The businesswoman in glasses standing near the display

How to implement strategic planning for effective cross-border review

Authors

  • Scott Clary

    Principal, Forensic & Integrity Services, Ernst & Young LLP

  • Kimberly Heinz

    Senior Manager, Forensic & Integrity Services, Ernst & Young LLP

3 minute read 18 Nov 2024
Related topics
Forensic & Integrity Services

Legal stakeholders can use tactical workflow planning to promote efficiency and mitigate risk in multi-jurisdictional document reviews.

Three questions to ask:

  • How can you avoid the pitfalls of a costly review process?
  • What steps are essential for managing critical privacy concerns across jurisdictions?
  • How can you proactively handle large or complex data sets efficiently?

The landscape of data privacy regulations is rapidly changing, with requirements varying widely across jurisdictions, both internationally and in the United States.

Consider these three questions as you design your privacy review workplan:

  1. Who needs to be involved?
  2. Why are privacy reviews costly?
  3. What strategic steps can promote review efficiency?

Download the full article on Navigating complex cross-border document review

PDF (1 MB)

How EY can help

The US is swiftly enacting state-level privacy requirements, while more stringent standards have been implemented internationally. In response, companies are working to mature their data privacy and protection programs to comply with increasingly complex requirements. While leaders are investing in technology and resources to enhance their organizations’ privacy capabilities, they will also need to consider the impact to litigation, investigations and other discovery needs.

 

Legal teams will need to take a more proactive, comprehensive approach to evaluate where their data resides and what laws apply. While lawyers may be aware of potential cross-border data transfers, they may not be contemplating additional challenges to protect potentially private data from a document review and production perspective.

 

In the aftermath of a data breach, the need to conduct a thorough and efficient privacy review may raise additional concerns based on urgency and reporting requirements. Privacy reviews entail the need to both accurately identify and appropriately safeguard individuals’ protected private information, potentially under multiple regulatory frameworks.

Privacy reviews can be costly

  • Training attorney document reviewers on multiple country and state standards, including local compliance review requirements
  • Recruiting multilingual review resources for data sets in multiple languages
  • Identifying and redacting personally identifiable information (PII), including customized workflows for anonymization
  • Applying multiple redaction sets to conform with privacy requirements across various jurisdictions
  • Analyzing potentially dense PII document types (e.g., medical forms, financial records)
  • Implementing a robust quality control process in light of elevated risk and serious consequences, including sanctions
  • Extending review timelines to account for additional review workflow complexity

The implementation of a strategic cross-border privacy analysis and review workflow plan can reduce risk and enhance efficiency through five key steps:


Key takeaways

A proactive strategy-focused document review workflow is critical to adapting to the constantly evolving regulatory landscape of privacy law. Knowledge of the applicable laws; dedicated workflow planning; and proactive communication may mitigate the challenges and complexity of cross-border privacy considerations. Key stakeholders should be knowledgeable as to when and how technology enablement can facilitate even greater efficiency. Strategic technology integration, including the use of analytics and technology-assisted review, can facilitate the prioritization or even reduction of the review burden, potentially alleviating both the time and the cost of document review.

Kerri Brugger also contributed to this article.

Summary

Adapting to the evolving privacy law landscape requires a proactive document review strategy. Essential elements include understanding the relevant laws, planning workflows and maintaining clear communication to tackle cross-border privacy issues. Using technology-enhanced solutions can improve efficiency and reduce the time and cost involved in document reviews.

About this article

Authors

  • Scott Clary
    Principal, Forensic & Integrity Services, Ernst & Young LLP
  • Kimberly Heinz
    Senior Manager, Forensic & Integrity Services, Ernst & Young LLP
Related topics
Forensic & Integrity Services

Related article

Transforming compliance with advanced strategies and technologies

Learn how multinationals are approaching compliance challenges and driving advancements. Read the 2024 Global Integrity Report – US edition.

Liban Jama + 1

    EY refers to the global organization, and may refer to one or more, of the member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients.