eDiscovery and information management company ZyLAB has produced a white paper which emphasises the importance of being able to find PII or personally identifiable information. It is called Privacy and Data Protection: it all starts with locating PII, and you can find it, with other useful papers from ZyLAB, here. Every corporate data store contains PII and, in the EU and increasingly elsewhere, it is protected by legislation. This is not just a matter of being ready for eDiscovery exercises; the existence of PII, even without eDiscovery implications, gives rise to compliance duties.

Those companies who face US-led discovery demands, whether as a one-off or as a continuing matter, have an obligation to identify PII, something which ought to be done in-country, or at least within the EU (the rules vary from country to country), before any data is sent to the US. The technology which enables this to happen is improving all the
time.

The origin of the problem, as with so much else in eDiscovery, is the existence of far too much data – “too much” meaning that data stores are full of material which serves no business purpose and which is not required to meet any existing or prospective litigation or regulatory requirement. If companies were to implement a defensible archiving plan and a strict policy for data retention and destruction, not only would their eDiscovery problems be reduced, but the obligations which they have anyway in relation to such data and its data subjects would diminish.

ZyLAB has experience on both sides of this, helping companies in the drafting and execution of relevant policies, as well as being involved in major discovery exercises. The title of ZyLAB’s paper accurately describes both the problem and the solution.