Law.com Subscribers SAVE 30%

Call 855-808-4530 or email [email protected] to receive your discount on a new subscription.

Securing a Document Review Center: A Practical Guide

By Michel Sahyoun
May 02, 2015

Much ink has been spilled in recent years about information security, hacker exploits and hardware and software products used to thwart hackers. Not a single day goes by without news pertaining to the discovery of vulnerabilities in the software we use and cherish, and to hacker exploits affecting the companies we use in our daily lives. Compromises at JP Morgan Chase, Target, Home Depot, Ebay, Adobe and Apple, to name a few, have led to the leakage of hundreds of millions of records. These infractions lead to billions of dollars of aggregated losses and can be financially devastating to an organization. A 2014 study by the Ponemon Institute, for example, puts the cost of the average data breach at $5.9 million dollars and the cost per record of a breach in the U.S. at over $200. See, “2014 Cost of Data Breach Study: United States (May 2014).”'

The legal industry has been a late comer to the information security frenzy, but the situation has changed over the last 18 months, driven by corporations' realization that law firms and the legal ecosystem orbiting around them has access to some of their most sensitive data. This realization triggered a series of security audits targeting law firms and, in some cases, e-discovery vendors. Corporations spend millions of dollars on information security to build a defensive dome around their data (JP Morgan, for example, announced to its shareholders that it spent $250 million on information security in 2014), and their angst about the safety of that data when it resides on third-party networks is therefore understandable.

The one discipline that is increasingly under the microscope of Chief Information Security Officers (CISO) is e-discovery, where terabytes of some of the most sensitive corporate communications leave the relative safety of the corporation's defensive perimeter and are touched by myriad legal services providers spanning the EDRM continuum. Providing the tightest security possible to every step of this process is no longer optional. Service providers must implement stringent security protocols or risk losing their largest corporate clients.

Read These Next
Major Differences In UK, U.S. Copyright Laws Image

This article highlights how copyright law in the United Kingdom differs from U.S. copyright law, and points out differences that may be crucial to entertainment and media businesses familiar with U.S law that are interested in operating in the United Kingdom or under UK law. The article also briefly addresses contrasts in UK and U.S. trademark law.

The Article 8 Opt In Image

The Article 8 opt-in election adds an additional layer of complexity to the already labyrinthine rules governing perfection of security interests under the UCC. A lender that is unaware of the nuances created by the opt in (may find its security interest vulnerable to being primed by another party that has taken steps to perfect in a superior manner under the circumstances.

Strategy vs. Tactics: Two Sides of a Difficult Coin Image

With each successive large-scale cyber attack, it is slowly becoming clear that ransomware attacks are targeting the critical infrastructure of the most powerful country on the planet. Understanding the strategy, and tactics of our opponents, as well as the strategy and the tactics we implement as a response are vital to victory.

Legal Possession: What Does It Mean? Image

Possession of real property is a matter of physical fact. Having the right or legal entitlement to possession is not "possession," possession is "the fact of having or holding property in one's power." That power means having physical dominion and control over the property.

The Anti-Assignment Override Provisions Image

UCC Sections 9406(d) and 9408(a) are one of the most powerful, yet least understood, sections of the Uniform Commercial Code. On their face, they appear to override anti-assignment provisions in agreements that would limit the grant of a security interest. But do these sections really work?