Our client conducted an Internal Investigation. An U.S. government agency’s claim for information against our client forced our client to deal with data protection and the transfer of personal information to a non-EU country. After lengthy consultations with German and U.S. attorneys, it was decided to send the requested documents redacted. These were documents from the board of directors of our client.
However, the US authorities were not satisfied with this approach. It was noted that when all information is blacked out, it cannot determined whether there have been lines of communication and frequent contact between individuals. After consultation with the lawyers involved and the project’s IT experts, the procedure was adapted.
All personal information was redacted and the names of the board members were replaced by pseudonyms. In addition to the known names, misspelled names, abbreviations and acronyms were also replaced by numbers. Our project management team not only assigned more and more numbers, but also carefully documented which pseudonym was used on what page of each document.
In the course of the project some members of the board decided to disclose their names. With a few clicks, the pseudonymization could be reversed.