Corporate counsel conducting investigations in the United States are accustomed to unfettered access to employees’ company email and data without much limitation. When investigations involve data and documents created or received by overseas personnel, however, starkly different procedures may apply. Counsel must be sensitive to local rules governing both the “processing” of such data (a term that encompasses everything from collection through culling and review) and its transfer out of the country, particularly to the United States. This article discusses the principal rules to which counsel must refer prior to conducting overseas document collection and before transporting or transmitting any documents or data collected to the United States, as well as the collateral consequences of a decision to transfer documents to the United States.
Overseas Privacy Law Limits
The initial steps for counsel conducting an overseas investigation are familiar to U.S. attorneys: identifying relevant custodians, issuing document retention notices, conducting initial document collection interviews, arranging for the preservation of documents, and undertaking data collection and review. However, foreign regulatory frameworks require counsel to conduct such data collections in conformity with limitations found in the data privacy laws of the countries in which the documents’ custodians are locatedand sometimes also the rules of the home countries of people referred to in the documents.
