THE BLOG

06
Feb

eDiscovery in Today’s Security Centric World

eDiscovery. A term that 20 years ago didn’t exist but is as commonly heard in the legal industry today as terms like case law, litigation or summary judgment.

As we look back, the eDiscovery and managed review model has seen an evolution of change over the years. Twenty years ago, discovery was mostly an exchange of banker’s boxes, between parties, filled with hundreds if not thousands of pages of documents. The “review” process entailed someone, usually a paralegal, delving into the boxes, flagging important documents to be used as evidence or exhibits in the case or investigation. However, as technology advanced and paper documents turned to electronic documents, concerns began to shift.

The ability to exchange documents electronically as well as the increase in popularity of email, continued to produce more and more volume. The excessive volume of data and the need to get through it quickly eventually led to the creation of the contract attorney role, where part-time or “contract-based” attorneys were hired by the firm to assist the trial team in digging through and evaluating the large volume of documents in a timely manner. Worries about data breaches or data security wasn’t on the minds of anyone. Confidentiality was the bigger concern. The fact that 50 (sometimes hundreds) of strangers were now wandering in and out of the law firm and accessing confidential information was of great concern. Conversations around security and confidentiality began to take place. Terms like Information Security Systems, IT Infrastructure, etc. began to be at the center of these conversations.

How the industry looks today

As with the evolution from paper to electronic documents, the progression of eDiscovery has continued at a rapid pace, with probably the most significant changes occurring in the last five years. The type of data we have the ability to collect continues to evolve bringing with it more and more questions. Issues such as preservation, how to collect data, what data to collect, what custodians to collect, as well as data privacy issues, confidentiality and security are now common challenges faced by many organizations. This has forced technology companies, law firms and corporations to take new steps to ensure the protection of their data. The eDiscovery model has advanced as well. The sheer volume of the data led to a greater need to get through the data faster and more cost effectively. Again, the industry answered the call. New technologies emerged which encompass many iterations of computer assisted review such as predictive coding, de-duplication, threading, and analytics. These advancements have had an impact on costs and turn around. They can be used independently or in tandem with linear review depending on the needs of the client. When it comes to managing data, Contact is at the top of the game. Our Forensics, data, ECA, and newly launched MobileRev™ provide key solutions to managing and review volumes of data.

Making strides in security

Growth is an impetus for change. As documents moved from paper to electronic, and the data increased, the industry was forced to answer the needs of their clients. The adaptability of technology and the exchange of data across borders brought with it even more data and even more security questions. Questions about storage, access and what laws would govern the security of this data continue to come up, leading to major concerns, and the importance of having an industry standard.

Today, privacy and security are at the forefront of concern. Conversion to electronic information housed either on a server and now in a cloud-based environment, bring with it new issues. How do you protect this data? What measures is your eDiscovery vendor taking to ensure appropriate security measures are in place. The challenge to house, maintain and review the data in a secure environment is critical.

This growth of business data led to changes in IT infrastructure and security. Anyone housing data must have appropriate controls in place to protect the integrity, confidentiality and accessibility to sensitive data. The strategy is to mitigate as much risk as possible. Having a Security Information Management System (SIMS) (as Contact does) to act as a framework for your organization is essential. Conducting frequent checks on IT systems and making sure your employees understand and can recognize a threat is crucial.

When it comes to security, it is key to invest in intrusion technology, a series of hardened firewalls and multi-factor authentication processes. There are also industry certifications such as ISO 270001. ISO 27001 formally specifies a management system that is intended to bring information security under explicit management control. ISO 27001 is a formal specification which means that it mandates specific requirements and allows for formal audits. It also provides a framework to ensure fulfillment of commercial, contractual and legal responsibilities.

Contact is committed to ensuring the appropriate controls are deployed to protect the integrity, accessibility, and confidentiality of sensitive data under management, both domestically and abroad. With our own internal controls and an ISO 270001 Certification Contact is at the top of the game when it comes to security.

So, what does all this mean? What is your exposure (i.e. for not utilizing an eDiscovery vendor that isn’t ISO certified)? With ever changing technology it has never been more important to work with a company that takes security risks seriously. The implications of exposure are not worth the risk. It has never been more important to work with a technology company, such as Contact, that have these controls in place.

To learn more about our Technology, Service offerings, and Security systems please contact tvillanueva@contactdiscoveryservices.com