Information, Privacy and Data Security Post

Information & Privacy Post – 2007 Year in Review

Information, Privacy and Data Security Post

Information & Privacy Post – 2007 Year in Review

Date: January 1, 2008

Dear Friends:

We published the first full year of the Post in 2007, and it has been rewarding throughout. If you were a regular reader, thank you. If not, the Hicks Morley Information and Privacy Post is our regular publication on the law of information and privacy. We’ve defined information and privacy in a way that’s broader than most would ordinarily conceive, covering case law on the law relating to privacy, freedom of information, records management, business information and the law of production. We thought that a perspective focussed on any one of these domains was too narrow and wanted to draw interest from all the professionals who manage information – in-house legal advisors, privacy officers, records managers, information technology professionals and others.

This 2007 retrospective includes all of the 2007 cases we have covered. In looking for a case to deem the top case in 2007, we wanted to find a case with application to all of our readers. On this criterion our choice was clear. The Vioxx Products Liability Litigation case captures the essence of the challenge we all face in managing information today. As we explain below, in this case a Louisiana court adopted a report by a special master that significantly limited Merck’s claim to privilege in approximately 30,000 records, most of which involved e-mails sent to and from in-house corporate counsel. It is first and foremost a significant case about the substantive law of solicitor-client privilege and the inferences that ought to be drawn about the purpose of a communication from the means by which it was emailed to and from in-house legal counsel, but we have selected Vioxx, however, for what it demonstrates about managing information in business today.

Picture the records. Thirty thousand of them, all printed and stored in about 81 bankers boxes. They were not organized in chronological or any other logical order and contained numerous e-mail strings with duplicate communications, none of which were grouped. Merck actually had to review a set of records that was over 60 times this size to even claim privilege over these records, but even in litigation of such massive scale, Merck no doubt economized by doing some form of automated search on internal and external counsel names. This wasn’t good enough in the end, because when the plaintiffs challenged Merck’s privilege claims the litigants and the court were drawn into an examination of each and every line in every one of the 30,000 disputed records – first by way of a summary process and then by way of a detailed examination of a 2600 record sample. Since Merck’s novel theory that would have enabled it to avoid the burden of a record-by-record justification was rejected – one that relied on pervasive regulation of the drug industry – many of its privilege claims were rejected.

Although the Vioxx case actually involved physical records, it highlights the challenge associated with e-discovery that is the dominant concern of our civil justice system today. How can businesses afford to meet their production requirements in light of their massive and unorganized stores of electronic records? Yet civil litigators and law clerks might empathize with information and privacy coordinators. Every coordinator we know has ploughed through stacks of printed e-mail chains to assess whether any exemptions from an access requirement (all with their nuances and ambiguities) should be claimed.

All of us are working on our part of this challenge. We’re working on the root cause by managing information better, retaining it for shorter but legally compliant time periods and by providing guidance to employees on responsible record creation. (Is that really what you want to be putting in an e-mail?) We’re working on good preservation, search, retrieval, review and production processes – those that are efficient and defensible, and often rely on technology. And finally, we’re working on the law of production and access to information itself.

This year we watched closely to see how the law developed to meet the modern business information challenge. If we can draw any conclusions, its that the law on “new production issues” is just starting to develop. The uncertainty that is illustrated in the Canadian case law this year may give way to some more thematic decisions as the Sedona Canada Principles are launched in the near months. We look forward to covering all these developments and continuing to serve you as information and privacy counsel as we proceed into 2008.

Thank you again for reading, and we look forward to continuing to serve you as information and privacy counsel and covering all the exciting developments in 2008.

The articles in this Client Update provide general information and should not be relied on as legal advice or opinion. This publication is copyrighted by Hicks Morley Hamilton Stewart Storie LLP and may not be photocopied or reproduced in any form, in whole or in part, without the express permission of Hicks Morley Hamilton Stewart Storie LLP. ©