PII in your ESI: The Intersection of Data Privacy and E-Discovery

Robinson+Cole Data Privacy + Security Insider
Contact
LinkedIn
Facebook
X
Send
Embed

There is a significant nexus between data privacy and security and e-discovery that grows more pronounced as the volume of data generated multiplies exponentially and the ability of e-discovery tools to collect and process that data grows increasingly sophisticated. Specifically, the e-discovery process presents a very real risk of inadvertently compromising Personal Identifying Information (PII).

Although the definition of PII or protected information varies by jurisdiction, there are certain categories of information that are generally recognized as sensitive and should be safeguarded from unnecessary dissemination in the discovery process. These categories include:

  • Social Security Numbers
  • Driver’s license, passport or state identification numbers
  • Taxpayer identification numbers
  • Any financial account numbers, credit card numbers or other personal financial information
  • Any log in/password information
  • Personal Health Information (PHI)
  • Birthdays in conjunction with any other identifying information

The following strategies can help minimize the potential for producing arguably protected data in discovery:

  • Conduct targeted collections. Over-collection of ESI causes many problems, the inclusion of personal identifying information among them. The more targeted the collection is, the lower the likelihood of sweeping up personal identifying data.
  • Have sensitive information highlighted. If you are using an electronic review platform, it likely has the ability to highlight terms or numbers that may be sensitive.
  • Emphasize the importance. When preparing training manuals for document reviews, attorneys generally focus on identifying responsive materials and protecting privileged information. Consider devoting a section to identifying PII.
  • Give reviewers the right tools. Make sure the review team knows what to do when it comes across PII, such as whether it should be withheld or redacted.
  • Perform QC searches. Perform additional quality control searches prior to production to ensure that you are not letting any PII out the door unknowingly.

[View source.]

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Robinson+Cole Data Privacy + Security Insider | Attorney Advertising

Written by:

Robinson+Cole Data Privacy + Security Insider
Robinson+Cole Data Privacy + Security Insider
Contact
more
less

Robinson+Cole Data Privacy + Security Insider on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide