Legal discovery has undergone a transition since implementing digital information storage. Discovery has shifted from digging through file cabinets full of documents to digging through online databases and electronic systems that house information, streamlining the process and facilitating better information transparency for all parties involved.
But despite the widespread implementation of in-house database security, many firms still fail to meet basic security standards during the eDiscovery process.
Challenges of eDiscovery
eDiscovery is often a transfer of large quantities of data from one party to another with methods that lack the same security regulations as normal systems. According to Jeff Kerr and John Mays, the founding partners of legal firm Mays & Kerr, the information transition period of eDiscovery is when confidential data is most vulnerable:
“In eDiscovery matters, the client is often asked to turn over a large amount of its raw data, either to counsel or to a vendor. Transferring that data creates risk that it can be breached during transit, and storage in multiple locations creates more attack surfaces,” Mays said.
Unfortunately, legal firms must comply with these eDiscovery practices, regardless of whether each party involved is taking necessary security precautions. However, the increased incidence of digital data discovery and sharing will help create new policies to govern the flow of sensitive information.
“There is a connection between discovery and information governance, and it fits into security with respect to managing the number of times sensitive data is duplicated. You likely want to have that information backed up, but additional copies may increase risk,” said Mays.
Building Better Security
Legal firms are no strangers to cybersecurity breaches. Information losses can occur at every point of the information chain, creating a need for enhanced security standards that reflect the needs of an electronic legal landscape.
Secure passwords, firewalls, encryption and malware management are all essential to maintain for a protected digital environment. But being aware of the issues is not enough—legal firms need dedicated staff members who understand the challenges of IT security and the best way to deploy strategies to keep their data secure. This is true for in-house security, but also applies to areas of heightened data vulnerability, such as eDiscovery.
Until legal firms can guarantee a secure information transfer process during eDiscovery practices, the risk of cyberattacks and compromised data will be a notable concern.
Written by Desh Urs
As a Vice President of Global Sales, Services, and Marketing at Silicon Graphics, Inc., Urs managed engineering and non-engineering functions, developing solutions in sciences, telecommunications, manufacturing, media, business, and defense intelligence, for companies with revenues of several billion dollars. During his tenure as Vice President at Think Tools AG and Brio Technology, Inc., he ran business development and alliances providing solutions in Business Intelligence and Decision Cycle Management to Global 100 corporations worldwide. In the late 1980s, Urs founded Indus Systems, Inc., which he profitably sold to a systems integration company.
Urs serves on several Advisory Boards, as well as many company Boards, in the United States and India.