In an increasingly global economy, it is only natural to see a rise in complex and high-stakes international lawsuits. As a result, cross-border discovery issues are now commonplace, a staple of international litigation. Within the realm of cross-border discovery issues, the subject of employee data is often at the forefront. While there are many hurdles for global organizations to overcome with discovery of employee data, there are best practices to take into consideration in preparing for such issues.
Cross-border discovery of employee data may be a challenge because the discovery rules in most countries are markedly different from those in the United States. Most other countries take a much more rigid stance on discovery of employee data. Unlike the United States, most countries view privacy as a fundamental right. In these countries, employees have a right to privacy when it comes to their personal data. Access to, processing of, or transfer of employee data is highly regulated, if even permitted. In some countries, there may be a safe harbor provision in place, permitting access to the employee data only when certain requirements have been met. Outside of a safe harbor, there may be a host of international guidelines which must be followed in order for employee data to be available for discovery in litigation. To make matters more complicated, privacy laws surrounding employee data vary widely from country to country.
While the rules and regulations that apply to employee data depend on factors such as the jurisdiction in which the employees are located, the type of business, and the type of employee data the company collects and stores, in most countries the two main considerations to bear in mind are: (1) the sufficiency of the measures aimed at ensuring that employee data or personal data is secure, and (2) consent from employees for access to and processing of their private data.
Given the number and varied nature of the hurdles global organizations may be faced with relative to discovery of employee data, planning is critical. It is imperative for companies and practitioners to work together, either prior to commencement of litigation or as soon as litigation ensues, to develop and implement a proper plan as it relates to access to employee data. Companies need proactively to create and implement employee data policies that adhere to the rules and regulations of each jurisdiction in which the company does business. This may be accomplished through (1) the in-house legal department, especially if there is one in the particular jurisdiction for which policies need to be developed, (2) through outside counsel, or (3) both.
Global organizations are well-advised to create a carefully thought-out employee data policy specific to each jurisdiction in which the company does business. Having such a policy in advance of litigation will go a long way to ensure a much more efficient and seamless approach to discovery of employee data once litigation commences.