Manage Learn to apply best practices and optimize your operations.

Data security: The missing piece of e-discovery (but not for long)

There's an elephant in the e-discovery room: data security, in the form of porous networks, sophisticated hackers, malicious insiders and altered electronic records.

Angelo Mozilo, Countrywide Financial Corp.'s former CEO, had already earned a "rep" as an inveterate emailer before the Securities and Exchange Commission (SEC) launched an investigation into allegations that he engaged in insider trading and misrepresented the financial condition of Countrywide. Mozilo, after all, was the author of a heated reply to a struggling borrower that called customer complaints about subprime loans "disgusting."

That email was a public relations disaster for Countrywide, but internal emails by Mozilo that describe Countrywide loans as "toxic" and Countrywide itself as "flying blind" may be far more damaging, now that the SEC is investigating whether he and his company misrepresented its condition to investors. The case is just the latest to underscore the growing importance of e-discovery in the courtroom.

Corporate legal departments are responding with stricter policies on document retention and more formal procedures for responding to discovery requests. There are also new tools, including electronic content management systems for storing documents and e-discovery software for analyzing information in those documents. Despite all that, experts say there's an elephant in the e-discovery living room: data security, in the form of porous networks, sophisticated hackers, malicious insiders and the specter of altered electronic records.

Data security on corporate networks and computers on which discovery takes place is of growing concern and will demand much closer attention in the years ahead, forcing e-discovery and electronic records management firms to forge closer ties to IT security vendors.

Foundation for admissibility

Document integrity isn't new to the courts or discovery. In the United States, the Federal Rules of Evidence lay out the authentication and identification parameters by which various types of evidence -- spoken testimony, documents and recordings, verbal testimony -- can be made admissible in court. While the courts, in a handful of decisions, have laid the foundation for admissibility with electronic documents, they are ill-suited to promulgate uniform standards and have been slow to adapt to changes in technology, noted Virginia Jo Dunlap, a senior consultant at Electronic Image Designers Inc., a consulting firm specializing in electronic content management and e-discovery.

"The law is set up to address the issue of original paper. There's just not a good foundation of how to work with electronic information," Dunlap said.

So, while the process of determining the admissibility of typed or written documents in court is well established, the process of authenticating electronic documents such as email is less clearly defined. The fact that such documents often aren't signed and may exist in various versions and locations on corporate networks makes authentication for the purposes of admissibility even more challenging, Dunlap said.

Craig Carpenter, general counsel at e-discovery vendor Recommind Inc., said he thinks the issue of document and data integrity -- the possibility that concerns about the security of electronic data might undermine its admissibility -- is going to be a major area of interest in the not-distant future. However, he added, the full impact of the security question hasn't hit the legal world or the enterprise content management (ECM) and e-discovery markets yet. "We're in the first half of the first inning, here," Carpenter said.

Recommended practices

With no clear guidance from the courts, the content management industry is taking the lead in setting best practices on issues like authentication. Recently, AIIM International, a standards group representing the ECM industry, released an updated version of its AIIM Recommended Practices. The new version adds a section that provides guidance on creating "trusted" ECM systems to store documents in a way that ensures that "all electronically stored information can be considered a true and accurate copy of the original information received."

AIIM recommends a number of measures to ensure system integrity, including hardware and storage media that prevent unauthorized additions, deletions and modifications of documents and data. The guidelines are designed to give IT departments and CIOs a frame around which new ECM implementations or modifications to existing systems can be built, said Dunlap, who helped draft the trusted system guidelines.

Dunlap noted that IT security and e-discovery have grown up independent of each other. While IT security companies like Symantec Corp., McAfee Inc. and Check Point Software Technologies Ltd. focused on keeping computers and networks safe from worms and viruses, e-discovery vendors focused on managing large volumes of case documents -- hard copies at first, but increasingly electronic documents in various formats and from an increasingly diverse range of sources.

Consolidated solutions

That's slowly changing. Legacy data identification and cleanup is a pressing issue in the e-discovery world, in what might be seen as a precursor to better data security. At the same time, companies like EMC Corp. and Symantec are bringing technology for storage, data security and content management together under one roof. Even rank-and-file endpoint and network security vendors are making big investments in data encryption technology and leak detection to help customers comply with a raft of new and toughened data security and privacy regulations.

The law is set up to address the issue of original paper. There's just not a good foundation of how to work with electronic information.

Virginia Jo Dunlap, senior consultant, Electronic Image Designers Inc.

E-discovery vendors like Recommind already partner with those vendors on solutions that combine e-discovery and content management. In the long term, executives like Carpenter envision a convergence of tools for systems management, information management, compliance and e-discovery behind a single pane of glass -- especially if IT security vendors become convinced that corporate legal departments concerned about litigation are better equipped to drive purchases than IT departments concerned about data security.

Carpenter said a bigger, but necessary, first step in aligning network and data security with ECM and e-discovery will be overcoming institutional barriers within corporations. "Today, the e-discovery manager has nothing to do with the IT security manager or data loss prevention. He has nothing to do with questions about whether a person has access to a file or server, and he doesn't care about that," Carpenter said.

As with so much in the legal world, however, such attitudes may disappear with the first seven-, eight- or nine-figure judgment in a case that hinged on the security of a litigant's network or content management system and the admissibility of the files and data stored there.

Paul F. Roberts is a senior analyst at The 451 Group. Let us know what you think about the story; email

Dig Deeper on Document management software and compliance

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.