AlixPartners director David White has investigated financial fraud as part of the US Department of Justice’s multi-agency bank fraud taskforce, and has served as special e-discovery counsel for numerous multinational Fortune 100 companies. Asia Business Law Journal tapped his knowledge on data localization and other protection issues
Explain data localization, how it may apply to companies large and small, and why in-house counsel and law firms need to be familiar with its implications?
Data localization refers to legal requirements that data be stored within a certain jurisdiction. These requirements come in a number of different flavours, each driven by a different motivation.
The motivations can be based on national security and defence, cyber security and crime prevention, anti-terrorism and government surveillance, data privacy and protection of citizens, or quelling political dissent and opposition.
The types of data that are required to be maintained in the jurisdiction, and the way the data must be maintained, is typically driven by the underlying motivations. For example, law protecting national security and defence typically prohibits the export of any data that falls within the definition of the regulations. China’s state secret laws, which make the export of any state secrets a criminal act, are a well known example. A lesser known example is the South Korean prohibition on the export of map data, though any foreigner who has tried to use Google maps when navigating Seoul has felt their impact.
Where surveillance and law enforcement gain access to information is the driving motivation, be it for anti-terrorism, stopping cybercrime or quelling dissent, and the laws typically apply to telecoms and internet service provider data. Rather than prohibiting export, they also tend to only require that a copy remain within the jurisdiction. Laws focused on data privacy and consumer protection tend to allow export, but with caveats that data will be properly protected after they are transported out of the country.
You must be a
to read this content, please
David White specializes in information life cycle governance, with a focus on electronic discovery, data privacy and security, litigation analytics, and regulatory compliance. He is a former Am Law 100 commercial litigator with more than 20 years of experience in assisting companies in complex litigation and regulatory investigations in the areas of electronic discovery, data analytics, compliance audits, data breaches, and forensic investigations. He is also a certified Six Sigma Green Belt and uses lean Six Sigma and project management methodologies to develop and implement cost-effective and efficient compliance protocols.