Legal and regulatory compliance is a pressing concern in all sectors, but for legal firms the necessity for security and integrity of information runs across all aspects of their operations.
In addition to the fundamentals of data protection legislation, e-discovery requirements, etc, that affect all businesses, a legal firm has at its core the need for client confidentiality and protection of evidence.
But for legal businesses there are many threats to security and confidentiality, such as the use of printing in paper-based processes, as well as opportunities such as those presented by the potential use of big data analytics to build evidence.
In this podcast, Computer Weekly storage editor Antony Adshead talks with Vigitrust CEO Mathieu Gorge about the basics of compliance in the legal sector as well as feedback from the recent LegalTech event in New York on discussions about e-discovery, the challenge of unstructured data and the National Security Agency (NSA) scandal.
Antony Adshead: What are the compliance requirements of the legal industry?
Mathieu Gorge: Firstly, we need to take a look at the concept of CIA – the confidentiality, integrity and availability of data for the legal industry and its clients – but potentially also the other party [to legal proceedings].
So, lawyers will typically host information that pertains to their clients to the matter that they’re defending or suing for and also internal information about how they came to advise a client to follow a particular route in terms of the case they’re looking after. So, in other words, the decision process that was taken internally.
It’s also important to understand the difference between confidential information, some of which must by law be disclosed to both parties, ie the claimant and the defendant, versus privileged information that is shared between the client and their lawyer.
We also need to look at the international aspect of cases. For instance, some cases, especially with regard to e-discovery, may require accessing information from several jurisdictions – the EU, the US, Asia, maybe other parts of the world.
More on legal and regulatory compliance
- Podcast: Demystifying big data storage for the board
- Podcast: What’s new in PCI-DSS and PA-DSS version 3.0?
- Big data security: getting a grip on multiple data sources
- Data classification policy: What it is and how to do it
- Podcast: Why HIPAA compliance provides a storage template for all
- Podcast: Why you need a cloud storage compliance audit
So, in that respect, from the compliance perspective you’re looking at EU data protection, US personally identifiable information (PII), Asian regulations and transfer of data from one are to the other.
It’s also important to have a look at the fact that a lot of the information is still on paper so there are some secure printing concerns and there is also a lot of unstructured data, data that is accumulated during cases. [It is important] to know where it is and how to access it and that it’s always secured, whether it’s on mobile devices, in filing cabinets or even in the cloud, which has its own challenges.
Adshead: You were at LegalTech in New York last week. What were the key issues with reference to compliance and storage and backup that were prominent there?
Gorge: LegalTech advertises itself as being the best event for the legal industry and for legal firms to improve their practice management. And by that they’re looking at different aspects such as dictating letters, billing systems for the amount of hours spent by [lawyers], e-discovery, storage of data, indexing of data and essentially anything that allows a legal firm to run, from a technology perspective.
So, this year at LegalTech the focus wasn’t so much on e-discovery as a technique but rather on e-discovery tools and predictive coding.
There was also a lot of focus on big data management for legal firms and the consensus was that lawyers end up with a lot of unstructured data that they need to make sense of and restructure to build a case.
So, in that respect, classification of data, as well as indexation of data and making sure the right people have access to the right data at the right time in a timely fashion, in order to end up in court at the right moment is really paramount.
There were also discussions around the impact of the NSA scandal last year with regards to the legality of accessing private data by government, how that data should be protected and what it meant for the legal industry.
The intersection between data privacy and e-discovery requests was actually very well discussed at LegalTech, so it’s very likely that over the next year there will be lots more discussions about technology, the cloud, as well as the impact of the new EU regulations on the cloud.
Secure storage and data classification is really key for the legal industry and should be one of the priorities in 2014.