As Relativity Fest in London drew to a close, I interviewed David Horrigan, eDiscovery Counsel and Legal Education Director at Relativity, about the event. Writing up that interview gives me an excuse to summarise some of the points which seemed important from the day. I have already published some of my photographs of the day.
As always, Relativity Fest London involved a packed agenda mixing company news in the form of Andrew Sieja’s opening keynote, technical sessions about the use of Relativity’s technology, and educational sessions devoted to the legal and regulatory context in which Relativity is used. The latter are David Horrigan’s responsibility and he was justifiably pleased with how they had gone.
They had included one on mobile data, a 15 minute primer on the new England and Wales disclosure rule with Ed Crosse of Simmons & Simmons, and two on data privacy. One of the latter, David Horrigan said, had been a general one on corporate compliance, with a focus on the concerns of those responsible for compliance in organisations.
The other, in which I participated, was a deeper look at some of the implications of the General Data Protection Regulation, which we called Whose data is it anyway? Data privacy and Data Subject Access Requests. As David Horrigan points out, the room was packed – no one left during it he said, adding, perhaps gratuitously, that this may have been because it wasn’t possible to reach the doors thanks to the crowds.
It was certainly an enjoyable panel from my point of view. David Horrigan moderated, and the speakers were Mark Anderson of CDS, Jonathan Armstrong of Cordery, and Meagan Sauve of Special Counsel, as well as me. Much of our focus was on Data Subject Access Requests which, as I say in the interview, had been overlooked by many in the run-up to the GDPR. Little formality is required to launch a DSAR and they can cause significant burdens to organisations, not least because of their very short timescales.
Jonathan Armstrong is particularly good on this subject, and entertaining with it. Most of his experience, inevitably, involves facing requests on behalf of organisations, advising on what is reasonable, negotiating where possible, and helping to keep them proportionate to the circumstances.
He also told a story about his experience as the author of a request, addressed to a company whose first unguarded response had been “We know more about data protection than you, Mr Armstrong”. The resulting story reminded us that it is wise to do a quick check on LinkedIn before making such assertions about people you don’t know. There’s personal power in DSARs, and potentially more significant business effects than fines, even if (as has happened since that event) the authorities start levying larger fines.
We also had a section on GDPR nonsense. While some organisations take the GDPR too lightly, others seem to use it as an excuse for being inconvenient. I told the story of An Post’s removal of litter bins at the General Post Office in Dublin; they were taken away, they said, because people would put personal information in them and thus (they thought) make An Post liable for the contents under the GDPR (I wrote about that – see Common sense in the bin: GDPR nonsense reaches its peak at the post office).
Somewhere between these extremes is a balanced approach to compliance. The fines, the subject of intense focus before the GDPR, were never going to be the most significant implication of inadequate preparation. The knock-on effects – enforced and hurried compliance, loss of customers, and the concerns of investors and others, can all have much greater impact, and the recent spate of fines does not alter that.
__________
I asked David Horrigan about the recent substantial growth in Relativity’s London office. Relativity will, he said, always be a Chicago-based company, but it is increasingly an international company, not least because the expansion of its SaaS platform, RelativityOne, opens new opportunities and new markets for it round the world.
__________
My discussion with David Horrigan ended with reference to Relativity Fest in Chicago, due to take place on 20-23 October. I am moderating the international panel there, looking at privacy and data protection. We will look not only at the GDPR but also at the Californian Consumer Privacy Act and other examples which show that organisations have to have regard to privacy and data protection.
__________
My interview with David Horrigan was one of several done on that day. It is right for me to thank Relativity for giving us a substantial space for the day’s interviews as well as for organising a constant flow of interesting people to interview. The picture below shows both the generous space and two interesting people being interviewed – Brian Stuart and Glenn Barden of FTI Consulting, whose interview (about Relativity Trace) appears here.
eDisclosure Information Project 