InfoSec for eDiscovery- an Urgent Issue

Benjamin Wright, Guest Writer and Instructor at SANS Institute

The security and confidentiality of records produced in eDiscovery are becoming more urgent issues.

Traditionally eDiscovery in a lawsuit means records are physically delivered from the producing party into the possession of the requesting party. The records can contain highly sensitive data, such as medical details, trade secrets, personally-identifiable information about consumers and the like.

In the old days, records produced under eDiscovery were printed on paper or recorded to a stand-alone CD, which was viewed from a stand-alone PC. They were easily kept secret and secure in a locked safe or office.

But today they are delivered in electronic form such that the requesting party stores and/or accesses them by way of a network. That network might be the local (Internet-connected) network within a law office or cloud services performed on behalf of the law office. In any case, they are vulnerable to hackers.

Network security is not like physical security. Good network security requires sophisticated resources. But even sophisticated organizations can be breached, as has been demonstrated by many high-profile data breaches like T-Mobile, SolarWinds, and Office of Personnel Management.

Requesting Parties Lack eDiscovery InfoSec Expertise

eDiscovery thought leader Craig Ball observes that many of the parties — like plaintiff law offices — requesting eDiscovery simply do not have the expertise to protect the records they are requesting. See “Cybersecurity’s a Pain Point for Plaintiffs”.

Ball argues that the parties producing records are therefore justified in delaying the production of records – maybe indefinitely – until the requesting party can prove it has a good security program: policy, staff, training, encryption, two-factor authentication, audit and so on. Proving such security is a tall order for many law offices.

But security concerns should not be allowed to frustrate otherwise legitimate eDiscovery demands. This is where IPRO’s solutions can help and step in. They enables an alternative process. Instead of transferring possession of records to the requesting party, IPRO can make records available to the requesting party, but under the security umbrella of the producing party, the party that created and possessed the records in the first place.

In accordance with an approved and supervised eDiscovery plan, the requesting party could use IPRO to access records within the producing party’s IT domain.

IPRO can locate data in many different formats, such as email, PDFs, office documents, and unstructured data. It can search through different platforms, whether they be on-premise or in a third-party cloud. These platforms can include Exchange, Sharepoint, Box, Office 365, and more. IPRO creates an audit trail to show what was searched, when it was searched and what the results were.

IPRO can show who accessed which records and when they accessed them.

The requesting party could only access permitted record sources (such as email archive) using permitted search queries. But at the same time, IPRO could maintain the confidentiality of the requesting party’s work, preventing the producing party or anyone else from snooping on details without permission. It could allow the requesting party to save search results and leave confidential notes and audit trails within searches.

IPRO could confirm that no records actually left possession of the producing party. Thus the normal security that the producing party applies to the records would remain in place.

New Kind of Cooperation Required

The eDiscovery process proposed here is not the traditional process. It requires a new kind of cooperation by the producing party. But eDiscovery has always required cooperation. Cybersecurity issues are now forcing us to venture into a new mode of cooperation.

Benjamin Wright is a practicing attorney based in Dallas, Texas, and an instructor at the SANS Institute teaching a 5-day course titled “Law of Data Security and Investigations.”