eTERA
Consulting's Safe Harbor Data Policy
Statement of Policy
eTERA Consulting (“eTERA”) respects the privacy and confidentiality of personal information provided to eTERA by its clients, employees and all others who entrust it with personal information. Accordingly, eTERA adheres to the set of data protection principles developed by the United States Department of Commerce (DOC) in collaboration with the European Commission, as reflected within the Frequently Asked Questions (FAQ) issued by DOC on July 21, 2000, and within other documentation provided by DOC (commonly referred to as “The Safe Harbor Principles”).
This policy applies only to personal data that eTERA has received from the European Union (EU). Personal data refers to data that is:
• transferred to the United States (U.S.)
from the EU;
• is about, or relates to, an identified or identifiable individual;
• can be linked to that individual; and
• is recorded in any form.
However, the term personal data does not include data that is publicly available and that pertains to a specific individual, but from which that individual cannot reasonably be identified.
Scope of eTERA’s Business
eTERA provides electronic discovery consulting and technical services to client law firms and directly to corporations who are parties to various types of legal and litigation proceedings. All data collected in the course of eTERA’s activities are kept under strict privacy and confidentiality protocols since much of this information may constitute evidence in litigation and other legal proceedings. Indeed, it is eTERA’s practice to enter into, with each client, Confidentiality and Non-Disclosure Agreements as to data received in every engagement undertaken. Moreover, each of eTERA’s employees has executed Confidentiality and Non-Disclosure Agreements pertaining to all information that comes into their possession in the course of their employment.
The facility in which eTERA processes (processing by eTERA consists, typically, of the extraction and formatting of data for review in a document review system) and stores data maintains physical security features and the network infrastructure upon which data is stored is secured by some of the most advanced data security and disaster recovery technology found in the marketplace.
Much of the data processed and hosted by eTERA does not constitute personal data as that term is defined above. However, personal data will, on occasion, enter into the possession of eTERA, the bulk of it contained within the email accounts of individuals in the employ of the parties to litigation.
Safe Harbor Principles
eTERA has adopted the seven Safe Harbor Principles published by the U.S. Department of Commerce as to Notice, Choice, Onward Transfer (transfer to third parties) Access, Security, Data Integrity and Enforcement with respect to personal data transferred to the U.S. from the EU.
These principles, as adhered to by eTERA, are described below.
1. Notice
Under most circumstances, eTERA does not collect personal data for processing directly from the party in possession, but receives the data for processing from counsel under an agreement to hold such data under strict rules of confidentiality and privacy. Therefore, when eTERA receives personal data from the EU for processing purposes and does not control the collection of the personal data, eTERA does not, typically provide notification to the individuals to which such personal data relates (but, again, is mandated by the client to hold the data in the strictest confidence).
In such event, eTERA reserves the right to process personal data in the course of providing services to its clients without the knowledge of the individuals involved. eTERA never uses data for a purpose other than the purpose for which it was provided to eTERA. Neither does eTERA ever share information with third parties other than when lawfully directed by the client law firm or corporation. When specifically authorized by counsel or client to do so, eTERA will inform affected individuals about the purposes for which it collects and uses personal information about them, how to contact the organization with any inquiries or complaints, the types of third parties to which it may disclose the information, and any choices and means that eTERA may offer individuals for limiting the data’s use and disclosure.
2. Choice
Since eTERA does not share personal information with third parties, unless required by law or lawfully directed by the client law firm or corporation, nor does it ever use the data for a purpose incompatible with the purpose for which it was originally collected, there is no need to offer individuals the opportunity to opt out from having data disclosed. However, should the need ever arise, eTERA will provide individuals with reasonable notice and mechanisms to exercise their choice to opt-out from having personal data so disclosed.
3. Onward Transfer (Transfer to Third Parties)
As mentioned above, eTERA does not share personal information with third parties, unless required by law or lawfully directed by the client law firm or corporation to do so. However, should the need ever arise, prior to disclosing personal information to third parties, eTERA will utilize the notice and choice principles noted above. Moreover, where the need arises, eTERA will obtain assurances from third parties that they will safeguard the personal data consistent with this policy or any other EU adequacy finding, or as an alternative, eTERA will enter into a written agreement with such third party to provide at least the same level of personal data protection as is maintained by eTERA.
4. Security
eTERA takes our clients security seriously and undertakes every reasonable step to protect their information. eTERA takes reasonable precautions to protect personal information form loss, misuse, unauthorized access, disclosure, tampering, alteration and destruction. eTERA has put in place appropriate physical, electronic and managerial procedures to safeguard and secure the information we process.
5. Data Integrity
eTERA uses personal information only in a manner that is compatible with the purpose for which it was collected or subsequently authorized by the individual. eTERA takes reasonable steps to ensure that personal information is reliable for its intended use, accurate, complete and current.
6. Access
eTERA processes data under the guidance and direction of our clients. Where appropriate to do so, eTERA will grant individuals reasonable access to personal data that it holds about them, and eTERA will take reasonable steps to permit individuals to correct, amend or delete information that is demonstrated to be inaccurate or incomplete.
7. Enforcement
eTERA will assure compliance with the Safe Harbor Principles by committing to investigate and attempt to resolve complaints regarding violations of the privacy policy directly with the complainant and in the event that the complaint cannot be resolved by eTERA internally, the complainant may be submitted for dispute resolution to the American Arbitration Association. Moreover, eTERA will subject those employees who are found in violation of this policy to appropriate discipline.
eTERA will conduct an annual self-assessment to ensure that this policy is published and disseminated within eTERA and on its Web site, that it is being adhered to and that it conforms to the Seven Principles set forth above. In addition, eTERA has deployed internal auditing measures to monitor its compliance with the Principles and to address all questions or complaints. eTERA will also self-certify annually with the U.S. Department of Commerce as being in full compliance with the Principles.
eTERA Consulting Contact Information
Individuals may raise any questions, concerns or complaints regarding their personal data directly with eTERA by contacting eTERA’s Vice President of Electronic Discovery, Todd Haley, whose contact information is as follows:
eTERA Consulting
1100 17th Street, NW
Suite 605
Washington, D.C. 20036
202-349-0177
Amendments to This Privacy Policy
eTERA may amend this Safe Harbor Policy, from time to time, by posting a revised policy on its Web site at www.eteraconsulting.com. eTERA will only amend this Safe Harbor Policy in a manner consistent with the requirements of the Safe Harbor Principles as set forth above.
This Policy is effective as of November, 2008. eTERA Consulting successfully re-certified under the Safe Harbor Program on November 25, 2009.
