Sedona Conference Issues International Principles On Discovery And Data Protection

http://ow.ly/95ngM

An article by Steven C. Bennett of Jones Day, posted on the Metrocorpcounsel.com website.

This article discusses the recent International Principles on Discovery issued by the Sedona Conference.  A link to the principles is provided in the article.  There are also a number of footnotes provided in the article that provide useful resources on this topic.

The article states, "The International Principles are the product of nearly six years of work, involving representatives from the legal profession, judges, privacy and compliance leaders, academics and discovery service vendors from around the globe."


The article further provides an outline of the principles, as follows:  "The new Sedona International Principles identify six essential principles for reconciliation of the potential conflict between privacy and disclosure in the context of U.S. litigation:

1. With regard to data that is subject to preservation, disclosure or discovery, courts and parties should demonstrate due respect for the data protection laws of any foreign sovereign and the interests of any person who is subject to or benefits from such laws.
2. Where full compliance with both data protection laws and preservation, disclosure, and discovery obligations presents a conflict, a party’s conduct should be judged by a court or data protection authority under a standard of good faith and reasonableness.
3. Preservation, disclosure and discovery of protected data should be limited in scope to that which is relevant and necessary to support any party’s claim or defense in order to minimize conflicts of law and impact on the data subject.
4. Where a conflict exists between data protection laws and preservation, disclosure, or discovery obligations, a stipulation or court order should be employed to protect protected data and minimize the conflict.
5. A data controller subject to preservation, disclosure or discovery obligations should be prepared to demonstrate that data protection obligations have been addressed and that appropriate data protection safeguards have been instituted.
6. Data controllers should retain protected data only as long as necessary to satisfy legal or business needs. While a legal action is pending or remains reasonably anticipated, data controllers should preserve relevant information, including relevant protected data, with appropriate data safeguards."