How would a Data Privacy Law impact eDiscovery?
There are only two countries in the developed world that do not have any laws set into place protecting the privacy and security of their consumers: the United States and Turkey. Citizens of Europe, Asia and Latin America all have privacy rights. So why not in the United States?
It’s not there are no laws whatsoever surrounding privacy laws in the United States. Certain information such as health information and financial data is more protected than others, but for the most part, there are no laws set into place for companies using the private data of their customers.
The Federal Trade Commission, with limited authority, does its best to monitor and enforce the few laws that are available, but some lawyers have figured out that there is one simple way to not violate these laws: Don’t make specific promises regarding privacy. This is why when you read a corporate privacy policy, it may tend to be vague and more often than not it does not really describe the privacy policy that it holds.
While this has been going on for years, it has become much more of an issue in recent years with more and more websites and companies wanting private information from their customers, but not really disclosing how they will use it. More and more consumers are leery about giving out personal information because of these vague practices.
It also has an obvious potential impact on eDiscovery. Data privacy laws vary greatly from country to country and the increased use of offshore hosting facilities and/or overseas servers to store and deliver data is creating confusion. Its not clear if – or how – a company will handle cross-border eDiscovery disputes between countries with different laws (when one jurisdiction tries to impose its rules on another). Its an area that bears monitoring.
For these reasons, many companies would like to have a way to provide privacy protection policies that matter to their customers, but none of these companies wants to put themselves at risk of being disadvantaged when compared to their competitors.
So the answer to the question of whether or not the United States needs a data privacy law is most definitely a yes, but whether or not it will happen is another story altogether. While some in Congress would like to fix the problem, the ones that can do something are pushing the problem down the road. With other looming issues on the horizon, data privacy laws seem to be a small problem at best. For the time being, consumers will just have to be extra careful with the information they give the companies they use, and businesses and corporations will just have to continue writing the somewhat vague and nondescript privacy policies they have been writing for the past several years.