Zapproved has been acquired by Exterro, the leader in Legal GRC.
Read more here

Zapproved

Ediscovery Software For Corporate Legal Teams

Search

What is Privacy Compliance in Ediscovery?

by - Legal Operations

Balancing Ediscovery with Privacy Compliance

In ediscovery, privacy compliance means adhering to the laws and regulations, such as the CCPA and the GDPR, for every jurisdiction where an organization does business. Generally speaking, those obligations include:

  • Protecting all of the data it possesses or controls.
  • Preserving everything that may be relevant to anticipated or pending litigation.
  • Being able to collect, process, and produce data on request.

Requirements that dictate an organization’s ediscovery obligations stem from three primary sources: U.S. rules and laws, foreign regulations, and data security standards.

Managing Ediscovery Data for Privacy Compliance

To ensure compliance with ediscovery requirements, a business should adopt the following general approach:

  1. Determine which ediscovery requirements might apply to the business. Some key rules and regulations controlling ediscovery are listed below.
  2. Read and understand each rule, beginning with the purpose of the rule.
  3. Decide whether that rule applies to the business’s specific use case. If it applies, the business must either comply with the rule or adapt its practice to avoid the rule.
  4. Establish processes and tools to ensure the company’s compliance with each applicable rule.
  5. Formalize this approach through a written policy, employee training, and any necessary technical or software support.

Data Privacy is Key to Staying Compliant 

No matter where you are in your ediscovery process, it’s always worth taking another look at the data-privacy landscape, assessing your organization’s responsibilities, and forming a plan of action. Here are a few ways to stay on top of data privacy

  1. Understand your responsibilities. It’s common sense but necessary to understand the implications for your organization. Regardless of where you are headquartered, do you do business in a jurisdiction or industry covered by a privacy law? Do you have customers in such jurisdictions? Are you growing and expanding into new markets? There is a lot of nuance in terms of who the laws apply to and what the scope of regulation is. For instance, companies below a certain size may be exempt from some provisions. Start to understand what you need to do to comply by the time regulation takes effect.
  2. Form an inter-departmental working group. Legal, privacy, and compliance functions will increasingly merge into a single, cross-functional team for handling data-privacy requests. These teams have long operated in silos but will need to work together along with IT and business groups to tackle data mapping for the organization. Everyone will benefit from closer collaboration and shared expertise to determine how different departments are collecting and storing information. There is no one-size-fits-all approach, but industry associations may have best practices or case studies to help you understand how other companies are approaching this process. That means determining what information you have and how you are using it.
  3. Know what information you’re looking for. Personal information can cover a broad range of data, including things like addresses, financial data, biometrics, geolocation, electronic activity like browser history, and even audio-visual assets. Make sure you have a handle on the range of personal data you might have and be aware that different departments may overlap in the information they collect, or they may have completely different types.
  4. Establish a consistent approach and pressure-test it. This may be challenging given that various privacy laws themselves are not consistent. But there are still some things you can do, starting with creating a standard way to receive privacy-related requests. Then make sure that you have a consistent approach to processing that intake. Always look at the same data sources, use the same systems to perform your searches, redact the same kinds of information, and report out in a similar format. Implement the same policies and procedures across your organization, communicate them properly, and train people. Put the process through a dry run or other stress-testing to identify and address bottlenecks

Choosing the Right Ediscovery Software to Ensure Privacy Compliance

Any ediscovery software you choose should be protected by the highest possible data security standards, such as those found in System and Organization Controls (SOC) 2® Type 2 certification. 

These standards, issued by the American Institute of Certified Public Accountants (AICPA), ensure that data is secure, available, processed to protect its integrity, confidential, and private. To maintain data security compliance, businesses should only work with vendors and web hosting applications that have current SOC 2 Type 2 certification.

Finally, conduct a security audit. Your ediscovery software provider will have access to your company’s most sensitive data, it’s critical that they have the tools and systems in place to protect that data. At Zapproved, our software undergoes substantial security testing, maintenance, and monitoring, to keep your data safe..

4 Strategies to Advance Your In-House Legal Department

Let’s face it, being a corporate legal team in the year 2023 is no easy task. A lot has changed in recent years, and teams now rely on collaboration between legal, technical, and operational specialists. To advance in-house legal department strategy, today’s ediscovery teams must be multifaceted, integrating different considerations, roles, and technologies. But this […]

How Zapproved’s Automated Custodian Workflows Helps Corporate Legal Teams

Why Staying on Top of Legal Hold Custodians is so Important What’s the first thing you do when an active legal hold custodian is leaving your company? Do you find yourself scrambling to figure out what ediscovery actions need to be taken? Has the employee’s data been preserved? Where are the employee’s laptop and company […]

Two Ediscovery Best Practices for Information Governance

For most enterprises, managing data is like herding billions of very active cats. As corporations moved from paper to digital data (but still retained mountains of paper files), the sprawl initially shocked and disoriented those responsible for knowing where the data was kept.  Fast forward to now, and the shock has worn off. That is […]

Zapproved is Now an Exterro Company!

Legal GRC Platform Exterro Announces Acquisition Of E-Discovery Provider Zapproved Combination of Zapproved’s Industry-Leading Customer Service and Exterro’s Award-Winning Legal GRC Platform Will Enable Organizations to Better Manage the Complex Interconnections of E-discovery, Privacy, Legal Operations, Digital Investigations, Cybersecurity Response, and Information Governance. PORTLAND, Oregon – Jan. 19, 2023 – Exterro, a leading provider of […]