Forensic Data Collection in the Gulf Cooperation Council (GCC)
Planning your electronic review so it doesn't fall at the first hurdle
Companies undertake electronic document reviews when defending themselves in disputes, conducting investigations and when responding to regulators. The foundation of any review is the forensic collection of company data.
When are GCC collections required?
We see three common scenarios that require a forensic collection in the Gulf Cooperation Council (“GCC”) states. The GCC includes Bahrain, Kuwait, Oman, Qatar, Saudi Arabia and the United Arab Emirates. The first scenario is international companies, usually with exposure to the US, who need to investigate allegations of prohibited activities in their local branch office or subsidiary, which may have to be reported to a regulator. Typically this relates to bribery of foreign government officials or transactions with sanctioned countries. The second scenario is companies in arbitration or litigation disputes. The matter is typically being heard in US or UK courts or by an arbitration panel. We also note an increase in local legal actions, especially in relation to capital project disputes. The final common collection scenario is international or local companies investigating staff misconduct and dishonesty, usually fraud or “kick-back” related.
What can go wrong?
The potential monetary or reputational impact to a company in these investigations or disputes can be significant. The electronic evidence, especially communications (including emails) can be critical to success or failure. Mistakes made in the collection phase automatically impact the review, the findings and the legal response. Failing to both focus and coordinate the legal and technical approaches can be costly and jeopardize the case. If legal advisors and forensic technology specialists don’t work hand in hand and with the company, the company risks missing evidence or wasting expensive man hours reviewing irrelevant data. The same risks apply when legal counsel or technologists are inexperienced in this field.
We have also seen numerous examples where the use of inexperienced or unqualified staff, including in-house IT personnel, to perform collections has led to evidence being undermined or even destroyed. Data collections in foreign countries have been known to have fallen foul of the local countries’ data compliance laws, European data privacy laws in particular, risking additional penalties. Companies have a right to expect that the collections and review will be designed to be effective.
To find out more about complying with data laws, seeking legal advice and planning a collection in the GCC, download the full whitepaper.