linked in


October 2019

Beyond the Basics: Security Tips for E-Discovery

By Wendy Degerman, Richie Barber

DRI For the Defense

Reprinted with permission from DRI Voice of the Defense Bar

Implementing best practices can reduce your e-discovery information security-related risks.

Consider this hypothetical: it's nine thirty on a Thursday night. Your cell phone rings. On the phone is your biggest client, a chemical manufacturer, claiming their confidential data has been breached. The formula for the company's most valuable product has just been posted publicly online, along with thousands of other documents, including pricing information and employee compensation data. Even worse, the client's IT department is sure the leaked data came from your law firm.

Over the next several hours as you scramble to understand the issues, details emerge about the breach. The perpetrator is a disgruntled employee who has recently been let go. He downloaded all the “hot docs” from a recent litigation, from the firm's e-discovery hosting platform, and he posted a link to them on your file transfer protocol (FTP) site. Nobody turned off the employee's access to the review platform or the FTP site after he was terminated. And just to put a cherry on top, he also posted an internal firm memorandum describing the merits of your biggest case with the company, along with some exciting emails between your client's CFO and her husband. Just the sort of thing that makes a breach even more enticing for the blogosphere and Twitter. Your firm is now front-page news in the worst way.

What could have prevented this catastrophe? You thought you checked all the boxes that you were supposed to check. There is a security team in place and hundreds of thousands of dollars spent on firewalls and antivirus software and consultants and certifications.