Our ExpertiseForensic Accounting and Investigations eDiscovery and Data Forensics FRA Mobile Solution Regulatory Investigations, Litigation Support and Compliance Testing Privacy Shield and Brexit Data Privacy Certifications ISO27001 - Security Management
Data Privacy Expertise
Data protection and data privacy laws place strict limitations on the transfer of data across national borders, with increasingly severe criminal penalties and civil fines for violations. This makes cross-border eDiscovery particularly challenging. Seeking specialist advice can help companies keep costs down and avoid unintentional data protection violations.
We are experts in data protection compliance with data centers throughout North America and Europe. We also offer the FRA Mobile Solution and on-site hosting in order to ensure that data is hosted, processed, and reviewed in the appropriate jurisdiction. Our review platforms provide for in-country review to help ensure that only potentially relevant data leaves its jurisdiction, and does so in a compliant fashion.
The End of Safe Harbor and Brexit Data Privacy Concerns
Today’s global economy is shaped by rapid technological advancements and the ability to move information across international borders is getting increasingly easier to do. FRA has been addressing complex international data transfer issues for more than 10 years in the context of cross border eDiscovery – especially as regards disclosure between civil (e.g. EU) and common (e.g. US) legal systems. When a multinational organization responds to cross border eDiscovery requests there is a substantial and very real risk of violating data privacy and data transfer laws. In the current climate the risks have grown dramatically.
Since 2000 companies have been transferring data from the EU to the US under the Safe Harbor agreement, which relied on self-certification by US companies that EU data privacy laws would be observed. In October 2015, however, at a time when some 4,000 companies were relying on Safe Harbor, the European Court of Justice (ECJ) invalidated the treaty due to insufficient protection for EU citizens’ data. The replacement arrangement, the US: EU Privacy Shield, is a more detailed agreement with greater assurances from the US DOJ and greater powers of redress for EU citizens and companies for mishandled data.
The US: EU negotiations finally come to a conclusion ten months after the European Court of Justice deemed Safe Harbor inadequate and the new US: EU Privacy Shield came into operation on August 1st. However the fundamental issue remains the same – that the US: EU Privacy Shield is untested in court and may be rejected, as was the case with Safe Harbor.
With Brexit now also a reality, but, the UK’s exit strategy as yet unclear, the world of international data transfers, particularly in investigations and disputes – and, by extension eDiscovery – will inevitably become a lot more complicated for companies with data in the UK.
FRA is uniquely qualified in this area, having supported our clients with investigation and litigation expertise on numerous complex cross-border matters without relying on Safe Harbor for the inter-jurisdictional transfer of client data. We have advised clients globally in all major industry sectors while ensuring compliance with local data protection and data transfer laws and sensitivity to cultural nuances. FRA has over 10 years’ experience advising organizations and their lawyers on appropriate eDiscovery strategies with, from the outset, appropriate management of data transfer risks. We have been deploying fully mobile, compliant, end-to-end eDiscovery solutions since 2006 throughout the EU, Switzerland, Canada, China, the former Soviet Union, and in many emerging market locations.
Privilege protections differ significantly from country to country. Privilege asserted on certain documents must be carefully defined according to the rules in the jurisdiction(s) in question, and the eDiscovery processes and controls must be set accordingly. We assist our clients throughout the eDiscovery exercise to ensure that all privileged data is properly withheld and secured.