The ever-growing, complex web of privacy protection laws around the world directly impacts how multinational corporations can comply with demands to respond to a U.S. discovery request or regulatory investigation. The risk of running afoul of the privacy laws in the name of compliance with a U.S. legal obligation is very real and often unanticipated. Here lies corporate counsel’s new big risk factor.
Today’s multinational corporations are faced with the significant challenge of crafting practical procedures to both comply with U.S. obligations and meet international privacy standards. Before the urgency of an active request hits, in-house counsel can help mitigate the risk of a privacy violation by understanding where the corporation “keeps” all the critical business data. This “data map” will set out the different kinds of systems that exist in the corporation and indicate where key business functions are performed. Armed with this information, counsel can begin to consider the potential cross-border implications of a request.
Without unequivocal direction from the courts, the struggle to balance the risk of privacy violation against the risk of non-compliance becomes an exercise in reasonableness. Incorporating the following considerations into your response plan can help mitigate risk: 
Although it can be difficult to balance production requirements and privacy compliance, these challenges are not insurmountable. With some advance planning, strategic advisors and reliable partners, every company or firm, including yours, can successfully navigate data protection waters to reduce and mitigate potential risk to your discovery projects.
 See also The Sedona Conference, International Principles on Discovery, Disclosure & Data Protection; and The Sedona Conference, Practical In-House Approaches for Cross-Border Discovery & Data Protection.
(Please send your comments on this post, or requests for future blog posts, to firstname.lastname@example.org)