Our Insights

Thought Leadership and Industry Trends

Home 9 Insights 9 Best Practice for eDiscovery Involving Federal Government Documents

Best Practice for eDiscovery Involving Federal Government Documents

Sep 25, 2018

The federal government, like many private companies, is focusing on cybersecurity and data privacy to a greater extent than ever before. It is establishing new standards for its own systems as well as imposing strict requirements on anyone who holds its information, including third parties like vendors and contractors. Problems arise, however, when those third parties are involved in litigation and the government data they hold may be subject to eDiscovery. Because of the costs and resources needed to store data for eDiscovery, those documents will often be held by an eDiscovery service provider in a cloud environment. The rules governing such situations are not clear at this point, but there are best practices that companies and their law firms can follow to stay ahead of compliance issues that may arise.

FedRAMP requirements

The Federal Risk and Authorization Management Program (FedRAMP) is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud-based products and services. Its goal is to maximize security and cost-effectiveness for government agencies seeking new and updated technology by encouraging cloud adoption. FedRAMP is a mandatory program for any cloud service provider that hosts data for government agencies. However, when it comes to hosting data for eDiscovery, FedRAMP certification does not yet appear to be a requirement.

Proactive compliance

Although there isn’t a strict mandate, the federal government has a strong interest in protecting its own data as well as information that third parties hold. The US federal government’s demands that companies improve their practices and reduce security risks are only going to increase in the future. Companies should expect more scrutiny and regulation, particularly those companies who hold government data. In the legal data discovery context, it seems probable that in individual cases the federal government will require the use of eDiscovery service providers with FedRAMP certification to handle matters containing government data. At a minimum, it will favor those providers with such certification.

As a result, companies and law firms should proactively consider using eDiscovery service providers with FedRAMP certification to improve their own risk management as well as in preparation for additional compliance requirements. Taking this step is not only a good business practice but can reflect favorably on parties who have voluntarily met FedRAMP standards.

CDS is the first eDiscovery provider to obtain FedRAMP certification and to be approved to handle sensitive data for government agencies in its cloud-based platform.

To learn more about our long-term commitment to data security or find out about how the CDS Federal Team can assist with the movement of your eDiscovery or Records Management workloads to the Cloud, contact us today.

About the Author

Matthew Milone

Matthew Milone is a licensed attorney and is currently the head of CDS’s Federal Services division. Before Joining CDS, Matt practiced law at a mid-sized defense firm before turning his attention to eDiscovery Project Management. Matt has nearly a decade of experience managing all elements of large-scale document reviews including consultation, strategy development, and workflow design. Matt holds a B.A. from The Catholic University of America, a J.D. from Quinnipiac University School of Law, and is licensed to practice law in New York.

23 April 2024

Relativity AI Bootcamp: Atlanta

Relativity is kicking off a third season of AI Bootcamps on April 23-24 in Atlanta, where CDS’ Director of Advanced Analytics & Data Privacy Danny Diette will be a featured panelist.

Find out more

01 May 2024

7th Annual Putting Insights into Practice Forum

Navigate a virtual journey through today’s biggest legal data management challenges at PIIP 2024: ADVENTURES ON THE DATA CONTINUUM

Find out more

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
bcookie	2 years	This cookie is set by linkedIn. The purpose of the cookie is to enable LinkedIn functionalities on the page.
lang	session	This cookie is used to store the language preferences of a user to serve up content in that stored language the next time user visit the website.
lidc	1 day	This cookie is set by LinkedIn and used for routing.

Cookie	Duration	Description
_ga	2 years	This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site's analytics report. The cookies store information anonymously and assign a randomly generated number to identify unique visitors.
_gcl_au	3 months	This cookie is used by Google Analytics to understand user interaction with the website.
_gid	1 day	This cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the website is doing. The data collected including the number visitors, the source where they have come from, and the pages visted in an anonymous form.
_hjFirstSeen	30 minutes	This is set by Hotjar to identify a new user’s first session. It stores a true/false value, indicating whether this was the first time Hotjar saw this user. It is used by Recording filters to identify new user sessions.
oktgid	1 year	This cookie is used for storing the visitor ID of the user who clicked on an okt.to link.
oktsid		This cookie is used for storing the session ID of the user who clicked on an okt.to link.
pardot	past	The cookie is set when the visitor is logged in as a Pardot user.
vuid	2 years	This domain of this cookie is owned by Vimeo. This cookie is used by vimeo to collect tracking information. It sets a unique ID to embed videos to the website.

Cookie	Duration	Description
_fbp	3 months	This cookie is set by Facebook to deliver advertisement when they are on Facebook or a digital platform powered by Facebook advertising after visiting this website.
bscookie	2 years	This cookie is a browser ID cookie set by Linked share Buttons and ad tags.
fr	3 months	The cookie is set by Facebook to show relevant advertisments to the users and measure and improve the advertisements. The cookie also tracks the behavior of the user across the web on sites that have Facebook pixel or Facebook social plugin.
IDE	1 year 24 days	Used by Google DoubleClick and stores information about how the user uses the website and any other advertisement before visiting the website. This is used to present users with ads that are relevant to them according to the user profile.
test_cookie	15 minutes	This cookie is set by doubleclick.net. The purpose of the cookie is to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	This cookie is set by Youtube. Used to track the information of the embedded YouTube videos on a website.

Cookie	Duration	Description
_dc_gtm_UA-109542572-2	1 minute	No description
_hjAbsoluteSessionInProgress	30 minutes	No description
_hjid	1 year	This cookie is set by Hotjar. This cookie is set when the customer first lands on a page with the Hotjar script. It is used to persist the random user ID, unique to that site on the browser. This ensures that behavior in subsequent visits to the same site will be attributed to the same user ID.
_hjIncludedInPageviewSample	2 minutes	No description
_hjTLDTest	session	No description
AnalyticsSyncHistory	1 month	No description
CONSENT	16 years 8 months 26 days 9 hours 2 minutes	No description
UserMatchHistory	1 month	Linkedin - Used to track visitors on multiple websites, in order to present relevant advertisement based on the visitor's preferences.

Our Insights

Thought Leadership and Industry Trends

Best Practice for eDiscovery Involving Federal Government Documents

Matthew Milone

Relativity AI Bootcamp: Atlanta

7th Annual Putting Insights into Practice Forum

Our Blog

Sign Up for Our Newsletter

About CDS

Contact Us