What To Think About When Vetting Legal Tech Vendors for Security Concerns
By Lorenzo Mendizabal
Law firms and their corporate clients are concerned about data security and rightfully so. No one’s immune.
This year alone, more than 500 million user accounts were reported stolen in September in a data breach at Yahoo – the largest from a single site in history. And in May a breach at payroll giant ADP exposed the payroll, tax and benefits information of almost 640,000 companies.
Neither are law firms safe. Last year’s Legal Technology Survey by the American Bar Association found that firms with 100 or more lawyers experienced a 23 percent jump in reported breaches.
It’s all leading firms and their clients to undertake stringent risk assessments in vetting vendors for data storage, eDiscovery and eReview along with manual document review. By digging deep into the technology, people, and policies and processes of these vendors, they will be able to enjoy the benefits of today’s tech advances rather than remaining behind the curve.
Smart tech vendors have factored security concerns into the very design of their solutions. Consider how Esquify did it.
Esquify is a legal tech company dedicated to making the manual document review process more effective and efficient to substantially pare review costs. (Studies have shown the average legal department spends $3 million per discovery in document review-related costs related to corporate litigation.) It has embedded multiple layers of security measures within the technology and its protocols, with the aim of setting the bar on security standards.
Here is how Esquify thought about security and integrated stringent protocols into its system:
- Reviewer vetting and training. Esquify’s reviewers are thoroughly vetted (references, background and potential conflict checks, as necessary) and undergo comprehensive training on the software, security protocols and work flow guidelines. This occurs before the project starts and project-specific guidelines are provided.
- Encryption and passwords. For the manual review component, two layers of passwords are required – an Esquify password and a client password that connects the reviewer to where the data is being stored.
- Document storage. Client documents are not stored through Esquify, but through the client’s eDiscovery platform (e.g. Relativity) that it adjoins. Documents reviewed through Esquify can’t be saved or copied as they leave no footprint.
- Communications. A closed loop enables communication, including workflows and reporting, between project participants while blocking outside channels of entry to project data. The system maintains a complete audit trail tracking who has reviewed each document.
- Cloud storage. Esquify’s software and related data are stored and secured in the cloud via Amazon Web Services – one of the leading cloud infrastructure providers, known for its stringent security protocols. Its firewall protection is layered to keep out unauthorized users. Plus database replication and dispersed geographical locations for servers provide the redundancy necessary for a high access service business.
Esquify has been designed to answer two specific needs of law firms and their clients: Make the manual document review process better and less expensive for anyone involved – and make sure it all happens in a safe and secure environment. The company has won numerous recognitions for its technical ingenuity in bringing document review into the modern, tech-driven era. Next up: To earn its spot as an industry leader for its focus on data security.