David Shonka, data privacy and security partner at Redgrave LLP

As courts and regulators continue coming to grips with technology's testing of legal limits, an influential figure is stepping down from government and into the private sector.

On March 26, Federal Trade Commission (FTC) acting general counsel David Shonka stepped down from his role to join Redgrave LLP as partner in the law firm's privacy and security practice. A member of Sedona Conference's Steering Committee for cross-border data transfers, Shonka's expertise touches on cybersecurity, e-discovery, privacy and where the three intersect.

LTN recently spoke with Shonka about the biggest technology challenges he faced at the FTC, the complications ahead and how he hopes to help. This interview has been condensed for length.

Legaltech News: What are some of the biggest issues you faced in the FTC regarding privacy, security and data transfers, and how did you go about tackling them?

David Shonka: The biggest issues facing the FTC are probably those facing any government agency today, and that is trying to allocate resources to acquire the tools you need to do the job and to make sure they're working right.

In a way, I think it's no longer necessary or critical for the government to have the very latest, best and brightest piece of equipment in the tool shed. It'll never happen just as a practical matter. One, there aren't the resources. Two, there's always the lag, the time between when something comes out and gets adequately tested and poked and pinched all that stuff to make sure it works. So by the time it goes live, it won't be the latest and greatest.

But that said, if people use the tools they have wisely, they can do a lot, and in most cases they can do whatever they need to do. I think that's especially true on the e-discovery side. It's a matter of using what you have wisely and well, and going from there.

In your role at the FTC, when you were presented with issues around privacy and technology, how much learning did that require on your part, and how did you go about doing it?

Obviously it didn't all pop into my head at once. And frankly, speaking of my own experience, it was sort of an evolution. I came into this general counsel office on the litigation side, and I've always had an appreciation of discovery and those sorts of issues, but of course faced it directly with the 2006 [Federal Rules of Civil Procedure amendments] . That really brought everything into focus for a lot of people. And [it factored] in some of the cases I'd worked on, as did organizing the agency's first e-discovery steering community, being the first chair of that, organizing and setting things up in a way to try to make sure we're all on one page.

The more I got into that, it was a realization: that e-discovery is really, at the bottom, just an application of information governance. As a practical matter, if you don't have your information, if there's no governance, you don't know what you have, and if you don't know what you have, you don't know if you've discovered it all. And you can't represent what you have.

Of course privacy fits into that, and especially in [the FTC], there's an awareness of it. And as you start thinking about privacy, you start realizing there's no privacy without data security, and that privacy itself is also a piece of information governance. Again, if you don't have control over your documents, you can't really guarantee privacy, and if you don't have security, you also don't really have privacy.

Next thing you know, I find myself thinking about four big areas that are actually one. It's sort of a unified theory, and then the rest is sort of just trying to keep my head from exploding.

From what you're seeing out there, what's the next big legal issue we'll face with technology? How ready is the government to handle it?

Even ten years ago, no one was talking about some of the social media things that are out there today, and I don't think anyone was seriously thinking about autonomous vehicles and the internet of things. The estimates as to how big it would become have consistently underestimated.

Things are going to get more complicated before they get easier or more routine. But the big issue going forward is going to be figuring out the boundaries—and I don't just mean the international boundaries, but where do you draw the line between what's personal and what's out there, what's privileged and what's confidential? These are unique and discreet legal terms, but on the other hand, they have real meaning and real practical applications.

Nobody is ever going to doubt the value of things like big data and artificial intelligence and all these things that are here and growing. On the other hand, I don't know that anyone is yet anticipating all the possible problems that you can get with these technologies. And the question is how to use them without destroying all privacy or individuality, and how much intrusion is too much intrusion.

What are your goals at Redgrave?

It's really a matter of seeing and helping the law and the practice evolve in a way that will address some of these issues. I sincerely hope I can be around long enough so some of this stuff works. It may be 20 or 30 years. I hope it isn't. I'd like to see the resolution be done in my lifetime.

Do you think that's a likely scenario with governmental pace?

It's something that absolutely has to be addressed. And when something has to be done, people find a way to get it done. I hope I can help get it done.