All posts tagged Data Protection Laws

Amsterdam: The Layover – E-Crime congress 2013

Don't Panic: Responding to Data Theft

Day 1

4:00 pm – Nexus, Farringdon Street, London
Here’s some wise advice – never answer your phone when your train is leaving in 15 minutes. Robert Jones learned this the hard way and as a result he had to set a new track record Nexus – City Thameslink Station, in under 2 minutes. “Surely that can’t be done!” I hear you cry. Well thankfully Rob, like all Kroll Ontrack employees, is a finely tuned athlete and has been training for marathons, and so made it with seconds to spare. Robbie J, quite literally going the extra mile to keep his clients happy. So the three intrepid travellers – Luke Aaron, Robert Jones and myself – got the train on time and were on our way to Gatwick airport.

5:30 pm – Gatwick Airport, Departure Lounge
Dinner consisted of tortilla chips, guacamole sauce and some random roasted vegetables, eaten with one of those silly security knives, more handle than blade, hardly gourmet cuisine. “That’ll be £9.50 please sir” –“How much? For some crisps and a dip” so lighter in the pocket, but ‘heavy’ on food we headed to the plane. After the traditional security routine – put toiletries in small evidence bag, take off coat, jacket and belt, unpack laptop, put all small change in tray (not that we had much left after dinner), get tray jammed by eight others in machine, get patted down by male security guard, feel violated, put belt back on, lose passport and boarding card, panic, find passport and boarding card in pocket you didn’t know existed, re-pack entire contents of luggage – we boarded the plane. Without naming names, it was the orange and white budget one that sounds like Cheesypet, who have started to allocate seats nowadays, much to the consternation of familiar Cheesypet travellers who had prepared for the scrum to get a seat near the front of the plane. We finally took off and were on our way to Amsterdam.

10:00 pm – Hotel Okura, Amsterdam
An hour later we landed on Dutch soil with the final destination as the Okura hotel. A fine and opulent hotel, the pinnacle of which was the remote controlled blind between the bath and bedroom. Rob claims he overheard Luke getting at least half an hour of entertainment by continually sending it up and down.

Day 2

12:25 pm – Hotel Okura, Amsterdam
After building up the stand with extreme precision, it was Luke Aaron’s time to shine at his debut as a Kroll Ontrack speaker. His educational seminar was entitled ‘Don’t panic: Responding to data theft’. In the 35 minute slot Luke explained to around 25 captivated visitors, from a variety of backgrounds including banking, telecoms and software companies, what policies and procedures every company should embrace regarding to a possible data theft. The presentation was very well received and was for many an eye-opening introduction to the world of data theft response.

Luke Aaron on data theft

2:25 pm – Hotel Okura, Amsterdam
Now it was time for Robert Jones and his special guest, Misha lutje Beerenbroek, Head of EC Competition and Trade at Baker & McKenzie, Amsterdam to impress the crowd. This pairing, which some (Rob) have compared to the compliance world’s equivalent to Jimmy Page and Robert Plant*, rocked the conference with a talk centred around ‘Using innovative technology to audit for compliance’. With a very relaxed and open approach the duo riffed away on regulatory trends towards cross-border investigations and fines, the growth of a compliance culture and the benefits of building strong compliance programmes to be better prepared for the risk of regulatory intervention in relation to antitrust, corruption and other issues.  A particular topic which got the audience talking was the frank discussion of approaches taken by companies when weighing up the problem of carrying out an internal investigation to defend the company, versus the risk of infringing an employee’s personal rights and data privacy laws. It was clear this gave many visitors a new perspective on internal audits and some audience members were still humming away afterwards to the tune of ‘Communication Breakdown’ (or ‘email analytics’, as we like to call it).

*Of ‘Led Zeppelin’ fame – apparently some people have never heard of them.

7:00 pm – Schipol, Departure Lounge
After re-hashing over dinner we came to the conclusion that it was a productive day. With our data centre in Germany due to be operational in late January and our French data centre to come online shortly afterwards, hopefully congresses like this will help make more businesses aware of our continued commitment to providing solutions in Continental Europe.

About Jasper van Dooren

Jasper is part of the Electronic Evidence Consultancy team, which provides scoping consultancy and advice to potential clients in ediscovery or computer forensics matters. He also assists clients by providing demonstrations, presentations, documentation and advice before and during project engagements to ensure that expectations and legal requirements are being met. Jasper graduated from Utrecht University, Netherlands, with a Master’s degree in Private law before moving to London.

Data War: Annual French general counsels’ meeting

Data War

Last Friday, Kroll Ontrack sponsored the Annual General Counsel meeting hosted by the Development Institute International in Paris. I was asked to give a 15 minute talk about data control in e-discovery, dawn raids and internal investigation. I have to say that I had no idea what level of interest the forty-something general counsel and the few external lawyers in the room would show in this topic.

As everyone knows, civil law practitioners – particularly those in France – don’t traditionally pay too much attention to ediscovery and legal technologies coming from common law countries.  To illustrate this, one of the speakers who opened the session – a special legal advisor to the French Minister for  Industry Arnaud Montebourg – explained how France and Europe completely lost the technological shift in the 2000’s by letting  US giants (such as Google and Yahoo, e) take control of European citizens’ data and earn profit from that. As a consequence, the French government is now thinking about solutions to help Europeans regain better control of their personal data and its €315 billion value, according to a research conducted by the Boston Consulting Group in 2011.

Handling electronic data is also crucial in legal and regulatory matters. This is what my talk focused on.  Taking the right steps to ensure data is handled properly is a real challenge for French and European organizations dealing with a US discovery requests or a regulatory investigation. The European data protection directive, local data protection and labour laws and blocking statutes form a complex legal framework in situations where companies and lawyers need to collect, process, review and produce data. Alongside legal measures which have to be taken, there are technological tools and techniques that can be leveraged at each stage in a project to ensure data is kept safe and laws are complied with..

Finally, I was pleasantly surprised to see good feedback and some interesting questions from the audience. Hearing from French general counsel who have experience in ediscovery was very interesting and made me become more aware of their challenges: a French company which is not often involved ia US litigation can’t control the discovery process and usually only rely on its US law firm to take the right decisions.  Does this foreign law firm really understand the local challenges and does it have a local team with some ediscovery experience? Anyway, French companies are definitely looking for more local support to be help them take control of their data and of the whole discovery process. This will primarily mean having their data managed at a local level first instead of sending y all the documents requested directly to their US lawyers. A global ediscovery vendor with local teams and local processing facilities can therefore be seen as an indispensable partner to achieve that.

About Thomas Sely

Thomas advises French clients on the management of electronic evidence and the use of legal technology in forensics investigations, compliance audits, French & EU competition regulatory investigations and dispute resolution. He is regularly consulted on the practicalities surrounding the collection, management, processing, review and production of electronic evidence, particularly where issues of French data privacy and data protection are concerned. His clients include lawyers in IP, competition, employment and litigation practices, as well as inhouse counsel, HR, and compliance and security officers in corporations.

Autumn Ediscovery News: New Solutions and Education for Companies

We are very excited this week to announce the launch of in-country ediscovery processing capabilities in Germany and France as well as Ontrack® Onsite™, a self-contained ediscovery solution that can be deployed onsite to any country.  Many of our European clients have grappled for a long time with data protection laws that restrict data transfers in cross-border cases and increase the complexity, cost and risk associated with ediscovery. We have also seen data security and the protection of intellectual property become more important to companies as cyber attacks, data breaches and surveillance become a day to day reality.  As our President and CEO, Dean Hager notes in our press release issued on 1 October, we are addressing these needs head on with flexible solutions that allow data to be processed either in country in Germany and France, in addition to already established data centre hubs in the U.S., U.K. or Japan, or behind a company’s own firewall when data cannot leave its premises.  If you would like further information about these new capabilities you can read our press release or give us a call.

Coinciding with the announcement we are also launching a complimentary webinar programme in EMEA in which we will be examining the management of electronically stored evidence from the point of view of corporate counsel in Europe and some of key issues which arise.

In our first webinar on 8 October on Data Control: Ediscovery Solutions for European Companies we will look at how to manage company data in litigation, regulatory inquiries and internal investigations when security, confidentiality and compliance with data protection laws are of paramount importance.   If you would like further information about the event please click here and if you would like to register please email us at

We have on our panel:

Christian Kuss, Associate, IT, Copyright and Data Protection Law, Luther, Cologne

Mark Surguy, Partner, Fraud and Investigations Group, Eversheds, Birmingham

Thomas Sely, Electronic Evidence Consultant, Kroll Ontrack, Paris

Andrew Szczech, Director for EMEA, Kroll Ontrack, London (Moderator)

The panel will be discussing the reasons clients choose to process data in country or onsite, whether that be due to data protection and privacy laws or concern about data security.  We will also be looking into solutions such as behind the firewall ediscovery solutions, in country solutions and other legal mechanisms for handling data protection restrictions on cross-border data transfers and client concerns about confidentiality.  This intended to be a practical session and our speakers will share experiences in an area where the law is often grey and client’s appetite for risk varies.

In our next two webinars we will be hosting discussions on the following:

22 October – Ediscovery – What In-house Counsel Need to Know – what companies need to do to ensure that costs, risks and response times are reduced when responding to formal demands on company information such as discovery requests in litigation, compliance checks, due diligence or regulatory requests.

5 November – The Changing Face of Data Theft – what new risks companies face due to advances in technology such as the use of mobile devices, cloud storage and social media by employees and how to respond forensically

About Tracey Stretton

Tracey Stretton is a legal Consultant at Kroll Ontrack in the UK. Her role is to advise lawyers and their clients on the use of technology in legal practice. Her experience in legal technologies has evolved from exposure to its use as a lawyer and consultant on a large number of cases in a variety of international jurisdictions.