Is the SEC Coming for Your Texts? SEC’s New Enforcement Director Telegraphs a Warning to Registrants About Improper Use of Personal Devices for Business-Related Communications

The U.S. Securities and Exchange Commission (SEC) Division of Enforcement is stepping up investigative efforts looking at registered firms’ use of personal devices for business communications, which can implicate their recordkeeping obligations and result in failure to retain and produce responsive business-related communications in SEC investigations. These risks are particularly acute in the current work-from-home posture at many firms, where employees may more easily blur the line between personal and business communications. Firms should review their policies, procedures, and communication monitoring to ensure that employees are not engaging in business-related communications outside of the firm’s official channels and in a manner that the firm is unable to capture and preserve if required.

(more…)

Stephen L. Cohen

Washington, D.C., Boston, ...

scohen@sidley.com

The Burden of Privacy In Discovery

*This article first appeared on Judicature in Summer 2021

With the proliferation of social media platforms and other new technologies has come a renewed legal focus on privacy. Most of that focus has centered on data collection, storage, sharing, and, in particular, third-party transactions in which customer information is harnessed for advertising purposes. But what about other contexts? Could a party, for instance, decline to produce, review, or even collect certain types of data due to privacy concerns? Should privacy be considered a “burden” under the proportionality analysis required by Federal Rule of Civil Procedure Rule 26(b)?

In this essay, Robert D. Keeling and Ray Mangum, a partner and associate, respectively, at Sidley Austin LLP, argue that privacy should be considered a burden under Rule 26(b).

(more…)

Using Data De-Identification to Protect Companies

Many companies hope to benefit from amassing large amounts of data by mining it for market insights, creating internal business models, and supporting strategic, data-driven decisions. But as companies collect and store increasingly enormous volumes of data, they may unknowingly take on significant legal risks, including potential violations of data privacy laws and increased exposure to U.S. litigation discovery obligations. One way that businesses can mitigate these risks is to de-identify the data they collect and store.

(more…)