E-Discovery in Asia/Pacific: U.S. litigation exposure for Asian companies

Due to expansive rules on discovery, jury trials and the size of damage awards, plaintiffs worldwide would choose to bring their claims, if possible, in U.S. courts. As such, when non-U.S. companies are performing their periodic risk analyses, they must consider their exposure to U.S. litigation, either directly or through their U.S. subsidiaries. Having such exposure means being potentially subject to liability for damages but even more likely subject to pre-trial discovery requests for paper documents and electronically stored information (ESI) (collectively “data”) under the control of the non-U.S. company. This article focuses on how non-U.S. companies, particularly those based in the Asia/Pacific region, can analyze and deal with the risks of U.S. litigation exposure to pre-trial discovery data requests. Non-U.S. parent corporations should already understand that their subsidiaries operating inside the U.S. have exposure to U.S. litigation, either through the well-established principles of personal jurisdiction or through forum selection clauses in contracts. What is not as well understood is that non-U.S. parents themselves may also have exposure to U.S. litigation pre-trial discovery requests. The U.S. Federal Rules of Civil Procedure (FRCP) used to guide U.S. civil litigation only give the responding party about 100 days to be able to fully describe their data that is responsive to a lawsuit. As such, non-U.S.-based parent corporations need to proactively evaluate their litigation exposure risks and if so exposed, prepare themselves well in advance to be able to respond quickly and fully to pre-trial discovery requests for the production of responsive corporate data. When performing such a risk analysis for U.S. litigation discovery exposure, a non-U.S. corporate parent with U.S subsidiaries must answer the following four questions:

Under the U.S. FRCP (and similar state rules), a party to a lawsuit may request the other party or a non-party to produce data. This data can involve “any non-privileged matter that is relevant to any party's claim or defense.” The responding party may voluntarily reply to these requests but if it does not, the initiating party may request a court order compelling discovery. To issue such an order, the court must have personal jurisdiction over the party who will be compelled and that party must have control of the documents (see following section). But for responding parties located outside the U.S. who control data that is the subject of a discovery production request, the court may have to consider a second set of procedural rules available from the Hague Conference on Private International Law. The Convention on the Taking of Evidence Abroad in Civil or Commercial Matters (the “Hague Convention”) is a multilateral agreement detailing procedures for requesting evidence from the authorities in another country. Almost 50 countries are currently signatories, including the U.S. Both the FRCP and the Hague Convention are considered the law of the United States. Under the Hague Convention, to obtain evidence in the other signatory country, a letter of request is transmitted to that country’s Central Authority for execution. In Aerospatiale, the U.S. Supreme Court ruled that the Hague Convention is intended as an optional supplement to obtain evidence located abroad, as opposed to the exclusive procedure for requesting such evidence. The determination of whether the Hague Convention should be utilized is based on these three factors:

A party wanting to utilize the Hague Convention has the burden of persuasion regarding its use instead of the FRCP. Article 23 of the Hague Convention allows signatories to pass laws to refuse to comply with common law discovery requests. In Asia/Pacific, only four major countries are signatories of the Hague Convention (Australia, China including Hong Kong and Macau, India, and Singapore). Each of these countries has taken an Article 23 reservation, meaning that letters of requests for discovery will not be executed by the local officials. Only China for itself (not Hong Kong or Macau) states that it will execute a letter or request that has a “direct and close connection with the subject matter of the litigation will be executed.” Even then, it may not be timely as, according to the State Department, “while it is possible to request compulsion of evidence in China pursuant to a letter rogatory or letter of request (Hague Evidence Convention), such requests have not been particularly successful in the past. Requests may take more than a year to execute.” Hong Kong, Macau, Australia, India, and Singapore will not even execute a letter of request for purposes of obtaining pre-trial discovery of documents. Australia’s declaration is typical of these: to Article 23, [we] will not execute Letters of Request issued for the purpose of obtaining pre-trial discovery of documents as known in common law countries.” As such, a responding party from an Asia/Pacific signatory country is unlikely to persuade a U.S. court to use the Hague Convention. For parties based in all other Asia/Pacific countries who are not Hague Convention signatories, a U.S. court would likely determine whether the FRCP or local rules of discovery would be used, based on two steps: first to determine whether a conflict exists between the two sets of procedural rules and second to perform a comity analysis. The comity analysis, endorsed in Aerospatiale and based on the

§442(1)(c), uses the following five factors:

Other courts have used additional factors, such as hardship, on the responding party if facing criminal sanctions for producing the data or a non-party status. In In re Vitamins, because it is not a Hague Convention signatory, Japan’s Code of Civil Procedure Law was analyzed and a conflict was found between the local law and the FRCP. Then the comity analysis found that the local procedural rules would not allow for a “prompt and efficient resolution” and so the court ordered discovery to proceed under the FRCP instead.

A U.S. court can order a non-U.S. parent corporation to produce data if the court:

A U.S. court must have personal jurisdiction over the responding party against whom production of the relevant data is sought under pre-trial discovery. The standard analysis is under “minimum contacts,” requiring the responding party to have a certain minimum level of contacts with the forum the court is situated in, as first described in

. The minimum contacts analysis under local statutes allows for jurisdiction that is either “general” or “specific.” General jurisdiction will support “a suit not arising out of or related to defendant's contacts with the forum” if the respondent has continuous and systematic contacts with the forum. Specific jurisdiction will support “a suit arising out of or related to the defendant's contacts with the forum” when the defendant has purposely availed itself of the benefits of the forum. In addition, the result must comport with due process in that it is reasonable and with sufficient notice. Under either general or specific jurisdiction, a U.S. subsidiary of a non-U.S. parent corporation doing business within the U.S. would likely come under the jurisdiction of the U.S. courts. A non-U.S. parent corporation that is doing business directly through a U.S. branch office would also. But would the non-U.S. parent corporation itself fall under the jurisdiction of U.S. courts if only its subsidiary, not the parent, is doing business in the U.S.? In

, the U.S. Supreme Court held that placing products into the stream of commerce was not sufficient contacts for personal jurisdiction over a non-U.S. (Japanese) corporation. In other cases, personal jurisdiction over non-U.S. corporations has been found. Finding of personal jurisdiction over a parent corporation under a minimum contacts analysis is very fact-specific and must be uniquely determined in each situation.

If minimum contacts between the non-U.S. parent corporation and the U.S. forum are not found, jurisdiction over the parent can still be found by looking through its U.S. subsidiary and ‘piercing the veil‘ of the parent’s U.S. subsidiary. This can apply not only when the subsidiary was set up for fraudulent or illegal purposes, but also for a legitimately organized subsidiary, depending on which of three different lines of cases, as articulated in

, is used. One precedent, termed the Cannon line of cases, holds that only by creating and then not respecting the parent/subsidiary legal differences is jurisdiction over a parent gained through a subsidiary. A second precedent, the

lines of cases, holds that personal jurisdiction over a parent may be possible if based on the extent of control the parent exerts over the subsidiary, to the point of dominating the subsidiary’s operations. This looks to factors including common ownership, financial dependency of the subsidiary, the parent’s interference with subsidiary executive selection, and the parent’s control over the subsidiary’s marketing and operational policies. A third precedent, the

line of cases, allows jurisdiction over a parent if a subsidiary engaged in functions that the parent would have to otherwise undertake. As stated by the court in

, if a subsidiary is expanding a parent’s market position in the forum, then the parent is doing business in the forum. An analysis of the parent/subsidiary relationship should consider at least the following:

Once personal jurisdiction over the non-U.S. parent has been established, a party may seek production of data in its “possession, custody, or control.” A U.S. court has the power to require the production of data located in foreign countries if the court has personal jurisdiction over the corporation in possession or control of the data. But if personal jurisdiction over a non-U.S. parent is not established, a court may still order production of data held by the non-U.S. parent through its U.S. subsidiary. In In re

, the court looked at a number of factors to determine if a U.S. subsidiary had “control” over the documents held by its non-U.S. parent. These factors included the percentage of ownership of the subsidiary by the parent and the management unity of the two companies. The court noted that the ability to compel production of data and liability for a subsidiary’s acts is distinct and that the corporate formalities cannot be “used as a screen.” Other courts have also allowed access to data held by the parent corporation, even though jurisdiction was held only over the subsidiary. In

, the court stated that a party attempting to compel a U.S. subsidiary to produce documents of its foreign parent has to show the documents were within the subsidiary’s control. Control is inclusive of: possession, the legal right to obtain documents and access to and the ability to obtain documents. This control could be shown where documents “ordinarily flow freely between parent and subsidiary” or where it could “generally obtain documents” from its non-U.S. parent to assist itself in litigation. The court held there was no control, using these factors plus the fact that the parent and subsidiary shared no computer systems or confidential customer transaction information.

Once a court has established the power over data held by a non-U.S. parent corporation, the court must then determine if it should use that power in the face of any data protection laws that may exist in the country of the parent corporation. Countries across the world have a variety of data protection laws, in the form of secrecy laws, privacy statutes, and blocking statutes. Commercial secrecy laws typically protect corporate and banking data. Privacy statutes typically protect consumers and their personal information. Blocking statutes have typically been enacted for the express purpose of frustrating U.S. discovery.

In

, the U.S. Supreme Court stated that the responding party cannot fail to produce documents because of a foreign data protection statute. The Court outlined three factors that should be considered when it is determining whether to exercise its power to order discovery in the face of a non-U.S. data protection law:

Each factor requires additional explanation. The first factor does not balance the U.S statute against the data protection statue of the foreign country but only considers the U.S statute. The second factor is actually a higher standard than the typical U.S. standard for production of data during discovery, which is any data that is relevant or could reasonably lead to admissible evidence. The third factor speaks to the ability of the responding party to deal with its own government in trying to waive enforcement of the data protection law and whether it has done so. The good faith of the responding party is not considered when ordering production, but only after an order is not complied with. In cases that followed, the majority of U.S. courts have not allowed blocking statutes to stop the issuance of production orders. In In re

, the court stated that it is well settled that blocking statutes do not deprive the U.S. courts of power to order a party to produce evidence even though the act of production may violate that statute. To some extent, this was because U.S. courts did not believe that the sanctions attached to these blocking statutes would be enforced. This may have changed with what happened after a discovery production order was issued in face of the French blocking statute. A French attorney who subsequently tried to speak to a witness in contradiction of the blocking statute was convicted and fined in a result that was upheld by the French Supreme Court. The subsequent effect of this on the analysis by U.S. courts is not yet clear. After evaluating local secrecy and privacy laws, courts have still ordered discovery anyway. In

itself, the Court ruled that the Swiss banking secrecy law was not sufficient to prevent ordering production of data from the respondent. In

, China’s secrecy law was not allowed to protect the financial information of a state-owned company. In

, the court upheld production because Germany’s bank secrecy law was waive-able and only civil penalties and commercial consequences were likely to result. In In re

, the court held that discovery was required of respondents despite data protection laws from three different countries, each with widely differing amounts of flexibility in enforcement of those laws.

In Asia/Pacific, there are quite a range of statutes set up to protect various types of data. These statutes serve various segments of society, from consumers to business to government. These local laws should be part of the legal risk analysis for parent corporations but it is important to understand that each statute has not been interpreted by a U.S court. In addition, many statutes are being updated or introduced as this article is being written, so any risk analysis must be constantly revisited. In addition to statutes, there are also regional frameworks, such as the non-binding APEC Privacy Principles, that may have a greater influence in the absence of local privacy law or on future statutes. The following is a non-comprehensive but representative list of regional data protection laws.

When addressing the issue of whether to compel a party to produce data for pre-trial discovery, a court may consider additional factors solely related to ESI. There are a number of characteristics of ESI that are different than paper documents. These include:

In

, the Supreme Court stated that the individual courts should show “special vigilance to protect foreign litigants from…unduly burdensome discovery” and specifically noted that courts must watch out for discovery abuses for overseas litigants based on “additional costs” and special problems on account of the “location of its operations.” The FRCP allows a responding party to resist discovery of ESI that is not reasonably accessible due to undue burden or cost. The requesting party then has to show good cause to go forward with obtaining discovery, at which point the court will analyze the following additional factors, some of which are similar to those in the comity analysis:

In addition to these factors, a court may also shift the cost burden of production to the requesting party. The Sedona Conference has documented a list of 12 factors to determine the relative accessibility of a source of potentially discoverable ESI. Six factors are based on media type (from

) and six are based on data complexity. While none of these factors specifically relates to overseas ESI, the need for language translation from a local (possibly double-byte) language into English or additional legal reviews for confidentiality and relevance of foreign language ESI performed by foreign-qualified attorneys may provide the basis for an undue burden or cost argument. Conversely, the third factor from the Restatement’s comity analysis discussed above (”whether the information originated in the U.S.”) could be used to support an argument for discovery of ESI that may have originated in the U.S. but was then moved overseas. This may be quite typical in the emerging cloud computing environment. Finally, local e-discovery rules are being introduced, such as Australia’s Practice Note 17 or Singapore’s Practice Direction No. 3, and their effect on U.S. courts’ analyses of overseas ESI discovery is yet to be determined.

Asia-Pacific parent corporations with U.S. subsidiaries or operations should, as a first step, perform a proactive legal risk analysis for their exposure to U.S. pre-trial discovery based on the factors outlined in this article. As a second step, these non-U.S. parent corporations should analyze how prepared they currently are to respond in a timely manner to pre-trial discovery requests. This would include performing at least an inventory of the corporate data and data custodians, analyzing records retention and legal hold processes to guard against improper deletion of responsive data, and verifying that data collection procedures are legally sound. As a third step, all remediations identified in the first two steps should be designed, implemented, and monitored. It is critical that these companies enlist the proper expertise to help them through this multi-disciplinary process, including technically adroit attorneys who understand the international legal analysis required and IT resources with detailed knowledge of both the corporate data and the numerous processes needed to identify, preserve, collect, process, review, and produce data responsive to U.S. litigation.

Privacy Advisor

CHART FROM PAGE 7