Doing Discovery in Japan? Ganbatte! Privacy, Propriety, and Preparation
Inside the current data privacy landscape in Japan, with key logistical and cultural issues that practitioners should consider when seeking or conducting discovery in the country.
March 06, 2018 at 08:00 AM
7 minute read
Okaerinasai, or welcome back, to this article series on conducting discovery in Japan. Part I of this series discussed how the 2015 amendments to the U.S. Federal Rules of Civil Procedure have affected document and data collections and discovery in Japan. The second part of this series explores the current data privacy landscape in Japan and addresses key logistical and cultural issues that practitioners should consider when seeking or conducting discovery in Japan.
Privacy & Data Protection
Japan's Act on the Protection of Personal Information (APPI), one of Asia's oldest data protection regulations, was implemented in 2003 “to protect an individual's right and interests while considering the utility of personal information.” The APPI was intended to (1) provide an overall vision and policy regarding the proper handling and protection of personal information, (2) clarify the responsibilities and obligations of the central and local governments in the protection of personal information, and (3) ensure that the proper application of personal information contributes to the creation of new industries, the realization of a vibrant economic society, and an enriched quality of life for the people of Japan.
In 2015, Japan amended the APPI to better address the exponential increase in the volume and variety of data being created by organizations, as well as the steady rise in data breaches relating to the unauthorized bartering of private information. These amendments, which went into full effect on May 30, 2017, (1) better define what constitutes “personal information” and “special care-required personal information”; (2) lay out obligations of business operators handling personal information; (3) introduce new measures relating to cross-border transfers of personal information; and (4) establish the Personal Information Protection Commission.
The amended APPI also responds to the European Union's impending General Data Protection Regulation (GDPR), which will take effect on May 25, 2018. Under the GDPR, EU citizens' data can be transferred outside the European Economic Area (EEA), which includes the European Union, Norway, Iceland and Liechtenstein, if the receiving country's level of protection has been deemed “adequate” by the European Commission. If the receiving jurisdiction has not been deemed adequate under the GDPR, EU citizens' data can be transferred outside the EEA only if the transferring entity has provided appropriate safeguards provided for in the GDPR, including binding corporate rules, model contractual clauses, and non-standard contractual clauses, or the transfer fits within a specific derogation under the GDPR.
The amendments to Japan's APPI have brought Japan's data protection framework into much closer alignment with the EU's privacy landscape, and it is expected that Japan will be granted adequacy determination by the European Commission sometime in 2018. Though there has not been any U.S. case law dealing with Japan's APPI so far, Japanese and foreign entities should strongly consider it when dealing with data that may contain personal information.
Japanese Business Culture
Japanese business culture values concepts such as tradition, hierarchy, cooperation, patience and trust. Long-term relationships are the most trusted, and it takes time to build these relationships. These concepts extend into all aspects of Japanese life, including the daily business culture.
Japan's corporate environment differs from the West in many respects, from how business cards are exchanged to where people sit in business meetings or stand in elevators. Unsurprisingly, these differences extend into how technology is used in the corporate setting. Company-owned devices, for example, are typically not used for personal reasons in Japan, and collecting data from company-owned devices can present a host of technological challenges.
Another example is that in Japan, documents are most often saved to shared sites and not on employee computers, and paper documents are stored in central filing areas, not within employee-specific locations. Moreover, because many Japanese companies still rely on hard copy documents, digitizing these documents can be burdensome and time-consuming. Often, data cannot be removed from on-site locations, and vendors need to handle—or contract with—onsite scanning or copying resources.
It would be impossible to appreciate every nuance of the Japanese culture and corporate environment, but it behooves foreign legal practitioners to learn as much as they can and to lean on appropriate resources as necessary.
Four Practical Considerations
Once you understand the legal, business and cultural aspects of conducting discovery in Japan or seeking documents and data from Japan, you should keep in mind a few key practical considerations that will help you in your efforts.
Do engage the right vendor: The importance of finding the right technology vendor cannot be overstated. Ideally, your vendor should have a local presence in Japan; native fluency in the Japanese language; proven technological expertise in Japanese data architecture, programs and systems; and an established mastery of the cultural, legal and regulatory environment in Japan. You should also seek to secure a vendor that has the industry-specific experience, such as pharmaceutical, financial services, automotive or electronics, most related to your matter.
Don't expect the vendor to do everything: As you may imagine, conducting discovery in Japan is not a “set it and forget it” endeavor. Building and maintaining trust in your chosen vendor(s) is important, but legal practitioners must stay closely involved in the major (and oftentimes daily) decisions relating to the vendors' activities, which usually involve and affect every stage of the EDRM lifecycle. Though technology vendors can provide invaluable insight into the discovery process, legal practitioners should ultimately be driving decisions relating to discovery. These decisions may relate, for example, to defensible data collection, the use of analytics or technology assisted review, scope of responsiveness, timing of document productions, and ongoing preservation and hardware decommissioning decisions.
Practitioners also have a duty to promptly and properly inform data vendors of the duty to preserve client data, and to monitor vendor compliance. Practitioners must also review and adjust privacy and data protection agreements with vendors to ensure compliance with the recent APPI amendments discussed above.
Do devise the right workflow: Will the review take place in Japan or the U.S.? Will you need to use Japanese language reviewers, Japanese-to-English translations, or both? If you are going with translations, will machine translations suffice or will you need to secure human translations? Will translators be needed for on-site collections? Where will the data be hosted? What happens moving forward, as new data and documents are created? These are just a few of the nuanced issues that you will need to think through when constructing the right workflow for your matter. Given the complexities and differences in legal systems, language, technology and culture discussed in this article series, a general rule here is “measure twice (or three times) and cut once.”
Don't expect the work to flow perfectly: Regardless of the prior paragraph, don't expect everything to go according to plan. You will most likely run into some snags in your workflow, no matter how perfect it is. Conducting discovery in Japan or any foreign jurisdiction can be daunting, and preparation, resiliency and maneuverability are keys to success. Therefore, you should plan judiciously, anticipate hiccups, be flexible, have the right team in place, and learn from your missteps. And, most importantly, ganbatte!
Michael C. Zogby is a partner in the Products Liability & Mass Tort department at Drinker Biddle & Reath LLP, and he is co-lead of the firm's Pharma and Life Sciences Industry Group. Yodi S. Hailemariam is a senior associate in the firm's Information Governance and E-Discovery practice group.
This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.
To view this content, please continue to their sites.
Not a Lexis Subscriber?
Subscribe Now
Not a Bloomberg Law Subscriber?
Subscribe Now
NOT FOR REPRINT
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
You Might Like
View AllTrending Stories
Who Got The Work
Michael G. Bongiorno, Andrew Scott Dulberg and Elizabeth E. Driscoll from Wilmer Cutler Pickering Hale and Dorr have stepped in to represent Symbotic Inc., an A.I.-enabled technology platform that focuses on increasing supply chain efficiency, and other defendants in a pending shareholder derivative lawsuit. The case, filed Oct. 2 in Massachusetts District Court by the Brown Law Firm on behalf of Stephen Austen, accuses certain officers and directors of misleading investors in regard to Symbotic's potential for margin growth by failing to disclose that the company was not equipped to timely deploy its systems or manage expenses through project delays. The case, assigned to U.S. District Judge Nathaniel M. Gorton, is 1:24-cv-12522, Austen v. Cohen et al.
Who Got The Work
Edmund Polubinski and Marie Killmond of Davis Polk & Wardwell have entered appearances for data platform software development company MongoDB and other defendants in a pending shareholder derivative lawsuit. The action, filed Oct. 7 in New York Southern District Court by the Brown Law Firm, accuses the company's directors and/or officers of falsely expressing confidence in the company’s restructuring of its sales incentive plan and downplaying the severity of decreases in its upfront commitments. The case is 1:24-cv-07594, Roy v. Ittycheria et al.
Who Got The Work
Amy O. Bruchs and Kurt F. Ellison of Michael Best & Friedrich have entered appearances for Epic Systems Corp. in a pending employment discrimination lawsuit. The suit was filed Sept. 7 in Wisconsin Western District Court by Levine Eisberner LLC and Siri & Glimstad on behalf of a project manager who claims that he was wrongfully terminated after applying for a religious exemption to the defendant's COVID-19 vaccine mandate. The case, assigned to U.S. Magistrate Judge Anita Marie Boor, is 3:24-cv-00630, Secker, Nathan v. Epic Systems Corporation.
Who Got The Work
David X. Sullivan, Thomas J. Finn and Gregory A. Hall from McCarter & English have entered appearances for Sunrun Installation Services in a pending civil rights lawsuit. The complaint was filed Sept. 4 in Connecticut District Court by attorney Robert M. Berke on behalf of former employee George Edward Steins, who was arrested and charged with employing an unregistered home improvement salesperson. The complaint alleges that had Sunrun informed the Connecticut Department of Consumer Protection that the plaintiff's employment had ended in 2017 and that he no longer held Sunrun's home improvement contractor license, he would not have been hit with charges, which were dismissed in May 2024. The case, assigned to U.S. District Judge Jeffrey A. Meyer, is 3:24-cv-01423, Steins v. Sunrun, Inc. et al.
Who Got The Work
Greenberg Traurig shareholder Joshua L. Raskin has entered an appearance for boohoo.com UK Ltd. in a pending patent infringement lawsuit. The suit, filed Sept. 3 in Texas Eastern District Court by Rozier Hardt McDonough on behalf of Alto Dynamics, asserts five patents related to an online shopping platform. The case, assigned to U.S. District Judge Rodney Gilstrap, is 2:24-cv-00719, Alto Dynamics, LLC v. boohoo.com UK Limited.
Featured Firms
Law Offices of Gary Martin Hays & Associates, P.C.
(470) 294-1674
Law Offices of Mark E. Salomone
(857) 444-6468
Smith & Hassler
(713) 739-1250