Many questions arise during the discovery process: What type of data do parties need to preserve? How should they obtain, review, and disclose it? Are third-party subpoenas necessary? These are just a few things parties need to consider during litigation in order to comply with production requests and court orders. However, what happens during discovery when a tech firm – like Facebook, Google, or Apple – is a named party to the lawsuit? Due to the nature of the tech industry and their increased data storage capabilities, there are factors that tech companies should take into account that other industries will not have to worry about. Below are some special eDiscovery considerations for tech firms.
eDiscovery Data Subpoenas and Common Objections
Generally, parties will need to request electronically stored information (ESI) from technology platforms with a subpoena under Federal Rule of Civil Procedure (FRCP) 45, which often delays discovery. Third-party tech companies generally object to these subpoenas and are not forced to produce. However, when a tech firm is a named party to a lawsuit, they will need to take into consideration how data they previously were able to avoid divulging as a third-party host may now be fair game.
One common objection tech firms make to FRCP 45 subpoenas is that firms cannot divulge data pursuant to the Stored Communication Act (SCA), which protects private Internet communications that third-party providers store. Federal courts have held that tech firms, including social media sites, fall under the SCA’s purview. Courts may deny disclosure of private data unless the party had user consent. However, courts have also compelled production of stored communications when a tech firm’s data is relevant to a party’s claim or defense. When the tech firm is a named party, they will definitely have stored data that courts will classify as relevant evidence. However, tech companies that are named parties can still make discovery objections to limit or bar disclosure if the party can articulate reasons why the data is irrelevant.
Tech firms also frequently house data of a highly sensitive nature. If any data sought during litigation handles confidential business operations or trade secrets, the party should motion for a protective order so the information is not publicly available.
Tech Updates and eDiscovery Compliance
Another special consideration for tech firms is how internal policies and technological updates performed during the relevant discovery timeframe could affect compliance. While this is not a unique consideration, since most organizations change their policies or utilize new technologies at some point, tech firms will have to deal with this more often due to the nature of the industry.
For example, anyone who uses social media sites like Facebook and Twitter or has an Apple device is probably familiar with the frequent updates these companies launch in order to keep their website or product stabilized and functional. When faced with litigation, tech firms need to consider whether past or future updates and internal policies could affect discovery compliance. Maybe a system upgrade resulted in information loss or the company implemented a stricter data retention policy. These things could cause loss of potentially relevant data and could result in sanctions if the company failed to stop further data loss after knowing that litigation was imminent. If a company received a litigation hold, but failed to stop an upgrade that would compromise data pertinent to the lawsuit, could result in sanctions. Delaying the update or saving the relevant data elsewhere before the update occurs would be a best practice to avoid noncompliance and possible sanctions.
Compliance with Foreign Laws
Tech firms, especially social media platforms, will frequently have compliance obligations under foreign privacy laws like the general data protection regulation (GDPR) because the firms often store personal information from individuals around the world. Storage and retention can be a big issue during American litigation when certain eDiscovery data falls under the purview of a foreign privacy law. As such, tech companies need to consider how to handle conflicts between international privacy obligations and eDiscovery production. Recent case law suggests that U.S. courts will always put a domestic lawsuit’s benefit before international privacy obligations.
See The Epiq Angle – Five Best Practices to Ensure Compliance with Cross-Border Data Protection Laws
Regardless, an organization can face penalties for noncompliance even when a U.S. court makes a ruling contrary to the foreign law’s requirements. Tech firms should try to comply across the board and take steps to minimize any fallout from a privacy law conflict. There are several ways to decrease potential conflict like accounting for tension in litigation readiness plans, staying educated about foreign obligations, and maintaining strong information governance programs. Researching and preparing detailed arguments for court is of utmost importance. Illustrating the burden on the company and penalties it could face for violating a foreign data privacy law could help sway the court or possibly limit a motion to compel ruling.
Tech firms should attempt to get ahead of potential eDiscovery obstacles. Creating a litigation plan that accounts for the special considerations discussed above is a good starting point.
The litigation plan should also consider possible eDiscovery objections, data retention protocols after receiving a litigation hold, and foreign privacy laws. Reviewing compliance with information governance programs and data retention policies is also vital. game plan in place will help ensure smoother litigation and limit conflicts.
For more information, please contact:
Caroline Woodman, Senior Vice President and Managing Director, Asia, Epiq