Enhanced cybersecurity precautions have been an unshakable reality of the widespread shift towards remote working. But for remote document viewers accessing sensitive client data, some of the security measures that clients and e-discovery vendors are pushing may feel eerily like Big Brother.

Whether it’s working under the watchful eye of (multiple) cameras, handing over fingerprint scans and other biometric data or even just having their eye movements tracked, document reviewers working from home are coming under more supervision than ever before.

1. Background Checks

Background checks and contractual stipulations may not be the sexiest cybersecurity measure to come down the pike, but Redgrave partner Martin Tully noted that they are becoming a more common condition of remote document review. Clients want to know all about who is touching their sensitive data—and reviewers don’t necessarily appreciate the extra scrutiny. “I would say it’s probably the additional screening requirements that meet the most resistance [from reviewers] just because they are so personal,” Tully explained.

How personal? In addition to the usual inquiries about criminal histories and misdemeanors, Tully noted clients may also inquire into a remote reviewer’s financial history, for example.

These days, a reviewer’s online footprint may also come under scrutiny.“We’ve had some clients even want to go as far as doing social media checks,” said Michael Sarlo, chief innovation officer at HaystackID.

2. Video Surveillance

Anyone who has worked remotely during the course of the pandemic is probably used to hopping on a video call every now and again, but some remote document viewers have a camera on them throughout their entire workday. David Greetham, vice president of e-discovery sales and operations at Ricoh Forensics, has heard of e-discovery providers who send remote reviewers two cameras. “One is a facial camera and one is more like a 360 [degree] camera making sure that nobody else is in the room,” he said.

Sometimes cameras are triggered by specific actions or movements. Mary Mack, CEO and chief legal technologist at EDRM, received word of cameras that are designed to begin recording if a reviewer engages in a prohibited behavior—like sticking a thumb drive into their computer’s USB port, for example. It’s not a development that remote reviewers have necessarily greeted with open arms.

“As dehumanizing as it can be to sit with other people [in an office] and have that kind of oversight, like somebody in the room looking over your work and walking behind you. … Having the sort of like ‘1984’ aspect with cameras watching you all of the time, that’s a different thing,” Mack said. 

However, some e-discovery providers and their clients may have already taken that reluctance into consideration in their efforts to attract the best reviewers. “Being on camera will often result in paying more to the reviewer,” Sarlo at HaystackID said.

3. Biometrics

Cameras aren’t the only way that e-discovery providers are verifying the identities of remote reviewers. Some are using biometric security tools—like retinal scanners—as an extra layer of protection. “I know of one document review company [that] as part of going remote, they’ve sent a fingerprint scanner that you attach to the computer,” said Greetham at Ricoh.

Still, with privacy regulations such as the California Consumer Privacy Act placing restrictions around the collection and safeguarding of biometric data, Greetham believes that the use of tools like fingerprint scanners could quickly become political among document reviewers.”[Like] ‘Hey company, you’re not having a copy of my retinal scan.’ [But] it used to be like that with social security numbers and now we give them out because we know we have to. So this is almost the next level of personally identifying somebody,” he said.

4Gaze and Activity Tracking

While security features like cameras or biometrics could be perceived as an invasion of privacy, other preventive measures foisted upon remote reviewers may simply fall under the category of “annoying.” Greetham at Ricoh noted that some providers are deploying software that automatically logs a user out if they haven’t completed a review within a certain amount of time—say, 45 seconds. “If you are reviewing a document, it’s very difficult to review a document in 45-seconds,” he said. 

But it’s not just the clock that certain pieces of software are watching. Sarlo at HaystackID described tech that actually tracks a reviewer’s eyes and boots them out of the system if “they aren’t gazing at the screen for a certain amount of time.”

Still, the health implications may bother remote reviewers more than the tracking itself. “Back some years ago people were talking about ergonomics when you’re working and one of the things is ‘look away from the screen at least once every hour.’ So that would mean eight logins for an eight-hour day right there, if you look away from the screen,” Mack at EDRM said.