Privacy Laws Expect

Privacy Laws Expect Knowledge of Your Data, Says Christopher Wall of HaystackID: Data Privacy Trends

Recently, Special Counsel for Global Privacy and Forensics and Data Protection Officer at HaystackID® Christopher Wall was interviewed by Cybernews where he discussed several topics, including the idea that privacy laws expect knowledge of your organization’s data. Here are excerpts from the interview, the full interview is available here.

Christopher Wall, HaystackID: “Privacy laws expect organizations to know what data they have”

Cybernews: What technology do you use to select valuable information from vast amounts of data?


Christopher Wall: It’s not uncommon for HaystackID to be asked to collect, process, analyze, and review terabytes of data as quickly as possible. Our forensic collection tools include Cellebrite, XRY, and EnCase. We also use a combination of tools, depending on need, to sift through the collected data to find those relatively few files that our clients really need. Tools like Nuix, Reveal (Brainspace), and Relativity, among others, help us with analysis and review. If it makes sense based on data volume and the nature of the case, we may apply artificial intelligence, machine learning, and analytics tools to help sift through the data. But those are just the tools in our toolbox. The real value comes from the incredibly smart and talented folks on our team who know how to use those tools.

Cybernews: Does the recent rise in cloud solutions complicate eDiscovery in any way?

Christopher Wall: Most IT professionals will agree that cloud solutions present a lot of great benefits. Among other things, they can be much more powerful than on-premise solutions. They can help reduce IT costs. They can streamline IT management for a lot of companies. They can do the same things for eDiscovery. During the pandemic, for example, cloud solutions were integral to eDiscovery service providers since they allowed a very efficient way to provide eDiscovery services. Before the pandemic, HaystackID’s Core offering addressed both on-premise and cloud use cases, so it was a little less of a change for us, but for the industry as a whole, the move to the cloud was vital.

But cloud solutions also create new risks and new complications. One of the great advantages of cloud services is that they allow data to move freely to wherever users need it, anywhere around the world. But the cloud’s strength is also its complicating factor. Not all clouds are equal—and from a data protection standpoint, not all jurisdictions in which each cloud is hosted are equal, either. We’re much more aware of individual privacy today, and much more of today’s eDiscovery is cross-border in nature. So, when we conduct eDiscovery using cloud resources, we now have to consider whose data is going into the cloud, the nature of that data, and where that cloud and its backups sit around the world. That can be a complicated analysis, and once the analysis is done, we need to make sure we have in place the appropriate legal rules or contractual clauses and assess whether and how data should be moved into a particular cloud environment.


In addition to the idea that privacy laws expect knowledge of your organization’s data, Christopher also discusses how the pandemic affected the legal industry, the biggest mistakes people make when handling sensitive data, and much more! As I mentioned, you can check out the full interview with Christopher here.

HaystackID is also partnering with NetDiligence by sponsoring and presenting at the Cyber Risk Summit in Philadelphia this week on June 1-3, 2022 at the Loews Philadelphia Hotel. HaystackID is also participating in the following presentations:

  • The Evolving Roles of Claims Professionals and Breach Coaches in Incident Response, Thursday, June 2 at 2:35pm-3:25pm ET
  • Use of Analytical Tools in the Cyber Ecosystem, Friday, June 3 at 9:00-9:50am ET

To find out more about the sessions and/or to request a meeting with HaystackID, click here. As for the Summit itself, you can register via the link above (while the main page says the registration deadline was May 26th, the site appears to still be taking registrations).

So, what do you think?  Do you agree that that privacy laws expect knowledge of your organization’s data? Please share any comments you might have or if you’d like to know more about a particular topic.

Disclosure: HaystackID is an Educational Partner and sponsor of eDiscovery Today

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by my employer, my partners or my clients. eDiscovery Today is made available solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Today should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Leave a Reply