The United States Department of Commerce and the European Commission have agreed on a set of data protection principles and frequently asked questions (FAQ) (the “U.S.-EU Safe Harbor Framework”) to enable U.S. companies to satisfy the requirement under European Union law that adequate protection be given to personal information transferred from the European Economic Area (EEA) to the United States. Consistent with its commitment to protect personal privacy, iDiscover adheres to the principles set forth in the U.S.-EU Safe Harbor Framework. The principles are as follows: Notice, Choice, Data Integrity, Transfers (Onward Transfers), Access and Correction, Security and Enforcement. To learn more about the Safe Harbor program, and to view iDiscover’s self-certification, please visit http://www.export.gov/
SCOPE OF BUSINESS OF IDISCOVER
iDiscover provides electronic discovery consulting and technical services to client law firms as well as directly to business organizations who are parties to various types of legal and commercial proceedings. All data collected in the course of iDiscover’s activities are kept under strict privacy and confidentiality protocols since much of this information may constitute evidence in litigation and other sensitive proceedings. It is iDiscover’s practice to enter into a service agreement with each client, and such service agreements contain terms regarding the confidentiality and privacy of the data received in every engagement undertaken. Moreover, each of iDiscover’s employees has executed nondisclosure agreements regarding all information that comes into their possession during the course of their employment with iDiscover.
The facility in which iDiscover processes (*processing by iDiscover consists, typically, of the extraction and formatting of the data for review in a document review system) and stores data maintains extensive physical and network security features.
Much of the data processed and stored by iDiscover does not constitute “personal information” as that term is defined herein. However, personal information will, on occasion, enter into the possession of iDiscover, the bulk of it contained within the email accounts of individuals in the employ of parties to litigation.
SCOPE OF POLICY
For purposes of this Policy, the following definitions shall apply:
“Agent” means any third party that collects or uses personal information under the instructions of, and solely for,
iDiscover or to which iDiscover discloses personal information for use on iDiscover’s behalf.
“iDiscover” means iDiscover LLC, its predecessors, successors, subsidiaries, divisions and groups in the United States.
“Personal information” means any information or set of information that identifies or could be used by or on behalf of iDiscover to identify an individual. Personal information does not include information that is encoded or anonymized, or publicly available information that has not been combined with non-public personal information.
“Sensitive personal information” means personal information that reveals race, ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, views or activities, that concerns health or sex life, information about social security benefits, or information on criminal or administrative proceedings and sanctions other than in the context of pending proceedings.
The privacy principles in this Policy have been developed based on the U.S.-EU Safe Harbor Framework.
iDiscover does not ordinarily collect personal information directly from individuals in the EU. Personal information may exist in electronic discovery information that is provided to iDiscover from an EEA organization for processing. To the extent permitted, iDiscover reserves the right to process personal information in the course of providing electronic discovery and other services to our clients without the knowledge of individuals involved. Where iDiscover does collect personal information directly from individuals in the EU, it will inform them about the purposes for which it collects and uses personal information about them, the types of non–agent third parties to which iDiscover discloses that information, the choices and means, if any, iDiscover offers individuals for limiting the use and disclosure of personal information about them, and how to contact iDiscover. Notice will be provided in clear and conspicuous language when individuals are first asked to provide personal information to iDiscover, or as soon as practicable thereafter, and in any event before iDiscover uses or discloses the information for a purpose other than that for which it was originally collected.
iDiscover does not share personal information or sensitive personal information with third parties, unless required by law or lawfully directed to do so by our client or the organization that provided iDiscover the personal information and/or sensitive personal information. Additionally, iDiscover does not share or disclose personal information or sensitive personal information for a purpose incompatible with the purpose for which it was originally collected, and therefore there is no need to offer individuals the opportunity to opt out from or opt in to having such data disclosed. Further, since the circumstances under which iDiscover collects such information is necessary for the establishment of legal claims or defenses, iDiscover is not required to give individuals the opportunity to affirmatively and explicitly
(opt-in) consent to the disclosure of the information. However, should the need ever arise, CLS will provide individuals with reasonable notice and mechanisms to exercise their choice to opt-out from having personal information so disclosed.
iDiscover will use personal information only in ways that are compatible with the purposes for which it was collected or subsequently authorized by the individual. iDiscover will take reasonable steps to ensure that personal information is relevant to its intended use, accurate, complete, and current.
TRANSFERS (ONWARD TRANSFERS).
iDiscover does not share personal information with third parties, unless required by law or lawfully directed to do so by our client or the organization that provided iDiscover the personal information, where the disclosure is required by law, where the information is publicly available, or where the disclosure is reasonably necessary for the establishment of legal claims or defenses. However, should the need ever arise, prior to disclosing personal information to third parties, iDiscover will utilize the notice and choice principles noted above. Moreover, where the need arises, iDiscover will obtain assurances from third parties that they will safeguard the personal data consistent with this policy or any other EU adequacy finding, or as an alternative, iDiscover will enter into a written agreement with such third party to provide at least the same level of personal data protection as is maintained by iDiscover.
ACCESS AND CORRECTION.
Since, under typical circumstances, the burden or expense of providing access would be disproportionate to the risks to the individual’s privacy in the case in question, or the rights of persons other than the individuals would be violated or seriously compromised, individuals cannot be provided access to personal information about them in order to correct amend, or delete the information when inaccurate. However, where appropriate to do so, iDiscover will grant individuals reasonable access to personal data that it holds about them and iDiscover will take reasonable steps to permit individuals to correct, amend or delete information that is demonstrated to be inaccurate or incomplete.
iDiscover will take reasonable precautions to protect personal information in its possession from loss, misuse and unauthorized access, disclosure, alteration and destruction.
iDiscover will conduct compliance audits of its relevant privacy practices to verify adherence to this Policy. Any employee that iDiscover determines is in violation of this policy will be subject to disciplinary action up to and including termination of employment.
Any questions or concerns regarding the use or disclosure of personal information should be directed to the iDiscover Privacy Office at the address given below. iDiscover will investigate and attempt to resolve complaints and disputes regarding use and disclosure of personal information by reference to the principles contained in this Policy. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed by iDiscover, please visit the BBB EU SAFE HARBOR web site at www.bbb.org/us/safe-harbor-
LIMITATION ON APPLICATION OF PRINCIPLES
Adherence by iDiscover to these Safe Harbor Privacy Principles may be limited (a) to the extent required to respond to a legal or ethical obligation; (b) to the extent necessary to meet national security, public interest or law enforcement obligations; and (c) to the extent expressly permitted by an applicable law, rule or regulation.
Questions or comments regarding this Policy should be submitted to the iDiscover Privacy Office by email as follows:
This Policy may be amended from time to time, consistent with the requirements of the Safe Harbor Privacy Principles. A notice will be posted on the iDiscover web page (http://www.idiscoverglobal.com/safe-harbor-privacy-policy/) for 60 days whenever this Safe
EFFECTIVE DATE: 02/18/2014