Thought Leadership and Industry Trends
Do you know where your data is?
By Michael Milicevic, Esq, Managing Director, CDS Chicago.
One of the first questions providers often ask when engaging with a new client on an eDiscovery matter is a fairly simple one: Where is your relevant data located? Unsurprisingly, the answers are often complex. The proliferation of storage devices and cloud access available to custodians today continues to increase as do the risks to their data security. Fortunately, proactive eDiscovery providers invest heavily in maintaining secure infrastructures, developing detailed data security protocols and procedures and training personnel on best practices for ensuring the security of client data. Unfortunately, there isn’t much that providers can do about the security of client data before they receive it. Below are some helpful tips for maintaining the security of physical media containing electronically stored information.
Proper storage of physical media
Secure physical storage of sensitive client information can often be overlooked. When evaluating the data security procedures of service providers, it’s important to confirm that they have controlled access to physical source media and that they limit and maintain detailed audit trails for staff members authorized to access physical media. Law firms and corporations, often tasked with handling sensitive custodian data, should also consider adopting similar physical media storage policies. Hard drives, thumb drives, and CDs/DVDs should never be left out on desks and should always be stored in locked media cabinets to ensure proper physical security of data when not in use. Detailed chain of custody or media tracking forms should also always be maintained even internally for properly tracking, identifying and accounting for physical media.
Encryption at Rest
In addition to storing media securely, all custodian data that exists on physical media should be encrypted to protect against potential data breaches if hard drives or thumb drives are improperly stored or potentially lost in transit. Duplicate copies of original media should be created and encrypted when data is moved between locations. Passwords should not be stored with physical media. If data is being transferred electronically, be sure to use secure file transfer sites. These should all be standard practices for good eDiscovery providers who can help deploy similar procedures onsite at law firms or corporate client locations.
Storage in Secure Data Repository
One of the best options for handling serial custodian data or data that is frequently subject to legal holds and may be relevant to several ongoing or upcoming matters, is to store all data in a central repository secured and maintained by eDiscovery providers. Make sure to request full security documentation from the provider you select to ensure they have taken the proper precautions. Corporate IT teams will likely be happy to purge their servers of legacy legal hold data and in-house and outside counsel will also benefit from storing data in a central, secure and easily accessible location. There are many options for the repository format that can be customized to a particular client’s storage needs.
Ultimately the best way to know where your relevant data is located is to centralize and consolidate, either in a secure location with controlled access within your firm or corporation, or in a central repository with a provider that maintains a very secure environment. Some certifications to look for include ISO 27001 certified hosting and Type 2 SOC 2 tested processes. Vendors should also maintain several redundant disaster recovery centers to ensure your data is always backed up and protected.
Contact us for a consultation regarding how we can help you manage your eDiscovery.
About the Author