eDiscovery in China:Mastering the Laws by Understanding the Culture

Bloomberg Law’s combination of innovative analytics, research tools and practical guidance provides you with everything you need to be a successful litigator.

Bloomberg Law Insight

Kroll Ontrack's Kate Chan discusses the Chinese and U.S. laws and cultural issues that must be understood in order to conduct successful data collection and analysis in China.

Kate Chan

By Kate Chan

Kate Chan (KChan@KrollOntrack.com) is the Regional Managing Director of Kroll Ontrack's Legal Technologies unit in the Asia Pacific. She is a native of Hong Kong, fluent in both Mandarin and Cantonese. A New York lawyer educated in New York City, she has extensive experience in conducting eDiscovery in both the United States and Asia.

Karissa Plachecki, Kroll Ontrack law clerk, assisted with the development of this article.

Doing business in China may have its economic advantages, but it is not without its challenges. As many multinational corporations and their counsel have experienced first-hand, doing business in China comes with its own set of laws, practices and customs that often time clash with U.S. legal obligations. Specifically, when it comes to collection, review and production of data in legal proceedings, the conflict between China's guarding of data and the United States' demands for production make eDiscovery in China a balancing act.

State Secrets, Privacy, and Anti-Terror Laws in China

While China has an abundance of laws, China doesn't have a single data protection law that specifically addresses the collection, storage, transmission and operation of personal information.

That said, there are certain privacy laws that a practitioner should be aware of before conducting eDiscovery; specifically, laws concerning the regulation of information which employers are able to access without consent.

As China does not formally require discovery, it is often a challenge to explain the purpose of discovery to employees. However, even if employers were to obtain information with consent, they would face another hurdle: China's State Secrets Laws.

China's State Secrets Laws prohibit the disclosure of information that is classified as a “state secret,” which is loosely defined as “matters that have a vital bearing on state security and national interests and, as specified by legal procedure, are entrusted to a limited number of people for a given period of time.” This definition is intentionally vague and broad to provide the government with flexibility.

To complicate matters, a document can be determined to be a “state secret” at any time, even if its production was previously allowed.

In the past, this law has been applied not only to information such as national defense, but also to mundane, everyday information that most Westerners would never consider to be a “state secret.”

While steps have been taken by the Chinese government to promote the appearance of transparency and deter the arbitrary invocation of the States Secrets laws, the fact remains that understanding what information constitutes a “state secret” is still somewhat unclear.

When dealing with a Chinese entity (be it a corporation or a subsidiary) in an eDiscovery matter, practitioners must understand that the company's information itself may actually be a “state secret.”

Many businesses, including small ones, are owned by the state or by those who possess political influence, making their data subject to the State Secrets laws.

What becomes more challenging for practitioners is that because what constitutes a “state secret” is so arbitrary, the document may not be classified as a “state secret” until it has already been disclosed in litigation and it is too late.

Therefore, practitioners need to tread with caution and process data locally because unauthorized possession (even by counsel) or transmission of these secrets outside of the country can result in severe punishment. Punishments can include fines, surveillance and even life imprisonment.

Another subset of Chinese privacy laws that a legal practitioner should be aware of are the Anti-Terrorism laws. These laws require “[t]elecommunications operators and internet service providers” to “provide technical interfaces, decryption and other technical support assistance to public security organs and state security organs conducting prevention and investigation of terrorist activities in accordance with law,” and “put into practice network security systems and information content monitoring systems, technical prevention and safety measures, to avoid the dissemination of information with terrorist or extremist content.”

These laws are important because they could be applied broadly outside ISPs and telecommunication companies and govern how companies in China need to store and produce data.

Companies are responsible for the way their data is handled and must report anything that may qualify as a terrorist activity, so companies should impose a “red flag” alert for their data. Additionally, companies need to be prepared to produce data to the Chinese government upon request under these laws.

FCPA Investigations in the U.S. Lead to eDiscovery in China

In addition to the relevant Chinese laws, practitioners need to be aware of relevant United States laws that affect eDiscovery. One such law of importance is the “Foreign Corrupt Practices Act” (FCPA).

The FCPA was implemented to combat the volume of corrupt U.S. companies engaging in bribery to further business. Enforced by the Department of Justice and the Securities and Exchange Commission, investigation and enforcement of this act has multiplied over the last couple decades, making it necessary for companies to ensure that their employees faithfully comply.

After all, an FCPA investigation is burdensome, and the civil and criminal penalties levied are often millions of dollars. While the FCPA applies to bribes made to government officials (a very broad term in China), it also applies to bribes that may be made to or by “agents,” therefore not allowing an entity to evade this act by utilizing a third party. Although the act is not designed to prohibit any and all forms of business gift giving, these gifts needs to be done transparently and recorded as such. The FCPA becomes relevant in eDiscovery when a company is subjected to an investigation, since a massive amount of data from the host country will need to be extracted. As has been discussed, Chinese laws tend to restrict the production of data, while in contrast, U.S. laws demand it, creating a balancing act for companies. Unfortunately, U.S. courts tend to be unsympathetic to the difficulties of retrieving data from more restrictive countries.

In China, there are particular challenges for companies seeking to abide by the FCPA. Corruption and bribery are a normal part of the Chinese business environment and, while China is by no means the most corrupt country in the world, it does not have the amount of anti-corruption regulations that are in the United States. The most recent information from Transparency International ranked China at 37 out of 100 on the Corruptions Perception Index, on a scale where zero is the most corrupt.

In the background is the cultural notion of guanxi, translated as “relationships.” Guanxi is a form of networking in which business relationships are formed and maintained, leading to a sort of quid pro quo, which is essential to conducting business in China.

Guanxi does not require that these relationships be cemented with bribes and fraud, but the lines between them are blurred. Employers need to be vigilant and proactive in taking steps to conduct internal checks, monthly interrogations of high risk individuals, and also screen potential employees.

Notice to the U.S. Government

The DOJ and SEC have several ways in which they are commonly notified about a FCPA violation. They include tips from informants or whistleblowers, self-reports, public disclosures that are made by companies, and also referrals from other agencies or offices. Public sources, such as media reports and trade publications, can alert these departments as well.

Reducing Corporate Liability

Even if a company's employees violate the FCPA, there are steps that a company can take to reduce their liability. One such step is to have an effective compliance and ethics program in place, which can reduce the fines a company receives.

Other steps an organization can take to reduce fines is self-reporting, cooperation and acceptance of responsibility.

Conversely, fines can be increased if an organization delays reporting the offense. Because of the ability to mitigate the fines in the event of a violation, companies need to be sure to have an effective compliance and reporting protocol in place, and also have a reliable data extraction plan ready in order to comply with any orders the departments may issue.

Progressive companies may even seek to pre-emptively deploy eDiscovery technology to enable proactive monitoring of various key words used in communications, making downstream data extraction and production seamless.

Cultural Differences: Language

The contrasting culture between the United States and China can't be understated, especially in regard to language because English is generally not spoken for business. Mandarin is the most prevalent, and official, language in China; however, there are several dialects.

These language differences can have a tremendous impact on eDiscovery. Communication with local custodians is likely to be difficult because of the language barrier; you will need a translator.

A practitioner must use a discovery tool that can process data and run searches in multiple languages, and specifically, master the difference between traditional and simplified Chinese characters, a difficulty compounded by the variety of languages and dialects used in China.

It is also important to have a Chinese consultant validate your search results because the search engine tokenization using Chinese characters is not always accurate.

Familism and Work Culture

While the culture in the United States focuses on the individual, Chinese culture contains a concept called “Familism.” Familism is a social convention in which the needs of the family are placed above the needs of the individual family members.

Many employers in China will hire their family members. As a result, if there is an investigation, employees will often go out of their way to protect their boss, as a boss is often a family member.

Familism is important to Chinese eDiscovery for two reasons. First, the familial networks of the company can make it difficult to enforce corporate compliance; corporate rules need to be clearly defined.

Second, familism can make data collection difficult. Practitioners need to be prepared to act quickly, since it is not unheard of for family members to delete any potentially incriminating data.

A data collection team may even need to go in under pretext in order to avoid raising suspicions and to preserve the data. Any computer forensic expert conducting data collection in China needs to know where to look as the data may not be where, or with whom, it is expected.

Developing Economy; Developing Legal System

As China's economy has expanded, its legal system has lagged behind in eDiscovery. Unlike the United States, China does not have formal eDiscovery obligations for litigation. In fact, discovery may not be eDiscovery at all, as paper documents are still routinely in use.

In general, the Chinese do not like to have any of their data inspected, especially since personal and business data are often stored together. Chinese data custodians may not be forthcoming with information and may sometimes be hostile, even deleting data as soon as they hear that there may be a request for information.

Also, many of the manufacturing and production plants in China are located in remote locations, where English is not spoken and street maps don't exist. It is important to be as broad as possible when collecting data in these remote locations with the potential for information to be deleted, or the factory literally being barricaded after departure. There may only be the one chance to gather everything that is needed.

Practice Tips for Maneuvering The Balancing Act

Despite the difficulties, it is possible to conduct successful eDiscovery in China. Below are suggestions for practitioners in overcoming the challenges discussed.

  • Balance Data Production and Protection. To manage conflicting demands effectively, practitioners need to understand the scope and purpose of the data requests, including the types and locations of the data to be produced. The company's obligations under all applicable laws with respect to the information requested must be understood in order to avoid accidentally violating a regulation. Also, the data production process needs to be closely monitored to avoid inadvertent disclosure of protected information.
  • Review Responsive Documents and Protect Privileged Data. Timely access to and control of data is crucial, and requires understanding and knowledge of where the data is housed and whether there is access to it. Practitioners should consider having their client/employer issue a document retention notice to suspend any regularly scheduled document destruction practices and prohibit employees from destroying documents. Once the data collection is complete, a thorough review should be conducted by legal counsel in order to identify all responsive documents and subset of responsive documents which contain privileged or protected data.
  • Always Use Local Resources. In a 2015 Kroll Ontrack survey of law firm and corporate lawyers in China, only four percent of respondents indicated that there was no need to process data locally. By choosing an eDiscovery partner with both a local presence and experience in handling cases in China, the risks and obstacles associated with removing data from the country can be mitigated. Local experts not only understand the technical side of eDiscovery, but are also familiar with the local language, culture and jurisdiction. Beyond the aforementioned State Secrets laws, there are a range of other laws in China that can impede transfer of data out of the country. Such laws include those govenrm accounting archives, and also the requirement to obtain permission from the subjects under investigation.
  • Have the Right Team in Place. While choosing the most appropriate technology is an incredibly important aspect of ensuring an investigation's success, making sure your eDiscovery partner has the right experts in place is just as important. Short deadlines, ever-increasing data volumes and a complex legal environment mean that the stakes in these cases are high. A lot can go wrong very quickly if the right people are not in place to manage the investigation and plan ahead to avoid potential pitfalls. A partner with expert legal and electronic evidence consultants, computer forensic professionals, case managers and document review managers are invaluable. With their assistance, data collection, analysis and review phases of an investigation are completed on time, in a defensible and compliant manner, and within the agreed cost budget. Furthermore, having access to an experienced eDiscovery team will bring the added value of consultative advice. For example, an electronic evidence consultant may advise a client on the best way to use technology-assisted review tools to automate and compliment the document review process reliably while reducing costs.
  • Consider Diverse Data Sources. In order to make sure that all necessary data is obtained, examine all data sources. For example, evidence of fraud has been found saved on a computer as picture files. Also, in China, much of the business is conducted over WeChat (the Chinese version of WhatsApp), so it is very important to capture the chat logs and messages. Don't ignore sources of data that would be typically ignored in the course of doing business in the United States.
  • Don't Limit Your Investigation to Just One Custodian. As was discussed earlier, data may not be located where you expect. Keep an open mind and investigate multiple persons who have a stake in the company, situation or could have possibly been involved.
  • Don't be Afraid to Ask for Updates. Agree to a schedule of communication from the outset with each party in the eDiscovery exercise. Staying informed, without being bombarded with information, will go a long way to keeping the process manageable.
  • Use a Mobile Solution. If there are issues about removing data from the premises themselves, or if processing in a local data center is not possible, a mobile eDiscovery solution might be the answer. Over the past couple of years, mobile technology has become incredibly powerful at facilitating the processing, filtering and analysis of data onsite. Mobile solutions can also be used along with traditional processing by acting as a cost-efficient method of segregating and filtering out personal information, sensitive company data or privileged documents early on to protect unwanted disclosure. When conducting eDiscovery in China, companies must review and clear any state secrecy concerns and redact sensitive information prior to transporting it out of China. This in turn reduces the risks and costs associated with over-collection because irrelevant data is eliminated right away.

More on Mobile Solutions

One of the benefits of mobile eDiscovery collection is the physical mobility that allows the data to remain on location as the capture, processing and filtering of data can be done anywhere. Also, mobility brings the opportunity to work more efficiently. Mobility allows the eDiscovery collection to be leveraged as an early case assessment tool because of the ability to perform quick searches and provide extensive on-the-fly reporting. Furthermore, because the equipment would be onsite, there is no need to implement or deploy applications behind the client's firewall.

Another benefit of mobile eDiscovery is the control it provides. Data can be analyzed and examined across multiple devices on location while utilizing a self-contained network of technologies.

Additionally, mobile eDiscovery allows for compliance and confidentiality. Conducting the collection of data on site makes it easier to comply with China's privacy laws, as well as screen information to comply with the State Secrets law. Private or privileged documents can be segregated so that sensitive data can be identified and left behind. This also makes it possible to preserve or send only “potentially relevant” documents, thus reducing the number that will need to be transferred out of the country.

Finally, a mobile eDiscovery solution helps control costs. Using technology on site can reduce the time and money it takes to collect relevant data. Using technology such as TAR can further assist by reducing the number of documents that will have to be review by legal counsel. Conducting discovery in this manner can cost much less than a full-blown, cross-border eDiscovery exercise.


eDiscovery in China can be a daunting task as companies need to find equilibrium between two very different legal and social systems. But with preparation, knowledge and the right tools, eDiscovery in China can not only be possible, but also successful.

Copyright © 2016 The Bureau of National Affairs, Inc. All Rights Reserved.

Request Litigation on Bloomberg Law