• About Us
  • Executive Team
  • Careers at eMag
  • Facilities
  • Quality
  • Our Customers
  • About Patriarch
  • WBENC Certified
• Law Firms
  • Electronic Discovery Solutions
  • General Data Services
• Corporations
  • Corporate Counsel
  • Information Technology
  • General Corporate Risk
• Government
• Partners
  • eMag Partner First Program
  • Partner FAQs
  • Become an eMag Partner
• Services
  • Electronic Discovery Preparedness Consulting
  • Data Restoration
  • Data Conversion
  • E-Mail Processing
  • Electronic Discovery Processing
  • Data Recovery
  • Computer Forensics
  • Enterprise Content Management Optimization
  • Departing Employee Data Capture Program
  • Data Culling
  • Other Services
• News & Events
  • Trade Show and Events
  • Newsletters
  • Whitepapers and Legal Resources
  • Education
  • The eMag Blog
  • eMag On Twitter
  • eMag Informational Datasheets
• Contact Us

Return to Home

eMag Newsletter Articles

November Edition

View our newsletter archives
 

The Nuts & Bolts of the EU Safe Harbor

The Nuts & Bolts of the EU Safe Harbor

Globalization and the growing mountain of Electronically Stored Information (“ESI”) inevitably will lead to an increase in discovery requests for ESI located abroad. Companies are meeting the challenge of globalization by creating networks of electronic data that allow for employees around the world to connect to the same set of data wherever it is located.

Corporations are no longer focusing on the physical location where processing may be occurring but are using a ‘best shore' strategy where they put their resources in the right location, whether that's the Far East, U.K.., U.S., or Canada. But no consistent methodology exists for United States courts to evaluate whether discovery of ESI abroad is appropriate, and if so, the consequences for not complying with a discovery order.

The European Commission's Directive on Data Protection went into effect in October 1998, and prohibits the transfer of personal data to non-European Union nations that do not meet the European "adequacy" standard for privacy protection. While the United States and the European Union share the goal of enhancing privacy protection for their citizens, the United States takes a different approach to privacy from that taken by the European Union.

In much of the world, countries have adopted legislation that protects the privacy of electronic information. These laws may prohibit the electronic transmission of information across borders, without the express consent of the subject of the communication. In many jurisdictions (notably, many countries in the European Union, which has adopted the EU Privacy Directive), it may be impossible to obtain the consent of employees; such consent often is considered to be inherently coerced due to the subordinate nature of the employee relationship.

The increase in globalization and ESI has led to legislation in foreign countries to protect the disclosure of certain information. Some of this legislation specifically has targeted the protection against production of data for litigation. A party seeking protection against compelled discovery, relying on the basis that foreign law bars the production, has the burden of proving that the foreign law actually prohibits production of the data at issue.

This conflict between U.S. and European law is not merely legal; it reflects nothing less than a clash of cultures. In the litigation context, restrictions on the international transmission of data can present an enormous barrier to the discovery of electronic information kept overseas. Thus far, there appears to be no reported case law construing the conflict between discovery obligations that are broader than discovery in virtually every other jurisdiction in the world, and the restrictions on the transmission of electronic data imposed by the EU Privacy Directive. Discovery in the United States is built on the well-founded premise that all information that "appears reasonably calculated to lead to the discovery of admissible evidence" is discoverable.

Ultimately, courts in the United States will need to develop and apply a consistent standard to decisions involving the discovery of international ESI.

The view on privacy varies internationally and is strictly regulated in many countries. For instance, the European Union Data Protection Directive establishes a regulatory framework around the movement and treatment of personal data in the European Union. In addition to the personal data protection laws, the European Court of Human Rights has found that the right to private communications in the workplace is a fundamental freedom covered under the Convention for the Protection of Human Rights and Fundamental Freedoms. Laws promulgated in compliance with the Data Protection Directive and the views in the EU on workplace privacy provide barriers to complying with e-discovery in the U.S.

The Data Protection Directive allows the transfer of personal data between countries only if the country receiving the data ensures an adequate level of protection. In response to the restrictive Data Protection Directive, the United States Commerce Department negotiated a “safe harbor” with the EU, which provides requirements that United States companies may choose to adhere to in order to participate in the free exchange of personal data with companies in the EU. Personal data has been broadly construed under the Data Protection Directive to include e-mail and other commonly requested ESI.

United States courts have found that privacy laws promulgated under the Data Protection Directive reflect a legitimate foreign interest that needs to be considered when deciding discovery issues.

In addition to privacy laws created under the Data Protection Directive, many countries view privacy in the workplace differently than the United States does. There is generally no expectation of privacy in workplaces in the United States, and so requesting and receiving e-mail in discovery is commonplace. In the EU, however, there is an expectation of privacy in the workplace, and so e-mail sent and received via work accounts may not be discoverable.

In a recent holding, the European Court of Human Rights found that under the European Convention for the Protection of Human Rights and Fundamental Rights, which provides that “everyone has the right to respect for his private and family life, his home and his correspondence,” telephone calls and e-mails made by an employee from work fall within the Human Rights Convention's notion of “private life” because they may contain “personal information.” (European Convention for the Protection of Human Rights and Fundamental Rights Protocol #11, Article 8). In that case, the court found that the employer's monitoring of telephone calls and e-mails without notice violated the employee's human rights under the Human Rights Convention.

French courts also have evaluated these protocols in numerous cases, with the results typically following the same trend as the European Court of Human Rights in limiting an employer's ability to inspect an employee's e-mails, files, or computers, even when the employer has reason to suspect wrongdoing on the part of the employee. (Philippe K. v. Cathnet-Science, Cour de Cassation, Chambre Sociale). These holdings, combined with the Data Protection Directive's finding that personal data includes e-mail, raise some serious concerns about whether international law will prohibit discovery of foreign e-mail in United States litigation in the future.

In June 2007, in a case in the Eastern District of New York, Magistrate Judge Matsumoto decided Strauss v. Credit Lyonnais, S.A. There, the plaintiffs brought suit under the Anti-Terrorism Act of 1992, which permits citizens to sue as victims of terrorism and receive treble damages. The plaintiffs claimed that the bank maintained bank records for a suspected Hamas-related charity that was, allegedly, a front for terrorism. They sought access to bank records reflecting the accounts of the alleged charity, correspondence between the bank and its customer, correspondence between the banks and government entities, and any internal reports concerning those bank accounts. Credit Lyonnais cited a French law that prohibits disclosure of information in connection with foreign judicial proceedings, except by international treaty or agreement, as well as the French criminal code, which purportedly prohibits disclosure of information regarding ongoing criminal investigations. It also cited the French bank secrecy law.

The court, however, ordered the records disclosed. In ordering disclosure, the court cited, as its principal point of analysis, the Restatement (3d) of Foreign Relations Law of the United States, § 442. Under that Section, a court may order a person subject to its jurisdiction to produce evidence even if the information is located outside the United States.

Historically, foreign blocking statutes have been one of the most common impediments to United States discovery of information located abroad. The scope of the statutes varies, but they generally prohibit production of documents and disclosure of information related to a particular topic or industry. Many blocking statutes were enacted specifically to thwart United States discovery. Courts recognize that blocking statutes, like the French Blocking Statute, have been constructed purposefully to provide foreign nationals with tactical weapons and bargaining chips in United States courts.

One of the most significant effects of increased online trading between Europe and the United States is the growing concern about privacy and data protection. There is no general agreement between Europe and the United States in the area of ecommerce and likewise, there is no specific agreement between the European Union and the United States on jurisdiction and applicable law in civil matters. Although the current consumer data privacy protection principles of the European Union and the United States are both founded upon the Guidelines on the Protection of Privacy and Transborder Flows of Personal Data issued in 1980 by the Organization for Economic Cooperation and Development, they are based on different approaches. The United States uses a mix of legislation, regulation and self-regulation. Back to top

A New View of IT Cost Cutting: Software as a Service

by Brett Tarr

Today, IT departments are facing sustained organizational pressure to maintain cost effectiveness and reduce expenses whenever possible. Of course, the pressure on IT is always to do more with less, but this pressure is being compounded by actual reductions in IT budgets. As organizations of every size and in nearly every industry seek to level costs and balance the "must haves" versus the "nice to haves," nearly all IT expenditures are undergoing serious evaluation. As organizations seek to reduce IT costs, some key factors being considered include:

• Proactive IT cost reduction programs
• Negative financial or industry performance
• Budget reductions
• General economic conditions

A SaaSy New View

Rather than simply accepting IT budget cuts, an organization can demonstrate how IT can be used to reduce costs, how IT governance can avoid costly redundancies and how the IT organization can improve the overall business. Next-generation tools such as Software as a Service (SaaS) are allowing IT to provide organization and infrastructure without the expensive equipment costs and upfront expenditures of the past.

As business becomes more dynamic and complex, an organization's allocation of resources becomes even more important, as exemplified by the recent shift from client-installed software applications to a hosted or Software as a Service model. Indeed, SaaS represents the largest shift in the software industry in decades. By embracing SaaS, an organization can achieve a lower total cost of ownership with few, if any, technical resources required to implement and support an application.

Some key advantages of the SaaS model include:

• Increased usability and functionality of software applications
• Recurring and more predictable revenue and cost structures
• Reduced implementation, training and ongoing support time
• Minimized overall business risk with greater data accessibility and security

Because it is a more cost-effective way for businesses to achieve their objectives than traditional applications, Software as a Service is one of the fastest growing segments of the information technology industry.

Why SaaS Is Thriving

SaaS is more than just a novel idea. Rather, it is part of a wider movement toward Internet-based automated services. The larger trend driving SaaS is the same one driving Web 2.0 applications, wikis, blogs, social networking applications and every other expression of today's increasingly web-connected world. Fundamentally, the underpinnings of the Web allow organizations to cut out much of the location-dependent limitations that interfere with communication, collaboration and trade. In the same way, software used to suffer from being location dependent: It had to be delivered in a box and installed in the same building as the end user. Of course, the Web removes those constraints, enabling delivery of software over the Internet, which ultimately enables SaaS. This, in turn, allows SaaS to become the foundation for unique and innovative forms of communication and trade.

One of IT's emerging trends is the convergence of software vendors into the SaaS market. Software giants such as Oracle have even begun to unveil SaaS offerings, which has led to a rush of smaller software producers scampering to release webdelivered software applications. Industry experts have noted that 15 to 20 percent of traditional application software vendors have already either begun new initiatives or gained access to SaaS assets and development experience through merger and acquisition activity. Industry experts expect that number to rise dramatically over the next year, as a tougher economic climate will only accelerate the existing pressure faced by on-premise software and the traditional perpetual license model.

Additionally, general economic factors also favor SaaS. Although the recession will surely pose challenges for SaaS vendors, the consensus is that conventional software vendors will be harder hit. In fact, one widely held school of thought reflects the belief that SaaS is one reason for the pricing pressures facing traditional application software developers.

The low-risk, pay-as-you-go model offers a substantial competitive advantage to SaaS vendors, especially if capital expenditure budgets are cut. The advantage of SaaS comes from the ability to install and activate new applications with a substantially lower initial cost of ownership. Economically pressured organizations favor limiting the upfront investment in new software applications, particularly when the ultimate ROI is in doubt. And because SaaS is flexible and scalable, it reduces risk and maximizes scarce resources. In addition to these financial factors, many IT personnel like the low-cost, low-maintenance, low-resource profile of externally delivered SaaS applications.

Read full article here

In short, running a lean business is the key to riding out the economic downturn, and with management espousing ROI as the mantra while keeping a tightly clenched fist around the corporate checkbook, IT can utilize SaaS to provide results while minimizing risk and expenditure. This trend will be a key driver in the growth of software development and will buoy the continued use of Web 2.0 technologies through 2009 and beyond, especially as this technology drives the exponential growth of communication bandwidth and collaboration, but without the traditional upfront costs.

Back to top

 

Back to top

This article may be re-published as long as the following resource box is included at the end of the article and as long as you link to the email address and the URL mentioned in the resource box:

Article by eMag Solutions. For more articles on eDiscovery and Data Restoration, subscribe to our e-mail Newsletter by sending a blank email to newsletter@emaglink.com or by going to http://www.emaglink.com.