Facebook LinkedIn Twitter

 IST Discover-E White Paper:

Data Security Safeguards

How Your Firm Can Avoid Being Part of the Next Panama Papers Fiasco

The Panama Papers/Mossack Fonseca debacle emphasizes, as ever before, that protecting your most valuable resource – data – is paramount.


Consider that:

  • Almost half of U.S. organizations experienced a data breach or failed compliance audit in the last year.
  • The average total cost of a data breach has jumped from $3.1 million to about $3.5 million, with the average cost of a single lost or stolen record totaling $145.
  • The potential cost of a HIPAA violation – tied directly to the management of healthcare information before a breach or loss – has grown significantly, with the maximum amount of fines for civil penalties increasing to $1.5 million.


Today’s eDiscovery service marketplace offers a multitude of eDiscovery service options; some of which offer the option of consolidating with a self-service, cloud-based platform.  This method has proven to be the preferred mode of operation for savvy firms and corporations as it eliminates the costly infrastructure and maintenance demands of an on-premise system.  The self-service, cloud-based platform further facilitates the ability to document an unbroken chain of custody and leverages the expertise of the service provider’s project management team while offering encryption on active and passive data.  Compared to other service types, this method offers the most versatility and control.

Data Security Safeguards

Self-service, cloud based platforms with the proper control mechanisms offer highly secure data as well as reduced overhead and more cost-effective solutions.


However, in light of how all-encompassing attorney-client relationships must be in order to be effective, utilizing an irresponsibly managed cloud-based system can create vulnerabilities in data security.  Simply put, a law firm security lapse can be catastrophic – just ask the folks at Mossack Fonseca.

With that said, most legal and corporate enterprises fail to continuously audit the security competency of their eDiscovery service providers. The fact remains that it is just not easy to evaluate and manage service providers to a defined set of security standards and practices beyond the initial vetting stage.  So, the solution must be to contract with service providers that are certified by third party audit & review agencies.


The ability to establish and maintain data integrity should be viewed as a key, primary differentiator when selecting vendors and partners.


From SOC, ISO, SSAE to PCI and many more, there are a wide range of standards and certifications in the industry.  Selecting vendors that share a commitment to security is critical.  While many eDiscovery service providers tout their security procedures, only a select few have subjected themselves to the strict oversight, costly approval process and ongoing auditing required for certification under recognized standards.  If a vendor lacks independently validated security certifications, it can be difficult to discern the level of security it is capable of providing. Selecting vendors that meet standards like SOC2 and have demonstrated success handling matters means that you can be confident data security is a priority.


By requiring data security certification standards and expectations during e-discovery, you not only fulfill your professional obligations, but you also take proactive steps to manage critical company information and direct litigation approaches and strategy.


A comprehensive information security plan should be made explicit at the outset of every eDiscovery project in order to instill the expectation that security is a critical, collaborative task.


Additionally, with constant cost pressures you may be tempted to switch vendors and hire the cheapest one for each different matter.  However, by developing long-term relationships you can save time and worry.  No matter what approach you take, you have the initial and primary responsibility during e-discovery and litigation to ensure that data remains safe.  Each matter requires a fresh review of security policies and procedures, a reexamination of the reliability of your partners and a reaffirmation to your own employees that security is a top priority.

Talent Acquisition Team

Innovative • Service • Technology • Passion