There is a significant nexus between data privacy and security and e-discovery that grows more pronounced as the volume of data generated multiplies exponentially and the ability of e-discovery tools to collect and process that data grows increasingly sophisticated. Specifically, the e-discovery process presents a very real risk of inadvertently compromising Personal Identifying Information (PII).
Although the definition of PII or protected information varies by jurisdiction, there are certain categories of information that are generally recognized as sensitive and should be safeguarded from unnecessary dissemination in the discovery process. These categories include:
- Social Security Numbers
- Driver’s license, passport or state identification numbers
- Taxpayer identification numbers
- Any financial account numbers, credit card numbers or other personal financial information
- Any log in/password information
- Personal Health Information (PHI)
- Birthdays in conjunction with any other identifying information
The following strategies can help minimize the potential for producing arguably protected data in discovery:
- Conduct targeted collections. Over-collection of ESI causes many problems, the inclusion of personal identifying information among them. The more targeted the collection is, the lower the likelihood of sweeping up personal identifying data.
- Have sensitive information highlighted. If you are using an electronic review platform, it likely has the ability to highlight terms or numbers that may be sensitive.
- Emphasize the importance. When preparing training manuals for document reviews, attorneys generally focus on identifying responsive materials and protecting privileged information. Consider devoting a section to identifying PII.
- Give reviewers the right tools. Make sure the review team knows what to do when it comes across PII, such as whether it should be withheld or redacted.
Perform QC searches. Perform additional quality control searches prior to production to ensure that you are not letting any PII out the door unknowingly.