Bloomberg Law’s combination of innovative analytics, research tools and practical guidance provides you with everything you need to be a successful litigator.
Kroll Ontrack's Kate Chan discusses the Chinese and U.S. laws and cultural issues that must be understood in order to conduct successful data collection and analysis in China.
By Kate Chan
Kate Chan (KChan@KrollOntrack.com) is the Regional Managing Director of Kroll Ontrack's Legal Technologies unit in the Asia Pacific. She is a native of Hong Kong, fluent in both Mandarin and Cantonese. A New York lawyer educated in New York City, she has extensive experience in conducting eDiscovery in both the United States and Asia.
Karissa Plachecki, Kroll Ontrack law clerk, assisted with the development of this article.
Doing business in China may have its economic advantages, but it is not without its challenges. As many multinational corporations and their counsel have experienced first-hand, doing business in China comes with its own set of laws, practices and customs that often time clash with U.S. legal obligations. Specifically, when it comes to collection, review and production of data in legal proceedings, the conflict between China's guarding of data and the United States' demands for production make eDiscovery in China a balancing act.
While China has an abundance of laws, China doesn't have a single data protection law that specifically addresses the collection, storage, transmission and operation of personal information.
That said, there are certain privacy laws that a practitioner should be aware of before conducting eDiscovery; specifically, laws concerning the regulation of information which employers are able to access without consent.
As China does not formally require discovery, it is often a challenge to explain the purpose of discovery to employees. However, even if employers were to obtain information with consent, they would face another hurdle: China's State Secrets Laws.
China's State Secrets Laws prohibit the disclosure of information that is classified as a “state secret,” which is loosely defined as “matters that have a vital bearing on state security and national interests and, as specified by legal procedure, are entrusted to a limited number of people for a given period of time.” This definition is intentionally vague and broad to provide the government with flexibility.
To complicate matters, a document can be determined to be a “state secret” at any time, even if its production was previously allowed.
In the past, this law has been applied not only to information such as national defense, but also to mundane, everyday information that most Westerners would never consider to be a “state secret.”
While steps have been taken by the Chinese government to promote the appearance of transparency and deter the arbitrary invocation of the States Secrets laws, the fact remains that understanding what information constitutes a “state secret” is still somewhat unclear.
When dealing with a Chinese entity (be it a corporation or a subsidiary) in an eDiscovery matter, practitioners must understand that the company's information itself may actually be a “state secret.”
Many businesses, including small ones, are owned by the state or by those who possess political influence, making their data subject to the State Secrets laws.
What becomes more challenging for practitioners is that because what constitutes a “state secret” is so arbitrary, the document may not be classified as a “state secret” until it has already been disclosed in litigation and it is too late.
Therefore, practitioners need to tread with caution and process data locally because unauthorized possession (even by counsel) or transmission of these secrets outside of the country can result in severe punishment. Punishments can include fines, surveillance and even life imprisonment.
Another subset of Chinese privacy laws that a legal practitioner should be aware of are the Anti-Terrorism laws. These laws require “[t]elecommunications operators and internet service providers” to “provide technical interfaces, decryption and other technical support assistance to public security organs and state security organs conducting prevention and investigation of terrorist activities in accordance with law,” and “put into practice network security systems and information content monitoring systems, technical prevention and safety measures, to avoid the dissemination of information with terrorist or extremist content.”
These laws are important because they could be applied broadly outside ISPs and telecommunication companies and govern how companies in China need to store and produce data.
Companies are responsible for the way their data is handled and must report anything that may qualify as a terrorist activity, so companies should impose a “red flag” alert for their data. Additionally, companies need to be prepared to produce data to the Chinese government upon request under these laws.
In addition to the relevant Chinese laws, practitioners need to be aware of relevant United States laws that affect eDiscovery. One such law of importance is the “Foreign Corrupt Practices Act” (FCPA).
The FCPA was implemented to combat the volume of corrupt U.S. companies engaging in bribery to further business. Enforced by the Department of Justice and the Securities and Exchange Commission, investigation and enforcement of this act has multiplied over the last couple decades, making it necessary for companies to ensure that their employees faithfully comply.
After all, an FCPA investigation is burdensome, and the civil and criminal penalties levied are often millions of dollars. While the FCPA applies to bribes made to government officials (a very broad term in China), it also applies to bribes that may be made to or by “agents,” therefore not allowing an entity to evade this act by utilizing a third party. Although the act is not designed to prohibit any and all forms of business gift giving, these gifts needs to be done transparently and recorded as such. The FCPA becomes relevant in eDiscovery when a company is subjected to an investigation, since a massive amount of data from the host country will need to be extracted. As has been discussed, Chinese laws tend to restrict the production of data, while in contrast, U.S. laws demand it, creating a balancing act for companies. Unfortunately, U.S. courts tend to be unsympathetic to the difficulties of retrieving data from more restrictive countries.
In China, there are particular challenges for companies seeking to abide by the FCPA. Corruption and bribery are a normal part of the Chinese business environment and, while China is by no means the most corrupt country in the world, it does not have the amount of anti-corruption regulations that are in the United States. The most recent information from Transparency International ranked China at 37 out of 100 on the Corruptions Perception Index, on a scale where zero is the most corrupt.
In the background is the cultural notion of guanxi, translated as “relationships.” Guanxi is a form of networking in which business relationships are formed and maintained, leading to a sort of quid pro quo, which is essential to conducting business in China.
Guanxi does not require that these relationships be cemented with bribes and fraud, but the lines between them are blurred. Employers need to be vigilant and proactive in taking steps to conduct internal checks, monthly interrogations of high risk individuals, and also screen potential employees.
The DOJ and SEC have several ways in which they are commonly notified about a FCPA violation. They include tips from informants or whistleblowers, self-reports, public disclosures that are made by companies, and also referrals from other agencies or offices. Public sources, such as media reports and trade publications, can alert these departments as well.
Even if a company's employees violate the FCPA, there are steps that a company can take to reduce their liability. One such step is to have an effective compliance and ethics program in place, which can reduce the fines a company receives.
Other steps an organization can take to reduce fines is self-reporting, cooperation and acceptance of responsibility.
Conversely, fines can be increased if an organization delays reporting the offense. Because of the ability to mitigate the fines in the event of a violation, companies need to be sure to have an effective compliance and reporting protocol in place, and also have a reliable data extraction plan ready in order to comply with any orders the departments may issue.
Progressive companies may even seek to pre-emptively deploy eDiscovery technology to enable proactive monitoring of various key words used in communications, making downstream data extraction and production seamless.
The contrasting culture between the United States and China can't be understated, especially in regard to language because English is generally not spoken for business. Mandarin is the most prevalent, and official, language in China; however, there are several dialects.
These language differences can have a tremendous impact on eDiscovery. Communication with local custodians is likely to be difficult because of the language barrier; you will need a translator.
A practitioner must use a discovery tool that can process data and run searches in multiple languages, and specifically, master the difference between traditional and simplified Chinese characters, a difficulty compounded by the variety of languages and dialects used in China.
It is also important to have a Chinese consultant validate your search results because the search engine tokenization using Chinese characters is not always accurate.
While the culture in the United States focuses on the individual, Chinese culture contains a concept called “Familism.” Familism is a social convention in which the needs of the family are placed above the needs of the individual family members.
Many employers in China will hire their family members. As a result, if there is an investigation, employees will often go out of their way to protect their boss, as a boss is often a family member.
Familism is important to Chinese eDiscovery for two reasons. First, the familial networks of the company can make it difficult to enforce corporate compliance; corporate rules need to be clearly defined.
Second, familism can make data collection difficult. Practitioners need to be prepared to act quickly, since it is not unheard of for family members to delete any potentially incriminating data.
A data collection team may even need to go in under pretext in order to avoid raising suspicions and to preserve the data. Any computer forensic expert conducting data collection in China needs to know where to look as the data may not be where, or with whom, it is expected.
As China's economy has expanded, its legal system has lagged behind in eDiscovery. Unlike the United States, China does not have formal eDiscovery obligations for litigation. In fact, discovery may not be eDiscovery at all, as paper documents are still routinely in use.
In general, the Chinese do not like to have any of their data inspected, especially since personal and business data are often stored together. Chinese data custodians may not be forthcoming with information and may sometimes be hostile, even deleting data as soon as they hear that there may be a request for information.
Also, many of the manufacturing and production plants in China are located in remote locations, where English is not spoken and street maps don't exist. It is important to be as broad as possible when collecting data in these remote locations with the potential for information to be deleted, or the factory literally being barricaded after departure. There may only be the one chance to gather everything that is needed.
Despite the difficulties, it is possible to conduct successful eDiscovery in China. Below are suggestions for practitioners in overcoming the challenges discussed.
One of the benefits of mobile eDiscovery collection is the physical mobility that allows the data to remain on location as the capture, processing and filtering of data can be done anywhere. Also, mobility brings the opportunity to work more efficiently. Mobility allows the eDiscovery collection to be leveraged as an early case assessment tool because of the ability to perform quick searches and provide extensive on-the-fly reporting. Furthermore, because the equipment would be onsite, there is no need to implement or deploy applications behind the client's firewall.
Another benefit of mobile eDiscovery is the control it provides. Data can be analyzed and examined across multiple devices on location while utilizing a self-contained network of technologies.
Additionally, mobile eDiscovery allows for compliance and confidentiality. Conducting the collection of data on site makes it easier to comply with China's privacy laws, as well as screen information to comply with the State Secrets law. Private or privileged documents can be segregated so that sensitive data can be identified and left behind. This also makes it possible to preserve or send only “potentially relevant” documents, thus reducing the number that will need to be transferred out of the country.
Finally, a mobile eDiscovery solution helps control costs. Using technology on site can reduce the time and money it takes to collect relevant data. Using technology such as TAR can further assist by reducing the number of documents that will have to be review by legal counsel. Conducting discovery in this manner can cost much less than a full-blown, cross-border eDiscovery exercise.
eDiscovery in China can be a daunting task as companies need to find equilibrium between two very different legal and social systems. But with preparation, knowledge and the right tools, eDiscovery in China can not only be possible, but also successful.
Copyright © 2016 The Bureau of National Affairs, Inc. All Rights Reserved.
All Bloomberg BNA treatises are available on standing order, which ensures you will always receive the most current edition of the book or supplement of the title you have ordered from Bloomberg BNA’s book division. As soon as a new supplement or edition is published (usually annually) for a title you’ve previously purchased and requested to be placed on standing order, we’ll ship it to you to review for 30 days without any obligation. During this period, you can either (a) honor the invoice and receive a 5% discount (in addition to any other discounts you may qualify for) off the then-current price of the update, plus shipping and handling or (b) return the book(s), in which case, your invoice will be cancelled upon receipt of the book(s). Call us for a prepaid UPS label for your return. It’s as simple and easy as that. Most importantly, standing orders mean you will never have to worry about the timeliness of the information you’re relying on. And, you may discontinue standing orders at any time by contacting us at 1.800.960.1220 or by sending an email to firstname.lastname@example.org.
Put me on standing order at a 5% discount off list price of all future updates, in addition to any other discounts I may quality for. (Returnable within 30 days.)
Notify me when updates are available (No standing order will be created).
This Bloomberg BNA report is available on standing order, which ensures you will all receive the latest edition. This report is updated annually and we will send you the latest edition once it has been published. By signing up for standing order you will never have to worry about the timeliness of the information you need. And, you may discontinue standing orders at any time by contacting us at 1.800.372.1033, option 5, or by sending us an email to email@example.com.
Put me on standing order
Notify me when new releases are available (no standing order will be created)