International eDiscovery & Cross-Border Compliance: Expert Perspective
Wrongdoers know no international borders - so investigators of wrongdoing must be able to operate nimbly across borders, too. In particular, it behooves international organizations - and the law firms that service them - to pay particularly close attention to high-risk geographies and ensure they have the expertise and infrastructure needed to quickly respond to any incidents that arise.
When it comes to multinational investigations and eDiscovery response, there are a few best practices that legal and compliance practitioners should look for. Chris Dale, of the eDisclosure Information Project, sat down with Inventus expert Erin Plante recently for a video interview on the topic.
For eDiscovery and Investigation Readiness, Silos Won't Work
It's natural that international organizations will develop "siloed" approaches to business processes. Smart organizations, however, will fight against this tendency, and build in standard business processes and procedures from the ground up so that every region - and every department - operate from the same high standards and operational playbook.
Global investigations Require Global Infrastructure
Jurisdictional requirements, data privacy laws, and data security regulations differ from country to country. When facing an investigation that spans borders, it's important to choose an investigative provider whose infrastructure can handle it. For example - Chinese data cannot leave China, so smart professionals will ensure their providers have data centers located there.
Anti-Corruption Goes Beyond the FCPA and Anti-Bribery
For organizations operating in high-risk regions or in high-risk industries, getting policies to combat briber is imperative. Showing a "good-faith effort" even before an investigation or regulatory action occurs is critical to ensuring compliance and minimizing risk.
Use Technology to Reduce Risk
While regulators may be behind the eDiscovery technology industry in terms of providing guidelines for specific types of technology, they do expect the organizations within their realm of regulation to understand and correctly apply technology to track compliance with regulations. Just because regulations do not specifically address retention periods on Slack data, for example, is no excuse to ignore the platform within your organization.