*This article first appeared on Judicature in Summer 2021
With the proliferation of social media platforms and other new technologies has come a renewed legal focus on privacy. Most of that focus has centered on data collection, storage, sharing, and, in particular, third-party transactions in which customer information is harnessed for advertising purposes. But what about other contexts? Could a party, for instance, decline to produce, review, or even collect certain types of data due to privacy concerns? Should privacy be considered a “burden” under the proportionality analysis required by Federal Rule of Civil Procedure Rule 26(b)?
In this essay, Robert D. Keeling and Ray Mangum, a partner and associate, respectively, at Sidley Austin LLP, argue that privacy should be considered a burden under Rule 26(b).
Many companies hope to benefit from amassing large amounts of data by mining it for market insights, creating internal business models, and supporting strategic, data-driven decisions. But as companies collect and store increasingly enormous volumes of data, they may unknowingly take on significant legal risks, including potential violations of data privacy laws and increased exposure to U.S. litigation discovery obligations. One way that businesses can mitigate these risks is to de-identify the data they collect and store.