Chapter 13: Privacy Issues in Civil Litigation and Government Investigations

How Disclosures Are Required, Permitted, or Forbidden

When responding to litigation and investigations, the law can require, permit, or forbid disclosure of personal information. The same statute can do all three depending on the circumstances, so privacy, legal, and IT professionals must collaborate on a systematic response.

Companies responding to civil litigation and government investigations face three distinct legal postures: the law may require disclosure, permit but not require it, or forbid it. Sometimes the same statute requires production in one circumstance (such as when a judge issues a court order) but prohibits it in another (such as when no court order exists).

Historically, outside and in-house lawyers manually reviewed document files to decide what to produce. Today disclosures are handled cooperatively by lawyers, privacy professionals, and IT, often under an information management plan with authorization controls and audit trails for sensitive data.

Three postures

For any request, ask first: is disclosure required, permitted, or forbidden? Turning over too much or too little can each create legal liability.

Key terms - quick answers

What is “Discovery”?

Information disclosed to another party in a lawsuit before trial, governed by the rules of civil and criminal procedure.

What is “Subpoena”?

An instruction to produce a witness or records, enforceable through contempt of court.

← After Employment: Access Termination and HR Records Disclosures Required by Law →