5 Questions about Big Data Security and Ediscovery
In the era of big data, vetting and asking the right security questions can help your organization save money and have peace of mind when it comes to ediscovery. Below is a general overview of some of the most important questions you should be discussing with your outside law firms and ediscovery service providers. Developing a thorough security RFI created in tandem with your IT/IS department to truly vet these organizations is highly recommended.
How is data stored, secured and monitored?
Knowing how and where your data will be stored once you transmit it for ediscovery processing and hosting are some of the most important questions you can ask.
- Storage: Understand whether data is stored onsite or in the cloud. Each method poses its own benefits and risks, and grasping which method best meshes with your organization’s needs is paramount.
- Security: Inquire about technical controls to protect security, from encryption methods to firewalls and intrusion detection systems.
- Monitoring: Learn about the service operations staff that keeps its finger on the heartbeat of the data center.
What physical protection measures are in place?
Look for some of the following attributes to ensure that your law firm or vendor’s data center is state-of-the-art.
- Cooling: Make sure the data center has equipment to keep hardware cool and humidity levels in check.
- Power: Ensure that there is a continuous flow of power to the data center, with back-up generators available.
- Network: Request information about the network connectivity, specifically asking about redundancy.
- Fire Suppression: Understand fire suppression procedures and inquire about waterless fire suppression systems.
- Access Controls: Ask about physical access controls into the data center, such as biometric hand readers.
Is there enough secure storage available and is the operation scalable to accommodate unexpected expansion?
If your law firm or ediscovery provider does not have the capacity to securely store the information, some of the data may be compromised. It is easier—and far less costly—to find another law firm or a secure vendor to host your data than it will be to clean up a disastrous data security breach posed by sticking with a firm or provider that bit off more than it could chew.
Who will have access to the data, and have they completed security training?
The fewer people that have access to the information, the better. Make sure that your corporation’s confidential information is stored on a “need to know” basis, and it should be a red flag if that data is accessible to every employee at the law firm or ediscovery provider.
If data loss or breach occurs, what type of plan is in place?
No one wants to think about a data breach or loss; however, your organization needs to be prepared in the event of a data disaster. Ask about breach notification response plans and provisions for leveraging a data recovery expert in the event of a loss.
With big data only getting bigger and breaches at an all-time high, it is prudent –and absolutely critical—to take every effort to vet your outside counsel and ediscovery provider’s data security policies, before it is too late.