General Data Protection Regulation (GDPR) presents a significant compliance hurdle for companies transferring data to jurisdictions outside of the European Economic Area (EEA), including to the United States. Although the GDPR was implemented in 2018, there were three major developments in 2021:
    • Brexit. With the Brexit transition having ended in 2020, transfers of personal data outside the UK are now subject to separate requirements under the UK GDPR (which are, at least now, substantially the same as the requirements under GDPR). EU GDPR).
    • CCS. In June 2021, the European Commission published a final version of its new “Standard Contractual Clauses” (SCCs) for international transfers of personal data outside the EEA, SCCs which will replace those on which many companies currently rely. for transfers to the United States.
    • Transfer impact assessments. Also in June 2021, the European Data Protection Board published a final version of its recommendations on additional measures for international transfers of personal data outside the EEA, including advice on how to carry out “transfer impact assessments” when transferring certain personal data.
  • Use of AI in data breaches. Every year brings its share of high-profile data breaches, and 2021 was no exception. Fortunately, emerging artificial intelligence (AI) technology makes it easier for businesses to respond to data breaches.
    • A response will often involve notifying the individuals whose data has been accessed. Identifying these individuals typically requires a large and complex review of data from sources with varying degrees of uniformity and accessibility, ranging from scanned paper files to databases containing data for thousands of individuals.
    • Artificial intelligence technologies show promise for identifying and extracting data from large pools of documents, especially when the documents are uniform.
    • Despite developments in these AI technologies, sometimes it may be preferable to rely on human reviewers for complex or irregular files such as those scanned from hard copies or originally compiled by hand.

“Big Data”

  • Document Management Policies. As the amount of electronic information increases, the ability to manage that information can rapidly decline. A records management policy is often essential to control the creation, maintenance, and destruction of records and data.
    • Successfully implementing records management policies can reduce costs, streamline the organization’s information management system, and facilitate a more efficient and effective response to litigation requests. Additionally, knowing what records are kept and where they are kept will be invaluable in responding to a data breach, complying with discovery obligations, or in the event of disaster recovery.
    • An effective document management policy will include programs that regularly eliminate redundant documents and other data. It will also establish protocols for suspending the destruction of documents when the company faces litigation.
    • To ensure the proper implementation of a records management policy, a knowledgeable official should be appointed to oversee it. Records managers should strive to educate senior management on legal obligations regarding records management, including data privacy and regulatory obligations.
  • eDiscovery Management. When faced with large volumes of data, there are strategies a producing party can use to reduce massive volumes of data to a more manageable level.
    • When considering using advanced analytics to filter large volumes of data, hiring the right eDiscovery vendor is an important first step.
    • Once a vendor is selected, the attorney should consider using “early case assessment” tools and review workflows to prioritize documents for review and production.
    • Lawyers should also consider using other technologies to expedite the review of large documents, including concept clustering, email discussion thread, and technology-assisted review technologies (such as learning continuously active).

Litigation procedure

  • FRCP 30(b)(6). In December 2020, amended Federal Rule of Civil Procedure 30(b)(6) came into effect, requiring parties to meet and confer on matters to be considered in a company deposition, d an agency or other organization.
    • The purpose of the review is to help reduce the number of disputes surrounding the testimony and witness(es) under Rule 30(b)(6) that come before the court.
    • The rule change is designed to help clarify test topics proposed earlier in the litigation.

As we enter a new year, we anticipate that many of these trends, developments, and tips will remain relevant.

Visit us at mayerbrown.com

Mayer Brown is a global provider of legal services comprised of law firms that are separate entities (the “Mayer Brown Firms”). The Mayer Brown firms are: Mayer Brown LLP and Mayer Brown Europe – Brussels LLP, two limited liability companies established in Illinois in the United States; Mayer Brown International LLP, a limited company incorporated in England and Wales (authorized and regulated by the Solicitors Regulation Authority and registered in England and Wales under number OC 303359); Mayer Brown, a SELAS based in France; Mayer Brown JSM, a partnership of Hong Kong and its associated entities in Asia; and Tauil & Checker Advogados, a Brazilian legal partnership with which Mayer Brown is associated. “Mayer Brown” and the Mayer Brown logo are registered trademarks of Mayer Brown law firms in their respective jurisdictions.

© Copyright 2020. Mayer Brown Practices. All rights reserved.

This article by Mayer Brown provides information and commentary on interesting legal issues and developments. The foregoing is not a complete treatment of the subject matter covered and is not intended to provide legal advice. Readers should seek specific legal advice before taking any action regarding the matters discussed here.


Proposed Update to the State Privacy Protection Act: January 18, 2022

Husch Blackwell LLP

2022 is off to a fast start with proposed state privacy laws tabled in Alaska, Florida, Indiana, Kentucky, New Jersey, Pennsylvania and Vermont, joining the long list of bills already tabled.

Top Privacy Issues to Watch for in 2022

Kelley Drye & Warren LLP

You’ve probably seen a lot of privacy predictions for 2022 over the past few weeks. Here’s one that reflects the collective thoughts of our diverse privacy team…

Comments are closed.