The Guidance Software Newsroom carries a new article by Denise Backhouse of the eData Practice of Morgan, Lewis & Bockius, LLP headed Master European Data Privacy Laws. I refer you to it because it is expressly intended as a guide to useful sources of information on EU data privacy and data protection, a subject which exercises many US lawyers but not, apparently, to the extent that they feel the need to learn about it in advance of their next major EU data collection exercise. Denise’s article may help them to understand what the issues are.
One key to understanding the problem is to know that no one has all the answers, and Denise rightly draws attention to the need to take local advice in each jurisdiction in which the data may have to be collected. As she points out, a “jurisdiction” is not just the whole EU, nor merely any legal state within the EU, but can include smaller units like individual Länder in Germany. Knowing even that much is a good start for those who tend to approach EU data collections as if the writ of an American court runs everywhere.
Denise and I were on a Guidance Software panel at IQPC’s conference in Brussels last year, and were more recently on a London panel organised by Recommind. The subject comes up again on a panel I am on at Georgetown on 18th and 19th November, and Denise and I are covering the subject, together with Master Whitaker at IQPC’s Document Retention and EDiscovery conference in Munich starting on 29 November. I am moderating, and Denise is the main speaker, as befits her status as one of the few US lawyers who is authoritative on the subject. Master Whitaker will talk about the use (and misuse) of the Hague Convention, and I will talk about the cultural differences which lie at the root of the conflict between US demands for documents and EU unwillingness to part with them.
You need practical as well as legal help when stepping into the deep waters of EU data collection, and that means a technology supplier with experience in the area. Sticking to those who have come to my attention recently (so don’t all write in if I have missed you off my list), FTI have recently announced a new consultancy service FTI Investigate aimed at helping with EU collections, I have written a paper (not yet published) about Iron Mountain’s services on this subject, Epiq Systems has a fully-staffed office in Brussels, and Trilantic (now part of Huron Consulting Group) has a section of its website which links to the laws of every relevant jurisdiction.
Look, perhaps, at the list of those sponsoring the IQPC Munich event referred to above which, in addition to most of those already mentioned above, includes AccessData, Alvarez & Marsal, Clearwell, Commvault, Ernst & Young, KPMG and Symantec. They will be there because this is territory which they know, so ring one (or more) of them up before you pack your bags to set off on what may appear to be a routine data collection exercise. But perhaps read Denise’s article first, and follow some of its useful links.