Seyfarth Shaw Partner Jordan Vick is on the panel for the “Playing by the Rules: Rule Changes Essential to Your Practice” session on Friday, November 16, at Georgetown Law’s 15th annual Advanced eDiscovery Institute in Washington, D.C.

Session topics include:

  • The 2015 Amendments to the FRCP and their actual impacts on practitioners, including unintended consequence
  • How the changes to Federal Rule of Evidence 902 will change how parties and the court can streamline authentication of ESI and potentially eliminate the need to call a witness at trial
  • What other changes the Rules Committee is discussing that may impact eDiscovery professionals
  • Pilot accelerated disclosures and their impacts in Illinois and Arizona, including the Mandatory Initial Discovery Pilot Program (“MIDP”) in the Northern District of Illinois

For more information, to see the full schedule, or to register, click here.

At the end of June, the California legislature passed its Bill 375, the California Consumer Privacy Act of 2018.  The Act contains a number of concepts that would be familiar to those who are working to bring their companies and organizations into compliance with GDPR.  The new law defines a category of “Personal Information” that radically departs from a traditional definition of Personal Data commonly found in various State Data Privacy Laws, which usually ties an individual name to other identifiers like social security number, account number, or other factors.  Instead, the California Act defines “Personal Information” as information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.  It does not, mercifully, include publicly available information, but it still comes closer to a GDPR-like definition of “personal data” than any other US law.

The Act provides California residents some rights that also appear familiar.  For example:

  • Consumers can request a copy of all the Personal Information a business has collected;
  • Consumers have the right to request that the business delete their Personal Information (subject to some exceptions), and a right to direct a company to not share their Personal Information with third parties; and
  • Consumers can request that a business disclose the categories of information it has collected, the sources of information, the purpose for the collection and/or its sale of the information, and the third parties with whom the information is shared.

Continue Reading California’s Consumer Privacy Act of 2018 – Get Ready for New GDPR Style Requirements in the US

Today, the Information Commissioner’s Office (“ICO”), the UK data protection authority, released for public comment its draft “Regulatory Action Policy,” a document in which the ICO seeks to set forth its objectives in taking regulatory action, present its new investigatory and enforcement powers, and explain how it aims to use them. The comment period will close on June 28, 2018.

With three weeks remaining until the General Data Protection Regulation (the “GDPR”) (Regulation (EU) 2016/679) takes effect, this draft document provides organizations with a much needed insight into how the ICO plans to proceed in the age of new data protection compliance realities. In addition to the GDPR, the ICO will be enforcing the upcoming update to UK’s national data protection law, the UK Data Protection Act 2018 (the “DPA”), which is still working its way through Parliament, but should be in place by May 25, 2018, as well as other established data protection legislation.

The “Regulatory Action Policy” explains that ICO will have the power to issue “urgent” information notices that will require a response within 24 hours, take notice recipients who fail to comply to court on contempt charges, inspect and assess compliance without notice, administer fines by way of penalty notices, and prosecute criminal offences in court. The ICO’s powers to prosecute failures to provide information and its ability to go to court to request a warrant to search premises will come from the DPA, not GDPR.

The DPA also will permit the ICO to issue “assessment notices” to data controllers and processors to allow the ICO to investigate whether the controller or processor is compliant with data protection legislation. The notice may require the organization to give the ICO access to premises and specified documentation and equipment. An “urgent” assessment notice may require access to non-domestic premises on less than 7 days’ notice, which in effect will allow the ICO to carry out a no-notice inspection. An organization that receives an “urgent” information notice, assessment notice, or enforcement notice may petition the court to overturn the urgency of that notice. Under the DPA, destruction or falsification of information the ICO is pursuing in its notice constitutes a criminal offence. However, similarly to the U.S. evidence spoliation principles, it appears that loss of information through routine operation of automated processes may be a defense to criminal charges.

Continue Reading UK’s ICO Explains Its Data Protection Enforcement Powers

Seyfarth Shaw Offers Data Privacy & Protection in the EU-U.S. Desktop Guide and On-Demand Webinar Series

On May 25, 2018, the EU General Data Protection Regulation (“GDPR”) will impose significant new obligations on all U.S. companies that handle personal data of any EU individual. U.S. companies can be fined up to €20 million or 4% of their global annual revenue for the most egregious violations. What does the future passage of GDPR mean for your business?

Seyfarth’s eDiscovery and Information Governance (eDIG) and Global Privacy and Security (GPS) practitioners are pleased to announce the release of Data Privacy & Protection in the EU-U.S.: What Companies Need to Know Now, which describes GDPR’s unique legal structure and remedies, and includes tips and strategies in light of the future passage of the GDPR.

How to Get Your Desktop Guide:

To request the Data Privacy & Protection in the EU-U.S. Desktop Guide as a pdf or hard copy, please click the button below:

GDPR Webinar Series

Throughout August and October of 2017, Seyfarth Shaw’s attorneys provided high-level discussions on risk assessment tools and remediation strategies to help companies prepare and reduce the cost of EU GDPR compliance. Each segment is one hour long and can be accessed on-demand at Seyfarth’s Carpe Datum Law Blog and The Global Privacy Watch Blog.

For updates and insight on GDPR, we invite you to click here to subscribe to Seyfarth’s Carpe Datum Law Blog and here to subscribe to Seyfarth’s The Global Privacy Watch Blog.

Seyfarth eDiscovery Partner Richard Lutkus, along with William Lederer from Relativity and Patrick Zeller of Gilead Sciences, Inc., will host a panel discussion titled “Brave New Words: Cloud Data Collection, Processing, and Hosting” at this year’s RelativityFest on October 24, 2017.

This session will provide attendees with information about new data collection methods with tools like Heureka and Harvester, along with considerations for working with RelativityOne, data privacy, and security. Additionally, best practices surrounding the General Data Privacy Regulation (GDPR), international data transfer with EU entities, secure management of hosting (wiping cloud data) and SSD wiping technologies will be discussed.

RelativityFest is an annual conference designed to educate and connect the e-discovery community. The three-day festival in Chicago will feature panel discussions, hands-on labs, and breakout sessions to discuss best practices. For more information, or to register to attend, please visit https://relativityfest.com/.

Seyfarth eDiscovery attorneys Jason Priebe and Natalya Northrip will present “A Practical Roadmap for EU Data Protection and Cross-Border Discovery” at this year’s RelativityFest on October 24, 2017.

This presentation will provide attendees with practical tips for leveraging the new Sedona International Principles to help in your compliance with stringent GDPR requirements, and in seeking immediate help under the EU-U.S. Privacy Shield.

RelativityFest is an annual conference designed to educate and connect the eDiscovery community. The three-day festival will feature panel discussions, hands-on labs, and breakout sessions to discuss best practices for eDiscovery, Information Governance, and Data Privacy. For more information, or to register to attend, please visit https://relativityfest.com/.

Is your organization ready for the new EU General Data Protection Regulation?

On May 25, 2018, the EU General Data Protection Regulation (“GDPR”) will impose significant new obligations on all U.S. companies that handle personal data of any EU individual. U.S. companies can be fined up to €20 million or 4% of their global annual revenue for the most egregious violations. What does the future passage of GDPR mean for your business?

Our experienced eDiscovery and Information Governance (eDIG) and Global Privacy and Security (GPS) practitioners will present four 1-hour webinars in August through October of 2017. The presenters will provide a high-level discussion on risk assessment tools and remediation strategies to help prepare and reduce the cost of EU GDPR compliance.

What Are the Specific GDPR Provisions Effective May 25, 2018 and What Organizations Need to Prepare Now for Compliance
Webinar
September 20, 2017
12:00 p.m. – 1:00 p.m. Central Time
Presenters
Jason Priebe, Partner, Seyfarth Shaw LLP
Natalya Northrip, Counsel, Seyfarth Shaw LLP
Scott Carlson, Partner, Seyfarth Shaw LLP

What GDPR Requirements Will Be Associated With the Most Significant Sanctions?
Webinar
October 5, 2017
12:00 p.m. – 1:00 p.m. Central Time
Presenters
John P. Tomaszewski, Senior Counsel, Seyfarth Shaw LLP
Jason Priebe, Partner, Seyfarth Shaw LLP
M. James Daley, Senior Counsel, Seyfarth Shaw LLP

Is Your Organization Preparing for May 25, 2018 GDPR compliance?
Webinar
October 19, 2017
12:00 p.m. – 1:00 p.m. Central Time
Presenters
M. James Daley, Senior Counsel, Seyfarth Shaw LLP
Kathleen McConnell, Senior Counsel, Seyfarth Shaw LLP
John P. Tomaszewski, Senior Counsel, Seyfarth Shaw LLP

Register here.

On May 25, 2018, the EU General Data Protection Regulation (“GDPR”) will impose significant new obligations on all U.S. companies that handle personal data of any EU individual. U.S. companies can be fined up to €20 million or 4% of their global annual revenue for the most egregious violations. What does the future passage of GDPR mean for your business?

Our experienced eDiscovery and Information Governance (eDIG) and Global Privacy and Security (GPS) practitioners will present a series of four 1-hour webinars in August through October of 2017. The presenters will provide a high-level discussion on risk assessment tools and remediation strategies to help prepare and reduce the cost of EU GDPR compliance. Continue Reading Is your organization ready for the new EU General Data Protection Regulation?

The 2017 edition of The Legal 500 United States recommends Seyfarth Shaw’s Global Privacy & Security Team as one of the best in the country for Cyber Law (including data protection and privacy). In addition, based on feedback from corporate counsel, the co-chairs of Seyfarth’s group, Scott A. Carlson and John P. Tomaszewski, and Seyfarth partners Karla Grossenbacher (head of Seyfarth’s National Workplace Privacy Team) and Richard D. Lutkus were recommended in the editorial. Richard Lutkus is also listed as one of 14 “Next Generation Lawyers.”

The Legal 500 United States is an independent guide providing comprehensive coverage on legal services and is widely referenced for its definitive judgment of law firm capabilities.

In January 2017, The Sedona Conference Working Group on International Electronic Information Management, Discovery, and Disclosure (WG6) issued the much-anticipated International Litigation Principles on Discovery, Disclosure & Data Protection in Civil Litigation (Transitional Edition). This publication updates the 2011  International Litigation Principles, which preceded the 2013 Snowden revelations and the Schrems decision invalidating the U.S.-EU Safe Harbor.  It also incorporates adoption and implementation of the EU-U.S. Privacy Shield, and the approval of the EU General Data Protection Regulation (GDPR), which is set to replace the 1995 EU Data Privacy Directive in May 2018.  Many of these developments are consistent with the focus on “proportionality” of discovery in the 2015 amendments of the U.S. Federal Rules of Civil Procedure.

Given the complex and dynamic EU data protection  landscape – where the new Privacy Shield has not been tested, and before the GDPR has even taken effect, – WG6 has aptly designated this as a “Transitional” edition.  This edition provides interim best practices and practical guidance for courts, counsel and corporate clients on safely navigating the competing and conflicting issues involved in cross-border transfers of EU personal data in the context of transnational litigation and regulatory proceedings.  Following are the publication’s Six Transitional International Litigation Principles:

Continue Reading The Sedona Conference WG6 Issues “Transitional” International Litigation Principles