Capital Legal Solutions’ Safe Harbor Data Privacy Policy1

Statement of Policy
Capital Legal Solutions LLC (CLS) respects the privacy and confidentiality of personal information provided to CLS by its clients, employees and all others who entrust it with personal information. Accordingly, CLS adheres to the set of data protection principles developed by the United States Department of Commerce (DOC) in collaboration with the European Commission, as reflected within the Frequently Asked Questions (FAQ) issued by the Department of Commerce (DOC) on July 21, 2000, and within other documentation provided by DOC (commonly referred to as “The Safe Harbor Principles”)

This policy applies only to personal data that CLS has received from the European Union (EU). Personal data refers to data that is (a) transferred to the United States from the EU; (b) is about, or relates to, an identified or identifiable individual; (c) can be linked to that individual, and (d) is recorded. Personal data may include, among other things, an individual’s name, address, phone number, e-mail address, or social security number, health insurance policy number or other like information. However, the term “personal data” does not include data that pertains to a specific individual, but from which that individual cannot reasonably be identified. Personal data also includes “sensitive personal data”, which is defined herein as a subset of personal data that pertains to an individual’s medical or health condition, racial or ethnic origin, political opinions, religion, union membership, sexual orientation or actual or alleged criminal activity.

Scope of Business of CLS
CLS provides electronic discovery consulting and technical services to client law firms as well as directly to business organizations who are parties to various types of legal and commercial proceedings. All data collected in the course of CLS’ activities are kept under strict privacy and confidentiality protocols since much of this information may constitute evidence in litigation and other sensitive proceedings. Indeed, it is CLS’ practice (and the customary business practice in the industry in which CLS conducts business) to enter into, with each client, a comprehensive Confidentiality and Non-Disclosure Agreement (C&NDA) as to data received in every engagement undertaken. Moreover, each of CLS’ employees has executed C&NDAs pertaining to all information that comes into their possession in the course of their employment.

The facility in which CLS processes (*processing by CLS consists, typically, of the extraction and formatting of the data for review in a document review system) and stores data maintains extensive physical security features and the network infrastructure upon which data is stored is secured by some of the most advanced data security and disaster recovery technology found in the marketplace.

Much of the data processed and hosted by CLS does not constitute “personal data” as that term is defined above. However, personal data will, on occasion, enter into the possession of CLS, the bulk of it contained within the email accounts of individuals in the employ of parties to litigation.

Safe Harbor Principles
CLS has adopted the seven Safe Harbor Principles published by the U.S. Department of Commerce as to notice, choice, onward transfer (transfer to third parties), access, security, data integrity and enforcement with respect to personal data transferred to the United States from the European Union.

These Principles, as adhered to by CLS, are described below:

1. Notice:
Under most circumstances, CLS does not collect personal data for processing directly from the party in possession, but receives the data for processing from counsel under an agreement to hold such data under strict rules of confidentiality and privacy. Therefore, when CLS receives personal data from the EU for processing purposes and does not control the collection of the personal data, CLS does not, typically, provide notification to the individuals to which such personal data relates (but, again, is mandated by the client to hold the data in the strictest confidence.). In such event, CLS reserves the right to process personal data in the course of providing services to its clients without the knowledge of the individuals involved. CLS never uses data for a purpose other than the purpose for which it was provided to CLS. Neither does CLS ever share information with third parties other than when lawfully directed by the client law firm or originating organization (that is, the owner of the data.) When specifically authorized by counsel or client to do so, CLS will inform effected individuals about the purposes for which it collects and uses personal information about them, how to contact the organization with any inquires or complaints, the types of third parties to which it may disclose the information and any choices and means that CLS may offer individuals for limiting the data’s use and disclosure.

2. Choice:
Since CLS does not share personal information with third parties, unless required by law or lawfully directed by the client law firm or originating organization to do so, nor does it ever use the data for a purpose incompatible with the purpose for which it was originally collected, there is no need to offer individuals the opportunity to opt out from having data disclosed. However, should the need ever arise, CLS will provide individuals with reasonable notice and mechanisms to exercise their choice to opt-out from having personal data so disclosed.

3. Onward Transfer (Transfer to Third Parties)
As mentioned above, CLS does not share personal information with third parties, unless required by law or lawfully directed by the client law firm or originating organization to do so. However, should the need ever arise, prior to disclosing personal information to third parties, CLS will utilize the notice and choice principles noted above. Moreover, where the need arises, CLS will obtain assurances from third parties that they will safeguard the personal data consistent with this policy or any other EU adequacy finding, or as an alternative, CLS will enter into a written agreement with such third party to provide at least the same level of personal data protection as is maintained by CLS.

4. Security
CLS takes reasonable precautions to protect personal information from loss, misuse, unauthorized access, disclosure, tampering, alteration and destruction.

5. Data Integrity
CLS uses personal information only in a manner that is compatible with the purpose for which it was collected or subsequently authorized by the individual. CLS takes reasonable steps to ensure that personal information is reliable for its intended use, accurate, complete and current.

6. Access
Since, under typical circumstances, the burden or expense of providing access would be disproportionate to the risks to the individual’s privacy in the case in question, or the rights of persons other than the individuals would be violated or seriously compromised, individuals cannot be provided access to personal information about them in order to correct amend, or delete the information when inaccurate. However, where appropriate to do so, CLS will grant individuals reasonable access to personal data that it holds about them and CLS will take reasonable steps to permit individuals to correct, amend or delete information that is demonstrated to be inaccurate or incomplete.

7. Enforcement
CLS will assure compliance with the Safe Harbor Principles by committing to investigate and attempt to resolve complaints regarding violations of this privacy policy directly with the complainant and in the event that the complaint cannot be resolved by CLS internally, the complaint may be submitted for dispute resolution to “BBBOnLine”, EU Safe Harbor Program, Attn: Steve Salter, Council of Better Business Bureaus, Inc, 4200 Wilson Boulevard, Suite 800, Arlington, VA 22203. Moreover, CLS will subject those employees who are found in violation of this policy to appropriate discipline.

CLS will conduct an annual self-assessment to ensure that this policy is published and disseminated within CLS and on its website, that it is being adhered to and that it conforms to the seven principles set forth above. In addition, CLS has deployed internal auditing measures to monitor its compliance with the Principles and to address all questions or complaints. CLS will also self-certify annually with the U.S. Department of Commerce as being in full compliance with the Principles.

Individuals may raise any concerns or complaints regarding their personal data directly with CLS by contacting Capital Legal Solutions’ Vice President, Tom J. Skelley, whose contact information is as follows: 150 South Washington Street, Falls Church, VA, 22046; This e-mail address is being protected from spambots. You need JavaScript enabled to view it : telephone: 703.226.1532. If an individual files such a complaint, CLS will investigate the matter and attempt to resolve all issues to the satisfaction of the complainant. If the matter cannot be settled, CLS agrees to cooperate with the dispute resolution system set forth above.

Amendments to this Privacy Policy
CLS may amend this Safe Harbor Policy, from time to time, by posting a revised policy on its website at www.capitallegals.com. CLS will only amend this Safe Harbor Policy in a manner consistent with the requirements of the Safe Harbor Principles as set forth above. This Policy is effective as of June, 2007.