Corporate attorneys and their outside law firms regularly store large data sets in local eDiscovery repositories for long periods of time, responding to eDiscovery requests by transferring those data sets to opposing counsel. Often this transfer is done by sending the data electronically, physically mailing the data sets or handing over a high capacity backup tape or hard disk to a representative of the opposing counsel.
For corporate legal departments, the storage of eDiscovery data sets has been a simple process of saving all collected data on the legal department file share — with little or no security — or individually, on attorneys’ workstations. The issue with this relaxed corporate data practice is twofold. First, eDiscovery data is considered sensitive and can contain personally identifiable information (PII) and data about future corporate plans, such as mergers and acquisitions. The potential value of corporate eDiscovery data makes it a prime target for hackers. Second, data sets controlled by individual attorneys run the risk of loss and inadvertent corruption or deletion.
Law firm client data handling practices differ from those of corporate legal data handling. Some law firms have established official client data ingestion practices including the use of document management systems. However, like their corporate colleagues, many law firm attorneys take possession of their clients’ data sets directly and keep them separately.
Again, because eDiscovery data is considered valuable by hackers, law firms have become major targets for cybercriminals. The current practices for eDiscovery data transfers aren’t helping. Careless or sloppy data transfers not only call into question the originality of the data but also slow the eDiscovery process, raise the overall cost and risk losing the data itself.
Even though the cloud has become a pervasive tool over the last several years, when dealing with litigation and eDiscovery many companies and law firms are still in the habit of shipping hard or optical disks and electronically transferring gigabytes or terabytes of data to their external law firms or opposing counsel.
It could make more sense to store the data in cloud eDiscovery repositories managed by a third party, letting all sides access and use them. This trusted third party would provide the tools necessary, including case management, access controls, audit and reporting, search, review and tagging, legal hold and export. In short, cloud providers would act as a third-party clearinghouse and transfer agent for eDiscovery data.