Are You Moving Data Too Much? How to Protect Critical Client Data [Law.com]
- September 26, 2019
- by Sundhar Rajan
As law firms incorporate more technology into their workflows, the frequency with which data must be moved from one location or application to another also increases. Data movements are inherently risky—particularly when the data is from a client.
Movement of data is difficult to avoid in today’s legal world. In the discovery stage of litigation, for example, a common scenario goes something like this: A client collects data via their in-house IT team or through a third party forensic collections vendor. The collected data is delivered to a law firm. The law firm outsources the data processing to a third-party vendor or processes the data in-house utilizing data processing software. The processed data is then moved into a review platform, either in-house or with a third-party vendor via their public or private cloud. Then, after the data has been initially culled, analyzed and organized, it is temporarily moved out of the review platform into yet another software program to leverage advanced analytics, data visualization, communications graphing, artificial intelligence and tools like technology assisted review. Upon completion of the analysis, the remaining data is then moved back into the review platform for final review and eventual production. Once discovery has narrowed the original data set to the most relevant documents, those materials must be shared among lawyers and parties to litigation, and that may involve the downloading of files from file shares or the transfer of files via email, incurring additional risk.
With every movement (to or from a hard drive or thumb drive, or over a network between any number of machines or devices), the data can get lost or stolen, end up in the wrong hands (inside or outside the organization), get hacked by parties with malicious intent, or otherwise become compromised or corrupted. As law firms incorporate more technology into their workflows to increase productivity and efficiency, and the number of applications and service providers embedded in their processes increases, the frequency with which data must be moved from one location or application to another also increases. Data movements are inherently risky—particularly when the data is from a client.
Because data security is typically considered an IT matter in law firms and is an area in which firm personnel are unlikely to have real expertise, many firms lack the advanced security tools and rigorous protocols that data in transit requires to properly mitigate risk. What should they be thinking about, and what questions should they be asking?
To find out, visit Law.com.
As the Chief Information Officer for Casepoint, I oversee and am responsible for Global Infrastructure, Information security, Our cloud infrastructure, Maintaining security compliances, and managing a global information services team. Prior to joining Casepoint, I spent more than 9 years at the Am Law 100 firm, Crowell and Moring LLP, where I was the Manager of Network Operations. I bring over 18 years of experience working in information security, leading infrastructure and security teams, and building highly scalable/secure application infrastructure. You can connect with him on LinkedIn.