A large financial services firm involved in an employment discrimination class action recently received a comprehensive discovery request from the U.S. Equal Employment Opportunity Commission seeking the production of the personnel files of each employee similarly situated to the named plaintiffs. The firm’s employment records include documents with responsive information that also contain sensitive, personally identifiable information about its employees, including their names, contact information, dates of birth, Social Security numbers, insurance information, names of family members and beneficiaries, pay records, and more. While some of this information is arguably relevant, some of it is protected from disclosure by federal and state privacy laws. Must the firm comply with the discovery request, or does it have any alternatives? What can it do to control its costs as it struggles to protect its employees’ privacy while meeting its discovery obligations?
In today’s business environment, such quandaries are prevalent. And, while many organizations are aware of their duty to protect personal information on an ongoing, day-to-day basis, they are more likely to overlook their data privacy obligations in the context of a litigation or investigation matter. To meet the challenges of data privacy in e-discovery, organizations should recognize the applicable privacy laws, implement business practices to govern their information, and apply technological solutions to safeguard their private data.
