All posts tagged APAC ediscovery

Hot Topics in Ediscovery

As you get ready to head back to the office this fall, make sure you’re up to speed on some of the most significant developments in ediscovery from this summer.

New Data Protection and Transfer Laws in Japan and China

Earlier this summer, Japan and China enacted significant changes to their data protection and transfer laws. In Japan, the Act on the Protection of Personal Information (APPI) went into full effect on May 30, 2017 and companies are expected to make immediate changes. China’s controversial Cybersecurity Law went into full effect in early June 2017 and focuses on network operators managing data in the country.

Antitrust Law and Technical Innovation

Technological advancements throughout the world have transformed policies and institutions that enforce antitrust law. Check out parts one and two of our video series focusing on how policy and technology changes create implications in the many fields of antitrust law.

Civil Procedure Rules in State Court

Following the release of the 2015 amendments to the Federal Rules of Civil Procedure (FRCP), states have taken different approaches to updating their own rules. Some states have adopted the new FRCP, other states are currently considering changes and a handful of states march to the beat of their own drum. Learn more about your state and states that may be important to you in the future.

Fighting Fraud in France

Fraud, corruption and bribery hit close to home for legal and IT professionals around the globe. In France, game-changing legislation has taken effect to strengthen anti-corruption efforts. Sapin II, as the legislation is called, is modelled on the U.S. Foreign Corrupt Practices Act (FCPA) and the U.K. Bribery Act. U.S. businesses with global operations should be prepared with renewed understanding of France’s regulations.

Whether you have a matter that requires collection of electronically stored information (ESI) in a country with strict data protection rules or have questions about state rules of civil procedure, you can keep up to date on everything ediscovery with weekly updates from The Ediscovery Blog.

Japan and China: New Data Protection and Transfer Laws Imminent in Asia Pacific

Ediscovery in China

Kate Chan, APAC ediscovery

Kate Chan, KrolLDiscovery, Legaltech News

Editor’s note: this article originally appeared in Legaltech News.

The global ediscovery community is abuzz about data protection. 2018 will usher in new data protection and transfer laws in the European Union (EU), but many ediscovery professionals are less informed about similar changes in Asia that have recently taken effect.

Japan: Land of the Rising Sun

Japan’s Act on the Protection of Personal Information (APPI) stands as one of Asia’s oldest data protection laws and has remained unchanged since it went into effect in the early 2000s. The decision to enact Japanese amendments to the APPI was most likely influenced by three factors: a significant increase in the volume of data being created, a rise in data breaches and illegal sale of private information and a pressure to update policies in light of the EU’s work on the General Data Protection Regulation (GDPR).

A word of warning: The APPI amendments went into full effect on May 30, 2017 and Japanese authorities expect companies to make immediate changes. Below are some key provisions of the APPI amendments in Japan.

1. Creation of the Personal Information Protection Commission: The amended APPI went into partial effect in 2016, creating the Personal Information Protection Commission (PPC) as a central, independent regulatory authority with enforcement powers.

2. Two new classifications: Two information classifications will determine whether data can be transferred and if the owner of that information can give consent to its transfer: sensitive information and anonymized information. Sensitive information (information about a person’s race, creed, social status, medical records, criminal history, etc.) receives enhanced regulatory protection, with the person’s consent required before such data can be transmitted. Anonymized information (personal information where there is no possibility of identifying the person) can be transmitted with restrictions but without the express consent of the individual.

3. “Opt-in” is now “opt-out”: The current rules require the user’s permission before personal data can be transferred. Under the amendments, companies can share data without permission if they disclose certain information to the user beforehand, such as the nature and purpose of the personal data being provided, and the way the data is being provided. The company transferring the information must also give the user the option to opt out of the transfer before it occurs. Businesses must disclose to the PPC if they will continue to default to an “opt-out” policy, or change the process transferring information to a third party. The PPC will make these changes known to the public.

4. International data transfer policy: For the first time, the APPI will address international information sharing. Any company transferring personal records outside Japan’s borders will need the user’s permission and opting out will not be an option unless the foreign jurisdiction has similar privacy standards.

5. Sanctions for noncompliance: The PPC is enacting a two-tiered criminal penalty measure into the APPI and its guidelines. A negligent violation will bring about an enforcement notice ordering the company to either correct the issue or halt data transfer operations. Failure to comply may result in imprisonment up to six months or a fine up to JPY 300,000. Intentionally stealing or providing personal information for a dishonest purpose may result in a direct penalty of up to one year in prison or a fine up to JPY 500,000.

China: The Red Dragon

In early June 2017, the People’s Republic of China implemented its controversial Cybersecurity Law. The government is becoming more involved with data protection and strengthening enforcement. Up until now, its current rules have not been clearly defined or regularly enforced, so it is important to keep up with developments or risk getting caught off guard.

Unlike Japan’s focus on protecting data, China turns its attention to the network operators managing data. Below are some key facets to its new policy.

1. Data stored in mainland China: The new law insists that Chinese citizens’ “personal information” and “important data” be stored on servers within its borders. Any companies claiming an exception that is “truly necessary” must undergo a security assessment before information can be released. This will affect the majority of foreign companies that operate in China; in particular, those that use their global infrastructure and IT resources to operate their business in China, as the original data collected, including business data and customer data, within China will typically be stored directly in the data centers or servers physically located overseas. For example, many global companies are still using email servers located outside China for their China operations.

2. Law applies to network product and service providers: The majority of the new law’s provisions apply to “Critical Information Infrastructure Operators” (CIIO) possessing data critical to China’s security. Industries predominantly targeted in this new definition include financial, transportation, health care, utilities and telecommunications.

3. Stronger data protection provisions: Supplementing existing data privacy guidelines in China, network operators must first obtain their clients’ consent before collecting and disclosing personal information, including the reason for the disclosure, and take measures to ensure the security of personal information. Companies need to ensure that an appropriate framework is established for collecting and using data, demonstrating that any data collected has a proper purpose and that its use can be explained in detail. Companies should also ensure appropriate security and protection measures are in place to safeguard the data as well as incident response procedures for responding and reporting any breach.

4. Security examinations: All network providers must pass a “network security examination.” This includes specific requirements that network operators must follow when purchasing new network systems.

5. Severe consequences for noncompliance: While specific penalties are unknown at this time, cancellation of a business license is part of the current regulations. Additionally, the new regulations require CIIO’s to establish violation reporting mechanisms, suggesting that China is taking the new law very seriously.

In instances where there are concerns with removing data from China, or the company premises themselves, a mobile solution may be the answer. Over the past couple of years, mobile technology has become incredibly powerful, facilitating processing, filtering and analysis onsite. Onsite mobile solutions can also be used in tandem with traditional processing by acting as a cost-effective method of segregating and filtering out personal information, sensitive company data or privileged documents early on and prevent unwanted disclosure. When conducting ediscovery or internal investigations in China, companies must review and clear any state secrecy or data privacy concerns, and redact sensitive information prior to sharing it out of the country. This, in turn, reduces the risks and costs associated with over-collection by culling irrelevant data and focusing on what is relevant or responsive.

As legal and technology professionals in law firms and corporations prepare for the data protection implications of the EU GDPR, do not disregard important changes afoot in Asia. Most importantly, seek guidance from local, in-country experts, prepared to help you collect, host and transport data in investigations, litigation or regulatory matters around the world.

January 2017 Ediscovery Case Summaries

Failure to Preserve Interactive Website Data Held Insufficient to Impose Sanctions Under Rule 37(e)
FTC v. Directv, Inc., 2016 U.S. Dist. LEXIS 176873 (N.D. Cal. Dec. 21, 2016)

Jury to Decide Issue of Intent for Spoliation
Cahill v. Dart, 2016 U.S. Dist. Lexis 166831 (N.D. Ill. Dec. 2, 2016)

Australian Court Takes Predictive Coding Down Under
McConnell Dowell Constructors (Aust) Pty Ltd v. Santam Ltd & Ors (No 1),
[2016] VSC 734 (Dec. 2, 2016)

Illinois State Court Leverages Proportionality Standards in FRCP 26(b)(1) to Determine if Forensic Imaging is too Intrusive
Carlson v. Jerousek, 2016 IL App (2d) 151248 (Ill. App. Ct. 2d Dist. 2016)

Kansas Court Rejects Proportionality Arguments and Boilerplate Objections
Duffy v. Lawrence Mem. Hosp., 2016 U.S. Dist. LEXIS 176848 (D. Kan. Dec. 21, 2016)

ICYMI: Ediscovery in China [Webinar]

Ediscovery in China

Kroll Ontrack recently presented the Ediscovery in China: Traditions, Rules and Customs You Need to Know webinar. In the webinar, which is now available on-demand, Kate Chan, Kroll Ontrack’s Regional Managing Director in APAC, discussed the following barriers and best practices for ediscovery projects with data in China.

The Implications of China’s Regulatory Framework

Unlike the United States, China does not have formal discovery practices in civil litigation, which presents initial contentions between these legal systems on opposite sides of the world. The Chinese government has several regulations that impose possible restrictions on gathering data in China for an investigation or litigation. The most impactful regulation is the State Secrets law. State secrets are broadly and vaguely defined by the Chinese government as “matters that have a vital bearing on state security and national interests and, as specified by legal procedure, are entrusted to a limited number of people for a given period of time.” Individuals are prohibited from sharing and transferring such secrets, complicating data collection, review and production practices, should any of such information be classified as a State Secret in an investigation or litigation.

Language and Cultural Challenges

Other ediscovery barriers in China revolve around language and culture: English is not the primary language in China, the Chinese are very formal in their communication style and there are many regional dialects in China, making searches and early data assessment difficult for English-speaking litigation professionals.

Work culture in China is very family-oriented, with the entire family prioritized above the needs of individual members, also known as familism. Because of this, many managers tend to hire their relatives and many businesses tend to be family-owned.

Further, litigation teams working in China need to understand the Chinese cultural phenomenon known as guanxi, which refers to personalized networks of influence and reciprocity between individuals and businesses. All of this makes examining data related to ediscovery challenging and unique.

Developing Economy

In addition to the regulations, language and cultural challenges, the Chinese economy is still developing. China’s legal system and corporate governance practices are less developed when compared to other countries, resulting in much reluctance toward, and unfamiliarity with, data collection and analysis activities associated with litigation. Manufacturing and production plants tend to be located in remote locations rather than in big cities, which means that litigation teams often have only one chance to obtain the needed data. Lastly, China still uses a great deal of paper documents with employees often mixing data between their personal and business computers.

Best Practices

With all the challenges that litigation teams may face when an ediscovery project crosses borders to China, these are some of helpful tips to keep in mind:

  • Get an expert well-versed with different Chinese-language dialects
  • Consider diverse data sources
  • Use local resources for collection
  • Consider a mobile ediscovery solution

Want to learn more? Download the webinar today!

Ediscovery in China: Traditions, Rules and Customs You Need to Know

Ediscovery in China

On June 22, Kroll Ontrack managing director and APAC ediscovery expert Kate Chan will discuss the Chinese ediscovery landscape, so you will be prepared when you need to know the traditions, rules and customs when faced with a regulatory investigation or cross-border litigation.

Ediscovery in China: Traditions, Rules and Customs You Don’t Know

The Chinese legal landscape is often seen as daunting and secretive; a laborious task for an American legal professional to master. Specifically, Chinese data protection and privacy laws in particular provide a challenge to any international ediscovery project. Because of the substantial economic growth resulting in higher volumes of data in China, as well as the expanding complexities of ediscovery law, a practitioner that is not familiar with Chinese law can find themselves at a significant disadvantage, especially when faced with a regulatory investigation or cross-border litigation.

To help you meet these unique challenges head on, we’ve enlisted seasoned APAC ediscovery expert Kate Chan to offer the information and strategies you need to manage Chinese ediscovery.

Specifically, this webinar will cover:

  • The implication of China’s regulatory framework on ediscovery
  • Recent developments in Chinese ediscovery practices
  • Tips for managing the unique issues related to managing ESI in China
  • Ways Chinese ediscovery differs from ediscovery practices in other APAC countries

Click here to get more information about this webinar and to register.

Kate Chan is a New York attorney who started practicing on Wall Street. She is a native of Hong Kong and is fluent in both Mandarin and Cantonese. She is the Regional Managing Director of Kroll Ontrack’s Legal Technologies unit in Asia Pacific.

Explore the Global Expansion of Ediscovery

Ediscovery is in the midst of global change. Even for countries with legal frameworks that don’t require parties to disclose electronic documents, global ediscovery is emerging as a critical component of business and corporate governance.

Kroll Ontrack experts created a new, interactive map to help you explore global ediscovery insights. Organized by nation and theme, “Ediscovery Goes Global: 2016 Trends” explores the influence of data privacy laws and regulations, cyber security concerns, advancements in computer forensics and the evolution of technology assisted review around the world.

  • Have you ever wondered what the largest emerging market in ediscovery is?
  • How, why and when does ediscovery activity increase in the Netherlands?
  • Where is the use of predictive coding expanding?
  • Ever wondered how China deals with data protection and privacy in ediscovery?
  • Coming out of significant recessions, will Spain & Italy’s use of ediscovery technologies and techniques expand?
  • How do computer forensic tools influence ediscovery in France?
  • Which APAC countries are seeing the most ediscovery growth?

Click here to explore the map and learn more about trends in the hottest emerging ediscovery markets.

APAC Ediscovery

Last week I had the pleasure of speaking at an Association of Corporate Counsel event in New York. The day-long CLE was dedicated to helping U.S. in-house counsel address international and cross-border litigation issues. Because of Kroll Ontrack’s worldwide network, I am fortunate to regularly collaborate on both matters and educational opportunities with colleagues in the UK, Europe and Asia. For this particular conference, my colleague from the UK and I devoted our session to ethical challenges posed by global ediscovery matters.

Because ediscovery is approached differently in almost every country around the world and international ediscovery best practices are evolving quickly, ethical issues abound. Knowing the country’s approach to ediscovery is integral to ensuring that a multi-national ediscovery project goes smoothly.

Nowhere is there a more diverse set of global ediscovery requirements than in Asia, where ediscovery legislation and best practices are evolving at varying speeds. A worldly ediscovery professional must learn to navigate the legal paradigms and legal technology issues in Asia. Kate Chan, one of my Kroll Ontrack colleagues in Asia, recently wrote an article entitled, “A Guide to Ediscovery in Asia”, to help with just that goal. In her article, she enumerates common APAC ediscovery issues, as well as ways counsel can address international differences in their cases.  Below are just a few of Kate’s tips from her article.

APAC Ediscovery: Common Challenges

  1. Privacy and Confidentiality – These two issues pose the biggest challenges for APAC ediscovery projects, as many professionals have indicated concern regarding the new laws forming in the APC regions around data privacy.
  1. Cost Control – Many APAC companies are uncertain of how much they need to spend on discovery and feel that discovery creates an unnecessary burden.
  1. Multi-National Matters – It’s not uncommon in the APAC region for a single legal matter to have data collection and preservation efforts cross multiple national borders, thus complicating international ediscovery procedures.

APAC Ediscovery: Tactics for Success

  1. Start preservation early to ensure there is enough time to address language and cultural disconnects.
  2. Capture full forensic images and watch for international data nuances.
  3. Expect encrypted data more frequently in APAC ediscovery projects, and don’t discount the role that discovery of paper documents will play.
  4. Build relationships with local counsel and service providers that have deep experiences in Asia.

If you are likely to work on an ediscovery matter with ties to Asia, don’t miss Kate’s entire article, “A Guide to Ediscovery in Asia”. With distinct political, cultural and legislative sensitivities towards ediscovery in China, Japan, Singapore and other countries in the APAC region, you can’t afford not being up to speed.

International Ediscovery – Navigating APAC Ediscovery

International Ediscovery - Navigating APAC Ediscovery

The digital age continues to expand global interconnectedness with alarming speed. With an increasing number of multinational corporations and entities, expertise in international ediscovery is a must for legal practitioners. However, establishing a sound basis in international ediscovery is no easy task, as U.S. Courts are typically unfamiliar with foreign laws and fundamental differences in legal systems and data protection laws add layers of complexity to ediscovery undertakings. Despite these challenges, litigants can arm themselves by keeping pace with evolving laws, practices and complexities in ediscovery across the globe.

Among the many areas evolving their ediscovery and data protection laws, the Asia-Pacific region (APAC) is by far experiencing the most rapid change. With APAC countries, there are unique considerations and challenges that multinational organizations and their counsel must consider for ediscovery.

Ediscovery Developments in APAC Countries

Each country in the APAC region has its own discovery rules based on their respective legal heritages. Hong Kong, a former British territory and a Special Administrative Region of China, applies traditional English discovery law, making it most amenable to U.S. discovery laws and practices. Both Hong Kong and Singapore offer International Arbitration Centres to assist parties in dealing with legal matters involving ESI. Singapore also recently amended existing ediscovery Rules of Court to prioritize “good faith collaboration” by litigants and guidance for ediscovery protocols in volitional or ordered ediscovery exercises.  Japan has begun deliberations on implementing ediscovery laws, but the Japan Privacy Act permits the conditional transfer of personal information from a corporate entity to a third party.

Although several APAC countries provide ediscovery guidance, several environments prove extremely challenging for ediscovery—for example China and South Korea. In South Korea, ediscovery law is still relatively non-existent.  In China, the transfer of state secrets out of the country is illegal, and a central framework has yet to be established.

Practical Tips for APAC Ediscovery

On its face, handling ediscovery in light of these varied laws seems a daunting task. To help navigate these tricky waters, consider these five tips, which will help minimize missteps in APAC ediscovery:

  1. Ediscovery in APAC is more than just translation. Due to vast differences in the legal systems, U.S. attorneys—even those proficient in an Asian language—may struggle with APAC ediscovery.
  2. Beware of nationalist challenges. Nationalism may thwart U.S. litigation collection efforts, and parties may question why APAC privacy considerations do not trump U.S. discovery laws. Many APAC companies have trouble understanding why an American court would require a party to collect and exchange massive amounts of data.
  3. Capture full forensic images and conduct thorough client interviews. Because of geographical and nationalist challenges in APAC, a lawyer cannot risk an insufficient collection. As such, active data capture is not recommended in the APAC region. Along the same lines, it is especially important to ask custodians for all spelling variations of their names during client interview.
  4. Watch for international data nuances. In the APAC region, software packages may be different than they are in the United States, and often older versions are commonplace. Furthermore, multilingual software platforms generate different metadata fields than U.S. software platforms, and this metadata may be in different languages. Additionally, use of free e-mail packages is more prevalent, and an attorney may need to collect ESI from several e-mail systems. Finally, APAC companies tend to encrypt more data, so prepare to conduct a fair amount of password cracking.
  5. Do not overlook paper documents. Unlike the U.S., APAC businesses still tend to rely heavily on paper documentation. Pay special attention to paper in the APAC region, given that paper sizing and formatting may be different. Understand that Optical Character Recognition (OCR) is often not available for many non-English languages.

Final Tips

Although there are a multitude of differences with APAC ediscovery, several universal best practices hold true for APAC ediscovery. Chiefly, IT and legal departments must be on the same page, technologies must be validated, and service providers in the region must be thoroughly vetted.

Finally, American attorneys should engage local counsel and service providers experienced in APAC ediscovery to better explain unique APAC considerations, such as sovereignty issues, integrating paper and ESI into one database, and collecting data before spoliation occurs. Overall, APAC ediscovery laws have proven extremely agile, so litigants should thoroughly prepare to encounter any of these unique challenges to stay afloat in these ever-changing waters.