Balancing Global Conflict
Between Privacy and
Preservation Starts with
By Rachel Marmor, Jake Frazier, and Ted Barassi Legal hold
and data protection requirements are evolving, and with
General Data Protection Regulation (GDPR) implementation
on the horizon, new tensions are arising for multinational
corporations trying to maintain compliance with both. On one
hand, corporations are working to comply in a robust way with
US laws to retain certain data for regulatory reasons or as a
result of legal hold obligations. On the other, they face strict
privacy laws in Europe and other regions compelling them, in
some cases, to dispose of data that may contain personally-identifiable information (PII). Courts have demonstrated a firm
position when it comes to penalizing parties that fail to fulfill
legal hold requirements, issuing spoliation sanctions of millions
of dollars in some cases. The pressure to comply with privacy
laws is equally intense — for example, earlier this year, the
Italian government issued a € 5. 8 million fine to a UK-based
company for its violation of data privacy rules.
■ ■ Connecting the dots. Today’s digital climate requires that privacy
and preservation are bridged, and that both groups are educated
on e-discovery, privacy, and the global implications of data deletion
and retention. They key to building this bridge is to create a robust
information governance system that’s customized to the organization.
■ ■ Preserveand protect. It is essential for legal departments to understand
that preservation and legal hold initiatives are a legal responsibility of in-house counsel. While involvement of compliance and IT teams is crucial
to the success of compliance processes, responsibility for the project
should not be inadvertently transferred to other departments.
■ ■ Balancing act. Reconciling data protection and preservation obligations
can be addressed through holistic data systems that manage the risks
of increasing data volumes throughout the lifecycle, shift away from
blanket legal hold, and increase security and privacy measures.
■ ■ Roadblocks. Organizations that have a “save everything” culture will
face much greater difficulty in remediating expired legal holds and
separating redundant data from what needs to be preserved.