Minnesota Legal Blog

Trial Practice: Federal Privacy Considerations in the Age of ESI

by | Apr 27, 2018 | Trial Practice |

As part of the e-discovery process, keywords can be used to search hard drives, e-mail storage, thumb drives, discs and servers. Keywords can be useful in identifying potentially relevant documents. But practitioners should be aware-particularly when permitting searches within their own systems-that privacy issues beyond the scope of the litigation may be implicated. Privacy concerns arise in the medical field, and in employment law, to name just two. Practitioners must be aware of the law that applies to their clients. Protective orders help to preserve privacy, but practitioners should also be aware of the laws that protect privacy in any database being searched. Competent representation requires this. Minn. R. Prof. Cond. 1.1 (2018).

Some of the federal privacy laws that also protect social media evidence, to varying degrees, are the following:

  • Stored Communications Act (“SCA”). 18 U.S.C. §§ 2707-2711. Protects the privacy of user communication in the possession of certain companies that store and transmit the data. This is the statue Facebook relies on to withhold communications, as opposed to contact information, when responding to civil subpoenas.
  • Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). Protects privacy of health information and provides that violators may be fined.
  • Children’s Online Privacy Protection Act (“COPPA”). 15 U.S.C. § 6501-08 and 16 C.F.R. Part 312. Governs online collection of information from children under the age of 13.
  • Family Educational Rights and Privacy Act (“FERPA”). 20 U.S.C. § 1232g and 34 C.F.R. § 99. Protects privacy of student records for schools that receive federal funding.
  • Protection of Pupil Rights Amendment (“PPRA”). 20 U.S.C. § 1232h and 34 C.F.R. § 98. Protects privacy of student records for schools that receive federal funding.
  • Federal Trade Commission Act (“FTC Act”). 15 U.S.C. § 25. This law is sometimes invoked against companies that fail to comply with their own privacy policies.
  • Fair Credit Reporting Act (“FCRA”). 15 U.S.C §§ 1681 et seq. Protects data collected by consumer reporting agencies.
  • Financial Services Modernization Act / Gramm-Leach Bliley Act (“GLBA”). 15 U.S.C. §§ 6801-6809. Requires financial institutions to provide notices and allow customers to opt out of sharing person financial information.