Global data privacy laws: The #1 cross-border e-discovery challenge

In the year since the EU’s rejection of Safe Harbor, there has been a spike in legal concern over cross-border data transfers, according to a survey by BDO Consulting.

Sixty percent of corporate counsel surveyed for this year’s report said their biggest challenge in cross-border e-discovery comes from numerous—and often conflicting—international privacy and security laws. This concern far surpasses other concerns listed, including access to data (12 percent), communication barriers (10 percent), and coordination with local resources (eight percent).

Thirty-seven percent of in-house counsel now see the EU as the most challenging jurisdiction for cross-border e-discovery. Much of that concern stems from the European Court of Justice’s move to invalidate the 15-year-old Safe Harbor legal framework for transatlantic data transfers in late 2015, thereby allowing each EU member state to establish its own set of rules and regulations.

Safe Harbor’s replacement, the EU-US Privacy Shield, helps reconcile some of the data privacy protections across different countries; nevertheless, individual country requirements still vary. It is expected that the EU’s General Data Protection Regulation (GDPR), which becomes law in May 2018, will provide greater clarity around data protections in the EU. However, the GDPR also significantly expands the scope and enforceability of the EU’s data privacy regime.

These regulatory changes, along with other complexities and emerging risks—like the rise of cyber threats, mobile device usage, and volume of data required for litigation—are driving corporate counsel to embrace sophisticated technologies to better manage e-discovery processes.

“Most counsel today have become comfortable with the idea of using technology and analytics in the e-discovery process,” said Stephanie Giammarco, BDO Consulting partner and Forensic Technology Services practice leader. “Now that technology is more accessible and adoption has increased, the focus has shifted to best practices for maximizing its impact on managing the explosive amount of data required for litigation and investigative matters.”

Information governance gains prominence

The survey also found that corporate counsel are emphasizing improved information governance as a critical way to lower the cost and resource strain of the e-discovery process. Nearly four in 10 (39 percent) say escalating costs is one of the top three e-discovery issues that will have the greatest business impact on corporations. Two-thirds of respondents (62 percent) say they plan to increase their investment in information governance this year.

“The lack of predictability of e-discovery costs has long been a major pain point for in-house counsel,” said George Socha, managing director in BDO Consulting’s Forensic Technology Services practice and co-founder of the Electronic Discovery Reference Model (EDRM). “Preparing a reliable annual e-discovery budget is hard enough, and actually adhering to one can be nearly impossible. Better information governance as well as disciplined tracking and analyses can significantly reduce the variable nature of e-discovery costs.”

Cybersecurity and mobility among top legal risks

Most corporate counsel (74 percent) rank a data breach as one of their organization’s top three data-related legal risks, and 68 percent said the legal department is more involved with cybersecurity than it was 12 months ago. Roughly one-quarter (27 percent) of corporate counsel, however, said they either don’t have, or are unaware of, cyber risk requirements for third-party vendors.

One in four (27 percent) respondents rank mobile data management as one of their organizations’ top three data-related legal risks. Roughly one-third of respondents also listed managing mobile data (32 percent) and bring-your-own-device policies (35 percent) as among their top three organizational concerns.

Advanced data analytics in e-discovery becoming more mainstream

Technology-assisted review (TAR), or predictive coding, is the most widely embraced technological advance in e-discovery, currently used by 40 percent of respondents. The reported use of data analytics and visualization is up from a year ago, climbing from 22 percent in 2015 to 30 percent in 2016. Data analytics and visualization techniques used across three or more EDRM stages came in second, at 30 percent.

Mobile document review is the third most commonly used e-discovery advancement, adopted by over a fourth (27 percent) of respondents, up from 18 percent in 2015.

Other top concerns: Reining in costs and complexity

Thirty-one percent of corporate counsel say they plan to increase their e-discovery spend in the year ahead, with 15 percent anticipating expenses to grow by at least 50 percent. Nearly half of respondents (41 percent) say the best method for reining in e-discovery costs is through improved information governance, particularly by managing information before e-discovery needs arise.