Daylight Forensic gets Safe Harbor Certification

Hot on the heels of yesterday’s post about FTI Consulting, comes news that Daylight Forensic and Advisory has also obtained Safe Harbor Certification from the US Department of Commerce. Either there has been a spate of new certifications or coincidence brings two at once whom I know.

Daylight, a leading international regulatory consulting and forensic accounting company, opened an office and an electronic discovery lab in London in May 2007. The lab and its data handling and processing procedures were designed to comply fully with the European Commission’s Directive on Data Protection and to ensure the highest level of physical and IT security.

I met Executive Director Bernard Factor, who heads Daylight’s London office, as the lab was opening. He was eloquent as to the lab’s part in giving Daylight the ability to support clients with interests on both sides of the Atlantic.

Safe Harbor certification will add to that ability by allowing Daylight Forensic to take EU data to the US or to bring its US resources to bear on data within the EU. Their certification extends to “Collection, processing and analysis of data which may include personally identifiable information received from customer companies in the EU and internal human resources information”.

That sounds as wide as necessary for the work which Daylight does. It is worth pointing out, though, that Safe Harbor certification is not a blanket authority for anything – the scope of the certification is defined company by company. If you go to the Export Portal of the US Department of Commerce you can not only read about Safe Harbor from the US perspective but see the entry for every certified business.

Safe Harbor certification, however wide the scope of the actual certification, lifts only the formal bar imposed by the Directive. Export of data and / or documents still brings with it implications as to privilege and the obligation to produce which are different as between the US and the UK and, indeed, different between EU member states. The presence of a secure processing lab in London presumably gives Daylight Forensic an advantage over others who do not have that luxury.

I say “presumably” because those of us who observe the trends here do not know where all these US companies are getting their work from. So far as one can tell, they are not competing for UK-based litigation support work, and are assumed to be fully stretched working on US, multinational and government projects.

Litigation support, which was a main heading in Daylight’s old web site, has been apparently demoted to being a sub-class of Financial Investigations and Forensic Accounting. One can read too much into these things, but I suspect that they are busy enough elsewhere. Certainly Bernard Factor and his colleague, Carmen Oveissi Field (a managing director in Daylight’s New York office), seemed confident when I met them that there was plenty of work around.

Well-known companies like Daylight do not need Safe Harbor certification to prove their credentials in the investigatory, regulatory and forensic fields and, with their own processing facility in central London, are better placed than most to capture EU work. That is not to under-estimate the importance of the certification.


About Chris Dale

I have been an English solicitor since 1980. I run the e-Disclosure Information Project which collects and comments on information about electronic disclosure / eDiscovery and related subjects in the UK, the US, AsiaPac and elsewhere
This entry was posted in Data Protection, EU Safe Harbor, Litigation Support. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s