In today’s globalized and digital business world, businesses are operating across multiple jurisdictions, having to comply with complex and various data privacy and security laws and regulations. While these standards are designed to protect personal data, safeguard state and commercial secrets, and address intellectual property preservation concerns, they can also create a number of challenges across the EDRM lifecycle.
At a national or federal level:
Laws such as the U.S. Export Control Laws – specifically the International Traffic in Arms Regulations (ITAR) and the Export Administration Regulations (EAR) – control the export not only of sensitive equipment, software and technology, but also of specific information that is deemed to affect national security and foreign policy.
At an international level:
Companies are grappling with regulations such as the EU’s upcoming General Data Protection Regulation (GDPR), which, effective from May 25 2018, will impact where data is allowed to be processed and reviewed, and by whom. The GDPR includes an Article that personal data may not be transferred to third-countries on the basis of a court order from non-EU countries, unless it can be moved under an EU treaty with that third-country.
Across jurisdictions globally:
Companies are required to implement differing levels of protections around the data they are handling, whether that is payment card industry data (PCI), protected health information (PHI) or other forms of sensitive personally identifiable information (PII). As well as complying with multiple international data privacy and security standards, companies are often dealing with different requirements within one country, for example, by Bündeslander in Germany, or by state in the U.S.
It therefore comes as no surprise that during eDiscovery, there are projects where data cannot be transferred from its original location because of personal, corporate, legal or government constraints, which causes significant logistical challenges and the potential for costly delays.
In this context, a mobile hardware and processing unit that is equipped with sophisticated software can provide companies and legal teams with a flexible and efficient way to handle data, while maintaining compliance with privacy, security, and transfer laws and best practices.
Where laws require that data stays ‘in-country’, shipping mobile hardware to the location of the data enables it to remain in that jurisdiction, and be processed and reviewed by the approved people, without delay.
Flexibility is also key to meeting project requirements in terms of the hardware and software needed to process and review different types of data. For example, eDiscovery teams may need the capabilities to process and review data in double-byte character languages (such as Chinese, Japanese, and Korean), European languages (such as German, Dutch, Portuguese, and Spanish), and Arabic. More often, having the ability to look at data in various formats – from chat, to social media, to SMS and email – is crucial.
Stroz Friedberg’s Nomad Portable Discovery units are mobile device offerings that provide onsite ECA, processing and review services in a laptop, desktop, or server arrangement.
Nomads are configured with the appropriate software installed in accordance with the needs of the project and the client’s technology requirements. The Nomads support Nuix, Relativity, and Brainspace, and are designed to scale to adapt to data volumes. Data is contained on standalone, disconnected hardware, or behind high-level security protocols.
Companies are in a constant battle to try and maximize the value of their information assets, while minimizing the associated risks of handling and managing it. Regulatory compliance, data privacy and security issues, the explosion of new data formats, and the related logistical concerns, demand flexible technology solutions. A mobile device – such as Stroz Friedberg’s Nomad – that runs powerful software enables law firms and corporates to securely and efficiently handle data wherever that is required.