There is a significant nexus between data privacy and security and e-discovery that grows more pronounced as the volume of data generated multiplies exponentially and the ability of e-discovery tools to collect and process that data grows increasingly sophisticated. Specifically, the e-discovery process presents a very real risk of inadvertently compromising Personal Identifying Information (PII).

Although the definition of PII or protected information varies by jurisdiction, there are certain categories of information that are generally recognized as sensitive and should be safeguarded from unnecessary dissemination in the discovery process. These categories include:

  • Social Security Numbers
  • Driver’s license, passport or state identification numbers
  • Taxpayer identification numbers
  • Any financial account numbers, credit card numbers or other personal financial information
  • Any log in/password information
  • Personal Health Information (PHI)
  • Birthdays in conjunction with any other identifying information

The following strategies can help minimize the potential for producing arguably protected data in discovery:

  • Conduct targeted collections. Over-collection of ESI causes many problems, the inclusion of personal identifying information among them. The more targeted the collection is, the lower the likelihood of sweeping up personal identifying data.
  • Have sensitive information highlighted. If you are using an electronic review platform, it likely has the ability to highlight terms or numbers that may be sensitive.
  • Emphasize the importance. When preparing training manuals for document reviews, attorneys generally focus on identifying responsive materials and protecting privileged information. Consider devoting a section to identifying PII.
  • Give reviewers the right tools. Make sure the review team knows what to do when it comes across PII, such as whether it should be withheld or redacted.

Perform QC searches. Perform additional quality control searches prior to production to ensure that you are not letting any PII out the door unknowingly.

Print:
EmailTweetLikeLinkedIn
Photo of Andrea Donovan Napp Andrea Donovan Napp

Andrea Donovan Napp is chair of the firm’s Electronic Discovery and Information Management Team. In addition to e-discovery, Andrea focuses her practice on complex commercial litigation, business torts, and market conduct cases, representing businesses, municipalities, and individuals in various jurisdictions. As chair of…

Andrea Donovan Napp is chair of the firm’s Electronic Discovery and Information Management Team. In addition to e-discovery, Andrea focuses her practice on complex commercial litigation, business torts, and market conduct cases, representing businesses, municipalities, and individuals in various jurisdictions. As chair of the Electronic Discovery and Information Management Team, Andrea coordinates Robinson+Cole’s use of the latest technology, such as Concordance, CaseMap, LAW, LiveNote, and various Web-based platforms, to achieve maximum efficiency and compliance for our clients. Andrea has significant experience in all aspects of e-discovery, including document retention and data management planning, development of defensible collection policies, and management of large scale reviews and production. She has managed several large, sophisticated e-discovery projects in government investigations and private litigation. Notably, she led United Technologies Corporation’s privilege review in the Department of Justice’s antitrust review of the largest-ever aerospace merger. She routinely counsels clients on the development of data retention policies, legal hold practices, and e-discovery response plans. Read her rc.com bio here.