The minefield that is overseas data storage

1269986381_img1Have a good hard think before you store data overseas and make sure you aware of the data privacy and access laws of other countries before you trust them with your precious company data.

That’s the advice from Forensics Group founder Kris Haworth in an interesting article looking into the potential hazards of storing data outside of the US.

Haworth says that if your data is stored overseas, it would very unwise to assume you will be able to access it if faced with litigation. US lawyers might find themselves in a difficult situation as they are obliged to abide by certain laws which don’t necessarily apply to data access in other countries, which have their own regulations.

As storing data in the cloud becomes more prevalent, Haworth says it’s increasingly important to address this issue as there is currently no right to discovery in international law.

Data privacy principal David Melnick agrees and says companies need to first assess the risks and put safeguards in place if they plan to share their intellectual property with a third party, especially when it is overseas.

All the experts quoted were united in the view that companies have a tendency to ignore the research needed into the legislation of the country where the data storage facility is located. This oversight is due to the borderless nature of the Internet.

Haworth acknowledges that there are good reasons for storing data overseas and the wisest way to handle cross border data storage is to seek legal counsel, who can help protect your data as much as possible.

Employee email is open to employer eyes

ediscoveryRecent outrage at Harvard University over employers searching staff email comes as a timely reminder that company email accounts aren’t private.

Shannon Green reports for that faculty members at the university were angered when they discovered administrators had secretly searched the email accounts of some staff hunting for media leaks.

Most employers are within their rights to search employee email, as outlined in policy documents like employee handbooks. So what is the best way to go about it?

Littler Mendelson partner Adam Fiss says email monitoring software – which makes it much faster to search emails – is more readily available, but the take-up rate isn’t particularly high yet. He says employers tend to only read employee emails in response to an issue that arises.

Fiss is in agreement with other experts that it’s not always appropriate to inform an employee in advance that their email will be searched but it is good practice to let them know after the fact to demonstrate transparency. It also presents a good opportunity to refresh all employees on company policy regarding email privacy.

Text messages are discoverable

The E-Discovery Beat blog takes a look at a recent case which highlights the importance of preserving text message evidence.preserve dictionary def

Mike Hamilton, J.D., writes that text messages are becoming as important as other forms of communication and there is an expectation they should be preserved as potentially relevant evidence.

In Regas Christou v. Beatport, nightclub owner Christou sued a competitor and others over threats which could lead to a monopoly over online dance music sales. The defendants told employees to preserve potentially relevant data including text messages, yet no SMS’ were handed over in response to the plaintiff’s discovery request. A few months later, the defendant revealed that he had lost his iPhone and all its text messages.

The defendant argued against a subsequent motion filed for spoliation sanctions, saying there were no relevant text messages on the lost phone. The court rejected this argument because no proof was provided that the text messages had been reviewed before the phone was lost. However, the court didn’t find that the spoliation amounted to anything more than negligence and so decided not to grant an adverse inference instruction, instead allowing the plaintiff to present the argument to a jury at trial.

Hamilton drew three key lessons from this case:-

1. Duty to preserve potentially relevant data – it’s not just relevant data that should be preserved. In Regas Christou v. Beatport, the defendants couldn’t prove they had preserved or analysed the text messages before the phone was lost.
2. Documentation – a legal team should document all decisions that are made and the reasons for it. Even if they had reviewed the text messages before the phone was lost, there was no record to prove this. Documenting discovery decisions can be an almost-impossible task but there are software tools that can help by automatically recording the review process.
3. Software integration/mobile collection – software collection tools are the best way to collect and search mobile data in a defensible way.


Get every new post delivered to your Inbox.

%d bloggers like this: