Black Logo

Our site uses cookies to give you the best user experience and to collect and share information for analytics, advertising and personalization on this and other sites. Please select whether you consent to our use of cookies and related technologies (“Cookies”), as described in our Cookie Policy. You can return at any time from the same web browser to update your preferences. Please note that resetting your browser’s cookies will reset your preferences. You can control the use of some types of cookies through the Cookie Settings below, but note that if you choose to disable certain cookies, it may limit your use of certain features or functions on our services and websites.

Privacy Policy
Strictly Necessary Cookies

These cookies are required to enable core site functionality.

Functionality Cookies

Functionality cookies allow us to provide enhanced and more personalized content and features. In order to permit your connection our website, our servers receive and record information about your computer and browser, potentially including your IP address, browser type, and other software or hardware information. All of these features help us to improve your visit and assist in navigation of the sites’ features.

Analytics Cookies

We and our service providers may use analytics cookies, which are sometimes called performance cookies, to collect information about your use of our website, for instance, which pages you go to most. The information allows us to see the overall patterns of usage, help us record any difficulties users may have while using our website and can show us whether or not our advertising is effective.

Advertising And Targeting Cookies

We may use third party advertising and targeting cookies to correlate your use of our website to personal information obtained about you so that we may more clearly target the information we provide you to the specific items we think you will find interesting, based on your prior online activities and preferences. We also may use these cookies to deliver ads that we believe are relevant to you and your interests.

For more information, view our Cookie Policy


How lawyers can keep sensitive data safe from hackers

Sarah Brown 09 / 10 / 19

Keeping data safe used to be the sole job of dedicated departments within companies – typically not something lawyers were trained on. The largest companies would have specialized teams focused on the task of securing confidential information – while smaller organizations and even law firms might not have any certified security officers on staff at all.

Data breaches on the rise

In recent years, however, we’ve seen a significant shift as high-profile data breaches have hit prominent companies and law firms. Smart legal teams are taking a more active role in protecting their data, ensuring compliance with stringent security standards, and vetting any vendor they hire that handles their data.

Naturally, eDiscovery vendors handle some of the most sensitive data – whether it contains potentially litigious information, confidential intellectual property, or data restricted by international jurisdictional requirements. In parallel to the increasing awareness of the importance of data security, firms’ questions to their eDiscovery providers have evolved.

Cyber-attack threats loom large – so it’s important for legal teams to understand data sensitivity levels, segment it as necessary, and ensure that the controls and technology in place are sufficient to protect whatever type of data it is.



Data security in eDiscovery: An evolving awareness

As recently as ten years ago, it was thought to be sufficient to simply ask whether data would be protected – legal teams (or their contractual representatives) rarely investigated more deeply.

But as news of data breaches spread and security and privacy regulations increased in the US, Europe, and Asia, legal teams became more aware of the fragile position much of their data was in – and thus increased their focus on protecting it both within their organizations, and especially outside of it.

In the early days of mounting data breaches, legal or procurement teams might ask eDiscovery vendors to fill out a detailed questionnaire about data protection.

Now, legal teams take a more thorough approach as security has become a primary consideration in eDiscovery vendor selection. Onsite, multi-day security audits – conducted by in-house client security teams, or third-party audit organizations – have more and more become the norm.

This shift in security awareness has been incredibly beneficial to law firms and corporate legal teams – the more legal teams know about data security, the better able they are to prevent and respond to data breaches.

It only takes one weak link in the chain to exploit data, so legal practitioners must understand where their data is, who has rightful access to it, and how it will be handled by anyone who touches it – including and especially eDiscovery service and technology providers.

Understanding legal data at risk: Electronic discovery & beyond

Practitioners must also understand the wide range of data in need of protection. In eDiscovery, data can mean anything: intellectual property or trade secrets, product design specifications and algorithms, formularies, and emails, text messages, voicemails, and chat logs of employees. The role of security in eDiscovery is to make sure that, whatever and wherever the data is, it is protected according to its unique characteristics. Technologies and methodologies such as encryption, encryption at rest, access controls, the need to know, role-based access controls must be employed adequately to protect the data no matter where it is.

In today’s environment – where cyber-attack threats loom large for nearly every industry – it’s important for not just law firm clients, but law firms themselves, to understand the data itself, understand the levels of sensitivity it has, segment it as necessary, and ensure that the controls and technology in place are sufficient to protect whatever type of data it is. The alternative is to protect everything at the highest possible standard, which is exceedingly expensive for both the customer and the provider.

Additionally, in-house legal teams must work with the compliance and security functions inside their organizations to understand the corporate guidelines for what is required. A good eDiscovery provider will partner with an organization to help these leaders understand the rules of engagement, what's necessary, and how to proceed in a safe and effective manner.

Work with a legal provider that understands - and mitigates - risk.

About the author

Sarah Brown
Sarah Brown

Sarah Brown is a legal technology thought leader with more than a decade of experience in the eDiscovery and information management fields. At Legility, her primary focus is on driving awareness for the company’s innovative services and solutions. Prior to Legility, Brown spent eight years as head of marketing communications at Epiq, where she led global marketing communications and built thought leadership, PR, and analyst relations programs. Prior to Epiq, she led marketing communications at Exterro, an eDiscovery software company, where she founded and led their content-driven marketing organization. She has a journalism background and holds a master’s degree in strategic communications from Columbia University and a bachelor’s degree in journalism.

Subscribe to Insights

Your one-stop shop for the Legility logo & more.

Your one-stop shop for the Legility logo, brand guidelines, photography assets, and more.

Subscribe to insights