In 2021, litigators and eDiscovery practitioners confronted a mix of new developments and perennial challenges. Data privacy laws continued to evolve rapidly, while emerging technology gave companies better ways to respond to data breaches. As the volume of electronic documents continued to rise, 2021 was a good year to take stock of records management policies and the protocols for managing large-scale eDiscovery. 2021 also saw several notable developments in litigation procedure. Key highlights from Mayer Brown's Tip-of-the-Month coverage of these topics last year are recapped below.
Data Privacy and Data Breaches
- GDPR. The General Data Protection Regulation (GDPR)
presents a significant compliance obstacle for companies moving
data to jurisdictions outside the European Economic Area (EEA),
including to the US. Although GDPR was implemented in 2018, there
were three major developments in 2021:
- Brexit. With the Brexit transition having ended in 2020, transfers of personal data outside the UK are now subject to separate requirements under the UK GDPR (which are, at least now, substantially the same as the requirements under the EU GDPR).
- SCCs. In June 2021, the European Commission published a final version of its new "standard contractual clauses" (SCCs) for international personal data transfers outside the EEA, SCCs that will replace those that many businesses currently rely on for transfers to the US.
- Transfer Impact Assessments. Also in June 2021, the European Data Protection Board published a final version of its recommendations on supplementary measures for international personal data transfers outside the EEA, including guidance on how to carry out "transfer impact assessments" when transferring certain personal data.
- Use of AI in Data Breaches. Every year brings a slew
of high-profile data breaches, and 2021 was no exception.
Fortunately, emerging artificial intelligence (AI) technology is
making it easier for companies to respond to data breaches.
- A response will often involve notifying the individuals whose data has been accessed. Identifying these individuals typically requires a large and complex data review from sources with varying degrees of uniformity and accessibility-ranging from scanned hard copy files to databases containing data for thousands of individuals.
- AI technologies show some promise in identifying and extracting data from large document pools, especially where the documents are uniform.
- Despite the developments in these AI technologies, at times it may still be better to rely on human reviewers for complex or irregular files such as those scanned from hard copies or compiled originally by hand.
- Records Management Policies. As the amount of
electronic information grows, the ability to manage that
information can diminish rapidly. A records management policy is
often key to controlling the creation, maintenance and disposition
of documents and data.
- The successful implementation of records management policies can cut costs, streamline the organization's information management system and facilitate a more efficient and effective response to the demands of litigation. Also, knowing which, and where, records are maintained will be invaluable when responding to a data breach, complying with discovery obligations or in the case of a disaster recovery.
- An effective records management policy will include programs that routinely dispose of redundant records and other data. It will also establish protocols for suspending document destruction when the company faces litigation.
- To ensure the smooth implementation of a records management policy, a knowledgeable official should be designated to oversee it. Records managers should work to educate senior management on records management legal obligations, including data privacy and regulatory obligations.
- Managing eDiscovery. When faced with large volumes of
data, there are strategies that a producing party can employ to
reduce massive volumes of data to a more manageable level.
- When contemplating the use of advanced analytics for filtering large data volumes, hiring the appropriate eDiscovery vendor is an important first step.
- Once a vendor is selected, counsel should consider using "early case assessment" tools and review workflows to prioritize documents for review and production.
- Counsel should also consider using other technologies to expedite large document reviews, including concept clustering, email threading and technology-assisted review technologies (such as continuous active learning).
- FRCP 30(b)(6). In December 2020, amended Federal Rule
of Civil Procedure 30(b)(6) went into effect, requiring parties to
meet and confer about matters for examination in the deposition of
a corporation, agency or other organization.
- The goal of the revision is to help reduce the number of disputes surrounding the Rule 30(b)(6) deposition and witness(es) that are brought before the court.
- The rule change is designed to help clarify proposed examination topics earlier in the litigation.
As we enter a new year, we expect that many of these trends, developments and tips will remain relevant.
Visit us at mayerbrown.com
Mayer Brown is a global legal services provider comprising legal practices that are separate entities (the "Mayer Brown Practices"). The Mayer Brown Practices are: Mayer Brown LLP and Mayer Brown Europe - Brussels LLP, both limited liability partnerships established in Illinois USA; Mayer Brown International LLP, a limited liability partnership incorporated in England and Wales (authorized and regulated by the Solicitors Regulation Authority and registered in England and Wales number OC 303359); Mayer Brown, a SELAS established in France; Mayer Brown JSM, a Hong Kong partnership and its associated entities in Asia; and Tauil & Chequer Advogados, a Brazilian law partnership with which Mayer Brown is associated. "Mayer Brown" and the Mayer Brown logo are the trademarks of the Mayer Brown Practices in their respective jurisdictions.
© Copyright 2020. The Mayer Brown Practices. All rights reserved.
This Mayer Brown article provides information and comments on legal issues and developments of interest. The foregoing is not a comprehensive treatment of the subject matter covered and is not intended to provide legal advice. Readers should seek specific legal advice before taking any action with respect to the matters discussed herein.