Increasing globalization has meant that U.S. litigation teams have to contend not only with jurisdictional challenges, but also with foreign privacy laws. These restrictions often go beyond typical Personal Identifiable Information (PII), such as social security and account numbers, to broadly encompass basic identifying information, such as names and email addresses. If not considered upfront, foreign privacy laws may throw a wrench into the typical e-discovery process.
Based on our experience in navigating data transfer regimes such as the E.U. General Data Protection Regulation (GDPR) and the U.K. Data Protection Act when litigating in New York courts and responding to U.S. regulators, this article contains practice pointers for streamlining the e-discovery process in a cross-border scenario.