Improving Data Security:
It is far too common that corporate legal teams don’t manage eDiscovery data security strictly enough in-house. They take even fewer security precautions when sharing the data with outside service providers. This is a problem because eDiscovery data is often some of the most sensitive, important data that is possessed. Therefore, it is vital for legal and IT teams to work together to manage data security.
Creating a data map to identify eDiscovery data is a good first step. Legal teams should use this map to work with IT teams to build a risk map. A risk map helps pinpoint where the data is located and if these areas are at risk. These key areas are excellent places to begin: behind a corporate firewall, on a networked computer with internet access, on a cloud-based storage account, on a personal mobile device, within an application (Slack, Dropbox, etc.), in a vendor’s system, or in an eDiscovery storage repository.
Once the data locations have been recognized, it is crucial to determine any vulnerabilities. Legal and IT teams must determine who has access to what data and which people are the weakest link when it comes to data security. Consolidating data in a secure, access controlled location is a good decision.
Continuing training and education with all staff members plays an important role in security. It is wise to hold breach response drills and annual security audits. IT teams are often excellent at organizing these type of trainings and drills.
Working with IT prior to onboarding third party service providers also helps improve security. IT will help determine what, if any, security certifications providers have or will need to obtain. Only 19% of legal teams conduct security audits with eDiscovery providers prior to entering a partnership.
Common mistakes that companies make are neglecting employee training and storing data in too many places. A large portion of security gaps are caused by human error. As previously mentioned, engaging in regular training helps to eliminate some of that human error. Many companies struggle with defensible deletion; therefore, they retain outdated data that is cumbersome and potential security risks. It is important to follow up with all parties that any data has been properly handled or deleted at the end of a matter.
Improving data security is a top priority. Putting all these pieces together allows companies to maintain control of their data and reduce security risks. The partnership between legal teams and IT only help to secure data and make informed decisions when working with outside vendors and partners.