Data Privacy and Protection Take Center Stage at Legalweek's Legaltech



by David Horrigan on February 11, 2020

Community , Cyber Security & Data Privacy , Legal & Industry Education

Editor's Note: This post appeared originally as an article in Legaltech News.

With the challenges of data privacy and data protection being one of the biggest global challenges, it came as no surprise that the privacy and protection of data were center stage at Legaltech at Legalweek last week.

The stakes are high for the lawyers, paralegals, and technologists at ALM Media’s annual gathering in New York, especially when it comes to the privacy and protection of mobile data.

As DLA Piper partner—and former U.S. Department of Justice cybercrime coordinator—Ed McAndrew observed, “The best evidence is now held in mobile devices and the apps, social networks and cloud services we utilize with those devices. Any investigator or litigator who ignores that evidence may be committing malpractice in many instances.”

To address the vital data privacy/data protection issues of the day, Relativity organized three programs at Legaltech at Legalweek on February 5: the "Data Privacy and Data Protection Update"; "Mobile Data: Issues in Data Privacy and Data Protection"; and "Your Career in Data Discovery, Data Privacy, and Data Protection."

Discovery v. Privacy Smackdown

Sometimes educational programs are fueled by excellent audience questions, and such was the case with the "Data Privacy and Data Protection Update."

The session featured Robert Brownstone of Fenwick & West LLP, David Horrigan of Relativity, Johnny Lee of Grant Thornton LLP, Debbie Reynolds of Debbie Reynolds Consulting LLP, the Honorable Andrew Peck of DLA Piper, and Ryan O’Leary of IDC.

In this case, the audience question focused on the inherent tension between broad-based US discovery in litigation and the data privacy and data protection provisions of Europe’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), portions of which became effective on January 1 of this year.

Specifically, the audience member wanted to know what would happen if a data subject wanted data expunged under the right to erasure provisions of Article 17 of the GDPR or the right to deletion under the CCPA—but the information was subject to a legal hold.

Judge Peck opined—and the panel agreed—that the legal hold would prevail. However, DLA’s Peck noted the challenges of the U.S. Supreme Court’s decision in Societe Nationale Industrielle Aerospatiale v. United States Dist. Court, 482 U.S. 522 (1987), and French blocking statutes if the request came from Europe.

For requests under the CCPA, Judge Peck and the panel appear to be correct. Article 1798.105(3) provides an exception to the right of deletion for “complying with legal obligations.”

Governing the Information

Of course, these issues go beyond e-discovery in litigation. Reynolds noted the information governance requirements.

“The new reality is that navigating the data privacy rights of individuals everywhere will be an operational necessity for businesses to thrive in the digital age,” Reynolds said.

Shahaf Rozanski, head of Cellebrite Business Solutions, was a speaker on the mobile program. He agreed with Reynolds and noted that special policies were needed in today’s mobile world.

“The growing significance of mobile data for e-discovery and corporate investigations requires corporations to set proactive policies for preservation, collection, and review of mobile data,” Rozanski said.

Grant Thornton’s Lee believes technology may be the answer.

"Centralized institutions—from social media platforms to governments—have shown that they may not be capable of fostering privacy in the manner that the global citizenry has come to expect," Lee said. "I'm particularly excited about technology advancements, like blockchain, and the privacy potential that they augur."

However, Kimberly Quan of Juniper Networks, who spoke on a Legaltech artificial intelligence panel, urged caution when wielding technology.

“Many are championing and effecting privacy protections around the pervasion of AI into our lives; conversely, there are those who would put power or profitability first," Quan said. "That is yet another example of what I call the ‘superhero dilemma’ – those who are ethical and respectful in their application and wielding of power may be at a disadvantage. As an example, facial recognition technology is already being used in some countries towards the end of shaming, subjugating, or even imprisoning its citizens.”

Brownstone noted the many important rights conveyed under the CCPA, including the private right of action—the ability to bring a lawsuit individually instead of having a state authority bring an action.

“The protections of the CCPA are broad and sweeping, and they provide California residents with a bundle of rights, including the right to bring a civil lawsuit and to make use of a mandatory “do not sell my personal information” link/button on a covered company’s website,” Brownstone said.

Orwellian Nightmare?

Joining DLA Piper’s McAndrew and Cellebrite’s Rozanski were attorney Gail Gottehrer, who serves on autonomous vehicle regulation bodies in both Connecticut and New York and on an autonomous vehicle group reporting to the United Nations, as well as Ruth Hauswirth of Cooley LLP, David Horrigan of Relativity, and Ines Rubio of BSI.

Gottehrer noted the voluminous and granular data collected by autonomous vehicles but added that the potential societal benefits of autonomous vehicles outweigh the data privacy and data protection concerns.

Noting that almost 40,000 people a year die in US auto wrecks (over a million worldwide), Gottehrer noted that autonomous vehicles don’t drink or get tired.

Data Jobs

The other panel of the program featured lawyers and a prominent legal recruiter discussing the different pathways to career success in data discovery, data privacy, and data protection.

The panel featured legal recruiter Jared Coseglia of TRU Staffing Partners, and attorneys David Horrigan of Relativity, David Kilgore of Rackspace, Scott Milner of Morgan, Lewis & Bockius LLP, Ines Rubio of BSI, and Kelly Twigger of ESI Attorneys and eDiscovery Assistant, a software developer.

Observing the varied career paths the panelists had taken, Morgan Lewis’s Milner said the legal career path no longer took a pre-ordained path directly from law school to the law firm.

“It was clear from the engaging panel discussion that legal career paths are much broader than they have been in the past," Milner said. "There are new and evolving roles for technology-related jobs in our industry and there are steps people can take, no matter where they are in their careers.”

Rackspace’s Kilgore took one of the new, more circuitous paths to his role as corporate counsel at Rackspace, having served both as an IT manager at Rice University and a motor sports racing official. Kilgore said his years as a racing official taught him some important lessons for his legal career.

“The funny thing is that race car teams and legal e-discovery teams are a lot alike," he said. "In car racing you see the driver, and in legal cases you see the attorney, but that race car isn’t going anywhere without the technical expertise of the fuelers, engineers, and crew chiefs on the pit crew, and that legal matter will never make it through discovery without the IT administrators and systems analysts on the e-discovery team.”

Why the Data Privacy and Protection Program Matters

The World Economic Forum has predicted the digital universe will reach 44 zettabytes in 2020. This vast universe of data comes with profound implications for individual’s data privacy and the protection of their data.

These issues become even more complicated when the data are mobile. When 1.2 million people die a year in auto accidents, the autonomous vehicle could be a lifesaver, figuratively and literally, but what about the granular data collected by those cars, and the refrigerator, and the Internet browser, and the blender?

One of the most important aspects of the data privacy and data protection boom is the industry—and the jobs it creates.

TRU Staffing founder Coseglia says the data privacy and protection sector is the place to be.

“Data privacy and protection is going to be the next big thing in legal technology career potential and growth," Coseglia said. "Talent that commits to harnessing interdisciplinary skills will be the leaders of tomorrow and will find themselves in positions to affect change within organizations related to data aggregation, analysis, compliance, and monetization."

All that data created by those robot cars could create your next career move.

 

David Horrigan is discovery counsel and legal education director at Relativity. An attorney, journalist, and industry analyst, David is a former reporter at The National Law Journal, counsel and analyst at 451 Research, and he was runner-up for Best Legal Analysis in the 2020 LexBlog Excellence Awards.

Data Privacy and Data Protection: You Can't Have it Both Ways ... Yet

Comments

Post a Comment

Required Field