This article is the fourth of a four-part series. In parts 1-3 we looked security standards, best practices and the difference between IT and legal perspectives on data security.

Maintaining data security is challenging enough with regular records management and destruction policies, but it becomes much more complicated during the discovery phase. In-house counsel not only need to worry about keeping data from being lost or falling into the wrong hands, but they also need to be able to document an unbroken chain of custody throughout the entire process. Any breaches or gaps in security during e-discovery can lead to claims of spoliation by opposing counsel or even sanctions by the judge.

In order to maintain an unbroken chain of custody, in-house counsel, third parties and law firms must all be able to ensure that:

  • No information was added or changed
  • A complete copy of the electronically stored information (ESI) was made
  • A reliable copying procedure was used throughout the process
  • The media were secured at all points from collection to trial
  • An inventory of every file and storage media has been maintained for every step
  • Data integrity has been maintained throughout the process

In-house counsel can’t assume that the law firm or vendor will manage these processes. The steps for maintaining the chain of custody should be explicitly spelled out in project plans and contracts.

In-house counsel also can take several steps to shore up the process. Limiting the amount of data that enters the e-discovery funnel helps to minimize the chances that any of it will be lost, stolen or subject to spoliation claims. Whittling down the amount of data early on also helps to save time and money.

With constant cost pressures, in-house counsel may be tempted to switch vendors and hire the cheapest one for each different matter. However, by developing long-term relationships, legal departments can save time and worry. By working with trusted law firms and vendors, in-house counsel can feel more confident that those who handle the data during litigation will hire the right people and follow established procedures.

Once, in-house counsel would let law firms select vendors, contract attorneys and others, but that is changing. Increasingly, legal departments are developing their own relationships with third-party litigation support providers and expecting that law firms will adapt to their systems and people.

For companies that handle a great deal of litigation, it may also make sense to consider in-sourcing some or all of the e-discovery process. By involving fewer people and minimizing the movement of ESI, in-house counsel can decrease the risks that data will be breached or stolen.

Different approaches make sense for different companies and even different matters. In-house counsel need to consider the exposures and risks of each matter to determine what level of security makes the most sense. No matter what approach a company takes, in-house counsel have the initial and primary responsibility during e-discovery and litigation to ensure that data remains safe.

In the early days of e-discovery, many in-house counsel were happy to let their law firms take over the responsibility of data security. That is no longer sufficient, particularly as hackers increasingly view law firms as vulnerable to data breaches. By stepping up their data security standards and expectations during e-discovery, in-house counsel are not only fulfilling their professional obligations, but also taking proactive steps to manage critical company information and direct litigation approaches and strategy.