Part II: Practical Considerations for U.S. Legal Teams Taking Discovery to Asia

[This is the second in a two-part Q&A between Rachel Teisch, Catalyst’s director of product marketing, and Dave Sannar, Catalyst’s head of Asia operations. Part I discussed trends and cultural differences U.S. legal teams should be aware of before embarking on cross-border discovery in Asia. Part II focuses on tactical considerations for collecting, processing, reviewing and transferring data subject to litigation, investigations and regulatory compliance.]

Q: Before starting a cross-border project in Asia, what are the most important things U.S.-based legal teams need to know?

A: That’s a big question. There are a lot factors that complicate U.S.-style discovery in Asia, so many that we could write a book on it. Obviously, one is the local laws and regulations that I mentioned in my previous post. For example, nearly every country or jurisdiction has cross-border data transfer rules and/or laws.

There are also differences in local business customs that U.S. lawyers are often unused to navigating. For example, in Japan, omotenashi, which describes hospitality, reaches far deeper as a form of networking and gift-giving in which influential business relationships are formed to facilitate business and other deals, with a quid pro quo established. As you can imagine, this form of hospitality can cause practical problems for in-house counsel in Japan engaging in these practices, such as the risk of running afoul of U.S. regulations, in the Foreign Corrupt Practices Act and the UK Bribery Act in England. Nearly every country has similar types of reciprocity customs that run into this gray area.

Q: What are the different business practices that might affect how data is collected?

A: Besides legacy data systems unique to each company that may present particular challenges to defensible data collection, a regular business practice in most Asia companies is encryption. Often referred to as DRM, encrypted data obviously has a tremendous impact on data preservation and collection. The regular practice of data encryption stems directly from the importance Asian companies place on data protection. Many multinational companies based in Asia adopted encryption standards long before the U.S. or Europe even began to embrace data security.

A notable example is Korea. A few years back, we collected data from a Korean company that employed four levels of encryption. The data had to be decrypted on two levels before we could collect and then two more levels before we could even access the data to process. It required one of our forensics collection experts, along with the client’s IT engineer, to decrypt the data before it could be loaded into our review platform. Granted, this is an extreme example, but it demonstrates the seriousness with which companies in Asia protect their data.

While remote collection has risen as a preferred practice in the U.S., using this as a safe method to forensically collect data isn’t well understood by many Asian legal teams. They will often struggle with giving you access to their data for on-site collection and categorically turn down any suggestion for opening their network to remote collection. If remote collection has any possibility for use, it must be well-explained to the client with assurances of discretion and security.

Also, while paper is becoming archaic as a source of discovery in the U.S., Japan and China still rely heavily on paper. As such, paper documents should not be overlooked as a source of evidence. And remember that after scanning, Asian language OCR is necessary to provide searchable text.

Q: What other customs should U.S. legal teams be aware of?

A: There are differences in the way that employees of Asian-based companies communicate that are often overlooked sources of potentially relevant information if U.S. legal teams don’t know the right questions to ask about common communication platforms. For example, the use of chat versus email as a way for employees to communicate, like WeChat, LINE, WhatsApp and even Facebook Messenger. We see a lot of important sales and sometimes customer service information communicated using various chat applications.

There are also different email systems, such as Becky!, with unique file structures that are generally not recognized by western e-discovery tools. In some cases email files have different encoding for the header and the body of the Email, and if not handled properly the CJK characters result in garbled data when processed. Experts in Asian language collections can recognize these systems and ensure the data is collected and processed accurately for downstream search and review.

This doesn’t give all the issues justice, but is a starting point for some of the unique differences U.S. legal teams need to be aware of before embarking on a discovery project in Asia.

Q: What kind of problems do you experience while handling data in Japanese, Chinese, Korean and other languages?

A: I recently wrote extensively about the unique problems in a recent article, How to Avoid Asian Language Pitfalls in Discovery. That article addresses some of the processing, search and review issues that Chinese, Japanese and Korean (CJK) language documents present when using review tools that were initially built to handle western languages. Beyond access and encryption, there are basically two reasons handling of CJK data can be problematic: file type and encoding.

A lot of Asian companies have legacy data systems or email systems with file types that western-based processing engines do not recognize and cannot handle. Examples of Email with unique file structures are Becky! and MySingle. Widely used chat programs generally keep data in text files or SQL databases, but we have run into some chat programs with unique file structures that need to be deciphered before processing. There are also many different word processing programs that come from China, Korea and Japan with unique file structures.

About six years ago we ran across data from Korea that was in a file structure we had not seen previously, a .gul file. I was tasked with researching where it came from and provide our engineers with a file structure. Within 24 hours I turned the details over to our data engineers and within another 24 hours they had a solution. Today we regularly handle .gul files, which by the way, is a Samsung-specific word processing file format.

Language encoding is the other regular problem encountered with CJK languages. Most e-discovery vendors will talk about how they handle Unicode, but most data we process in Asia is not Unicode. It’s Shift JIS, Big 5, EUC-KR, and many other encoding types. When your processing system is designed to accurately identify encoding and properly process the data, you get clean results. When you don’t, you may see a lot of garbled characters that render the documents useless.

Even really popular e-discovery platforms still can’t handle CJK properly. It’s one of the reasons I joined Catalyst. It’s a core technology competency of ours. Foreign language identification, highly accurate processing, multi-language search, and review using our proprietary technology assisted review system that cuts through foreign language data like a hot knife through butter.

These are some pretty big challenges, but obviously the right technology and support team can help legal teams overcome them.

Q: How do you handle cross-border data transfers?

A: Nearly every country and jurisdiction has some form of data privacy or data protection rules or laws that have an impact on how proper data collection and cross-border data transfers can take place. But proper data handling requires more than simply an understanding of the rules or laws governing it. We must always be cognizant of the cultural and business norms for each country we work in.

Generally, we start with (1) written orders from the law firm instructing Catalyst to perform the data collection, (2) written approval from the company granting us permission to perform the collection, and when necessary, (3) written approval from the individual custodians allowing us access to their devices for collection purposes.

Furthermore, we encrypt before transfer and wherever possible, hand carry data copies back to our data centers for processing.

Regarding cross-border data transfers, we typically work with local law firms to ensure we are following all applicable laws and procedures to properly move the data from the country of origin to the country of hosting. Our goal is to keep the data safe and secure through the entire life cycle of the matter in question, then to properly dispose of the data when the matter is closed.

Q: Is there any final practice advice you can offer U.S. legal teams?

A: In the many years that I have worked with Asian companies, there is one universal question that comes up with nearly every client: why must we turn over this data? Any e-discovery vendor can generally explain the requirements for the matter and counsel can explain the legal rules. But it goes much further than that. In Asia, a relationship based on trust is the pivotal point for nearly all business. Do we have a relationship with the company such that they will trust us with their data?

Trust is built through experience, existing relationships, connections, positive feedback and referrals from known clients, along with longevity in the market. Catalyst is one of the oldest e-discovery companies that straddles both regions. We’re known and trusted. That goes a long way in Asia business.

mm

About David Sannar

A veteran e-discovery executive with extensive experience in Asia and the Pacific, Dave Sannar is responsible for all Catalyst operations and business growth throughout Japan and Asia, including our operations and data center in Tokyo. Dave has been immersed in the e-discovery industry since 2004, when he became president and COO of AccessData Corp., the second-largest computer forensics software company in the world. Dave spearheaded a restructuring of AccessData that grew its workforce by 200 percent and its sales revenues from $4.2 million to over $10 million in just two years.

About Rachel

Rachel brings 18 years’ experience in e-discovery technology and services. As director of product marketing, Rachel is responsible for marketing strategy, planning and execution. From 2011 to 2017, Rachel was vice president, marketing with Conduent (formerly Xerox), where she led marketing efforts for the company’s e-discovery division and helped build the big data analytics and compliance offerings. Previously, she held senior marketing and strategy positions with H5. Earlier in her career, she co-founded Navigant Consulting's business development division, helping lead its growth to a $50 million top-line revenue practice. She first got her feet wet in e-discovery at CaseCentral (acquired by Guidance Software, now OpenText). Rachel regularly writes on topics related to e-discovery and bit data analytics, and holds a B.A. from Brown University and a Masters in Public Policy from Harvard University.