A client asks his trial counsel, “Is my data that you collected safe?”.  When can trial counsel say “yes”?

Trial counsel fires off a text to his first year Associate who is managing e-discovery: “Get me the security protocols for where our client’s data is located”.

The Associate calls his e-discovery tech and who tells him “we have AICPA SOC 2 Type 2 Validation (Formerly SSAE 16)”.  The Associate reports back to Trial Counsel who tells his client “yes it is secure”.

ABA Rule 1.6(c) provides “A lawyer shall make reasonable efforts to prevent the inadvertent or unauthorized disclosure of, or unauthorized access to, information relating to the representation of a client.”

The answer about SOC Type 2 sounds reasonable enough, but the above fact pattern is common and fraught with land mines.

  • Did trial counsel’s actions constitute reasonable efforts under ABA Rule 1.6(c)?
  • Does trial counsel have e-discovery expertise?
  • Should e-discovery be managed by a junior associate?
  • Is trial counsel’s obligation mitigated if his client hires the e-discovery firm?
  • Is trial counsel’s obligation enhanced because his/her firm provides e-discovery services?

These are questions corporate law departments and law firms need to be asking themselves.

Generally, attorneys are not e-discovery experts.  And even if they have successfully used e-discovery vendors what kind of due diligence have they performed to determine how secure they keep data?

Is having a certification enough, what is the actual practice in handling e-discovery data? Has trial counsel visited an e-discovery vendor site?   Has trial counsel vetted claimed security protocols?  Has prior due diligence been updated?

Even in light of numerous publications concerning e-discovery security and the focus by the e-discovery industry and the ABA on data security, attorneys and clients continue to ignore these important security issues.

Corporate legal departments and trial counsel should consider whether they can answer these questions.

The attacks on client data from external sources are increasing.  Only the vigilance of trial counsel and e-discovery vendors to make sure they have adequate security policies, practices and measures in place will enable trial counsel to answer his client with a “yes”.

And then with a caveat, “but all data is at risk of attack”.