One year on from COVID, the risks resulting from long-term work from home environments and economic troubles have been widely discussed—and felt—in every major region worldwide. Data and discovery risks have been especially impacted. We gathered a roundtable of our experts from France, Germany, Ireland, and Spain to discuss these issues in detail.
Thomas Sely, Managing Director, France: The best practices really haven't changed, but because widespread remote working has prompted an increased risk of data breaches and IP theft, they've become more important. In France, we’re advising clients to adapt their tools and policies to align with the "dos" and "don'ts" of working from home, and helping them conduct assessments to ensure that applications approved for information sharing and communications are vetted and bolstered with strong privacy and security controls.
Gráinne Bryan, Managing Director, Ireland: Our clients in Ireland need to consider the problem from all angles, consult with IT security experts and create a robust plan of action to mitigate risk exposure. This plan should contain several specific elements, including:
Sely: Getting a handle on emerging data sources requires a degree of technical expertise. Most of these applications are very nuanced and will require customised processes and specialised e-discovery tools or APIs to collect data and load it into a format that is compatible with standard e-discovery platforms. Legal teams should consult with digital forensics and e-discovery experts who have experience with these applications to implement governance around using these applications, design e-discovery workflows for them and avoid common pitfalls.
While these new data types are inherently challenging for e-discovery professionals, once legal teams have established a standard for collecting, processing and analysing them, they can be leveraged to enrich investigations and support more dynamic e-discovery.
Javier García-Chappell, Senior Director, Spain: Yes, there are several new challenges and pending developments. The Spanish Data Protection Agency (AEPD) has been recognised as one of the most active in Europe regarding data protection since GDPR was introduced, which resulted in cross-border data transfers being a central concern for the last two years. As a result of Schrems II, law firms and clients are even more aware of data transfers' implications, especially whether they are within or outside of Europe. Brexit is adding to the complications, as organisations here must now also take the legality of their data transfers to the U.K. into account. It’s important for organisations to not get so distracted by the challenges of the pandemic that they overlook or rush through the extra precautions needed to ensure data transfers are compliant with the laws in their region.
Sely: The pandemic has complicated virtually everything from a data perspective, and Brexit in the context of cross-border data transfers is no exception. Until there's more clarity around how the EU and the U.K.'s laws and regulators will interact, clients should tread carefully when moving data in and out of the U.K. and managing legal or regulatory matters that span the U.K. and EU jurisdictions. I think it's best to take a cautious approach and keep data in-country until EU authorities and regulators in each member country provide formalised guidelines.
Bryan: I've found several different practices beneficial for balancing the demands of work and home life. I connect with clients on a rolling basis, ensuring they regularly receive some contact. I think a virtual coffee check-in is as welcome by me as it is by them.
García-Chappell: I'd say I've juggled home and work duties more than a clown at the circus. At least a circus is how it feels many days! Beyond that, the main challenge has been establishing new connections and achieving the human touch and relationship with clients. It's easier to maintain a previous contact but much harder to gain a new one.
The views expressed herein are those of the author(s) and not necessarily the views of FTI Consulting, its management, its subsidiaries, its affiliates, or its other professionals.
Managing Director, FTI Consulting
Managing Director, FTI Consulting
Senior Director, FTI Consulting