E-Discovery Data Subject to Export Control Laws

The Export Administration Regulations (EAR), enforced by the United States Department of Commerce, and the International Traffic in Arms Regulations (ITAR), enforced by the United States Department of State, require that businesses in selected industries ensure the security of data or “dual use” commercial items that could assist in developing military capability.

Any corporation that conducts business in the aerospace, defense, automotive, chemical, engineering, construction and high tech industries may be subject to these regulations. They must control their data sufficiently to avoid the “export” or “deemed export” of certain information and commercial items outside the United States without a license and to prevent access by “foreign persons,” whether they are inside or outside the United States.

A “foreign person” is “not a lawful permanent resident” of the United States. A foreign person can be a foreign corporation or other entity that is not incorporated or organized to do business in the United States. It can also refer to international organizations, foreign governments or any agency or subdivision of foreign governments. It is critical for any business that possesses data subject to the EAR and ITAR regulations to maintain strict protocols for any and all receipts and transfers of technical data. This responsibility extends to any third party providing services to the data owner, including outside counsel and any e-discovery service provider.

The author provides a checklist of recommended procedures that will mitigate the risks associated with these regulations.