eDiscovery Counsel is a forum for sharing information and news of note relating to the legal aspects of electronic data disclosure and discovery, electronic document management, data privacy, electronic medical systems, identify theft, HIPAA, OCHIT and other regulatory privacy and data management issues.

Wednesday, May 03, 2006

E-Mail From the E.U.: Safe Harbor or Binding Corporate Rules?

Welcome to eDiscovery Counsel. This blog will present discuss issues and developments in electronic document management and discovery. We’ll post information and respond to questions about document management as a business imperative, since over 90% of all business documents are in digital while approximately 20% of them are ever printed. In short, you need to know where your data and documents are in order to run your enterprise efficiently and productively. Electronic discovery issues will comprise questions raised by discovery requests from regulatory agencies as well as courts and attorneys.

We’ll also, from time to time, discuss issues pertaining to data transmission across borders. Technological advances have shrunk the work and expanded markets. As a matter of necessity, then, companies must follow suit, going into areas in which they may not be familiar with the legal and regulatory landscape. In his best-selling book The World Is Flat (Farrar, Straus & Giroux 2005), Thomas Friedman elicits a wonderful vignette of this phenomenon. He reprints an African proverb posted on the wall of an American owned fuel pump factory in Beijing, translated into Mandarin:

Every morning in Africa, a gazelle wakes up.
It knows it must run faster than the fastest lion or it will be killed.
Every morning a lion wakes up.
It knows it must outrun the slowest gazelle or it will starve to death.
It doesn’t mater whether you are a lion or a gazelle.
When the sun comes up, you better start running.

To “keep running,” one must know the landscape. Data protection rules in the European Union are more stringent than those in the U.S. In fact, E.U. provisions hold that certain data may not be transmitted from the E.U. to the U.S. unless the American Company has executed a Safe Harbor agreement, in which it agrees to abide by E.U. standards, and registers that agreement with the U.S. Department of Commerce. But national implementing legislation may add additional restrictions. How can one agreement cover the differences in privacy protection among branch facilities in several countries? Nuala O’Connor Kelly, Chief Privacy leader in the U.K. for General Electric, believes she has a better solution: Binding Corporate Rules (BCR’s). In her article BCR’s: a model for the future Ms. Kelly explains how BCR’s can, in effect, set a company-wide global operational standard for data protection, and lays out a step-by-step approach to formulation of the BCR and obtaining necessary approvals from governmental information agencies.

I commend it to you, so you can stay upright as you keep running.

Links to this post:

<$BlogBacklinkTitle$>: <$BlogBacklinkSnippet$>
posted by <$BlogBacklinkAuthor$> @ <$BlogBacklinkDateTime$>

Create a Link

<< Home