Mitigating risk is important to legal professionals regardless of their role or area of expertise. Many investigations involve sensitive data and serious allegations, all of which have the potential for additional complications if the information falls into the wrong hands. Today, we’re discussing one of the primary risks associated with ediscovery: data security.
Most organizations handle sensitive data, whether it’s medical records, employee social security numbers, recipes and other trade secrets, or any other type of information that could be disastrous if it fell into the wrong hands. While your company might do a great job of protecting those records when they’re housed within its walls, what happens when they get out? With data breaches becoming more common every day, the risk can be high, especially if you’re sending files to third-party providers for legal document review. What’s a corporate legal team to do?
Start by avoiding these common mistakes:
- Neglecting employee training.
- Most security gaps are still caused by human error. That’s why it’s important to engage in regular training and testing to help employees—across all levels of the company—recognize and avoid phishing and other cyber attacks.
- Keeping too much data in too many locations.
- Establish a defensible data deletion policy that allows you to dispose of outdated files.
- For data you do need to retain, make sure it is stored in a central, modern location, rather than held in legacy systems or across multiple facilities.
- Additionally, make sure you get your ediscovery data back at the close of all matters. Often, vendors and law firms—not to mention opposing parties and expert witnesses—retain sensitive data after a matter has ended, creating a security risk.
- Follow up with anyone who has received data to ensure that either they return or destroy it after a case is resolved.
- Ineffective monitoring and/or detection of data breaches.
- Many data breaches go undetected until long after the fact. For example, Yale University suffered a data breach in 2008 but didn’t detect it until 2018. It’s impossible to take corrective measures or identify weaknesses if you don’t notice an issue in a timely manner.
- Failure to verify vendor security protocols.
- Different vendors have different standards. Remember to ask current and potential vendors about their security policies and protocols, and whether they hold SOC2 Type II or other relevant certifications.
While prioritizing data security takes effort and diligence, it pays off in several key areas. The average cost of a breach in the U.S. is $8.19 million—more than double the worldwide average—according to the 2019 Cost of a Data Breach Study by IBM Security and the Ponemon Institute.
One of the best ways to strengthen data security is to retain more of your sensitive data in-house, where you can keep a closer eye on it. That’s where corporate litigation response software comes in. By enabling your team to handle more ediscovery in-house, you can be more strategic about the data you send to outside counsel. It’s win-win!