AJ Shankar, founder and CEO of EverLaw recently wrote in Bloomberg Law, Big Law Business, urging the legal industry to take the lead in establishing eDiscovery Security Standards.
We completely agree with Mr. Shankar, and we offer the following:
- Standards should include the use of state-of-the art security software adopted by the court, the judge, and the litigants, to differentially protect the information produced, allowing it to be monitored cradle-to-grave.
- The lead on security standards must extend far beyond litigation and eDiscovery to the entire practice of law, if the standards are going to be meaningful.
Litigators are busy fighting for affirmative remedies or denying, they don’t have time for processes like cybersecurity or data protection. They are busy filing complaints and making bold accusations and counterpunching and charging into discovery with a vengeance, wanting or opposing everything until a “mutually acceptable” stipulation can be hammered out or the magistrate or judge decides it.
In the past, it was fine. Litigators and parties got bloodied, docs were ordered produced, boxes of paper exchanged, and the battle carried on. The litigator knew where s/he stood and so did the parties, for better or worse. There was rarely a thought about securing the content of the documents once they were produced. Those days have passed.
Mr. Shankar suggests the need for a comprehensive set of standards to protect “a client’s most sensitive information, and it’s typically passed between opposing parties without a comprehensive understanding of how it’s going to be secured.” “That’s not my job”, are the thoughts reverberating in the minds of litigators. “My job is to flatten the other side or prevent that from happening to my client. But if we created a unified set of tiered security standards for eDiscovery, processes can and will change. Judges and lawyers could stipulate to establish different levels of protection or they could be ordered. It would bring clarity and satisfy Rule 1.6 ABA standards.
But honestly, that’s hardly enough. Documents should be differentially protected at the a) the company level, b) the Outside Counsel level c) the Outside Vendor level, and d) the courts... When documents are shared, they should be differentially shared, i.e., not just subject to a single classification, but to multiple classifications depending on the matter When documents are shared, they should be monitored cradle to grave. There is software available today to accomplish this mission, and it should be adopted as part of a tiered eDiscovery security standard.