2. Outline Objective – to identify and characterize key issues Outline Groundwork Harvesting from corporate systems Use of e-discovery vendors Production and preparation
3. Groundwork What is E-Discovery? Identification, preservation, processing and production of records in electronic form Involves processing of entire data sets to separate producible from private
4. Groundwork What’s the real privacy concern about? Can be about privacy between the parties There is a tension in the law here that will play itself out over the very long-term, but full production is the norm The conduct of surveillance can be a regulatory compliance issue, but PIPEDA jurisdiction is limited by State Farm
5. Groundwork What’s the real privacy concern about? There are important practice issues dealing with the affect the production process may have on non-parties due to Processing of irrelevant records Production of non-party personal information Data security (including use of service providers)
6. Harvesting From Corporate Systems Access to employee personal communications All e-mails must be “harvested” to do e-discovery Counsel and client sometimes face great resistance Employers have a recognized property right, even after the Ont. C.A. decision in R. v. Cole Beware of regulatory concerns for federal employers and employers in BC, Alberta and Quebec But PIPEDA application is questionable given Johnson v. Bell Canada
7. Harvesting From Corporate Systems Best practices to facilitate good harvesting Go beyond “no expectation of privacy” statement Make personal use conditional on employer rights (set expectations right to the top of the organization) Articulate your purposes Audit and investigate Engage in e-discovery Establish controls to ensure access is legitimate
8. Use of E-Discovery Vendors E-Discovery is a vendors game Computer forensics E-discovery consultants Litigation support/e-discovery vendors
9. Use of E-Discovery Vendors Are your clients in custody of personal information that is regulated? If so, they are accountable for data security It may be reasonable for them to trust counsel without a concerted effort at due diligence, but can they simply trust referred vendors? What should client-oriented counsel be prepared to offer to give clients comfort
10. Production and Preparation Issues Producing party traps A subpoena ducestecumis not the same as a legal requirement to produce A power to ask is not the same as a power to compel Privacy statutes can serve to block disclosure of PI outside of a defined jurisdiction
11. Production and Preparation Producing party traps (con’t) Sensitive discrete PI in otherwise producible records – e.g. DOB, SIN, credit card #s Receiving party takes information pursuant to an undertaking not to use it for a collateral purpose, but what about information security?
12. Production and Preparation Third-party notice Who’s looking out for the non-parties? Consider if the consent order will be blocked by a privacy sensitive judge - see Bernanrd, FCA Consider whether the burden of non-party notification can be used as a tactic – see Angel Acres, BCCA
13. Production and Preparation Preparation Lawyers have a very legitimate need to review documentation in preparing for their representative role, but for sensitive docs… What’s really necessary? Should identifying information be redacted? Should security expectations be express?