People Skills, Digital Leadership, Empowered Clients: Jackson & Wilson Showcase the Human Side of Law and Business withCutting-Edge... White Glove Service for San Diego’s Hospitality Industry: Driven by Passionate People, Stokes Wagner Provides 5-Star Legal Services to Those in the... Selecting the Right Mediator For Your Dispute: What should you consider when selecting a mediator? This article addresses the salient... Write Your Way To New Business By Writing for Magazines: One of the best ways for attorneys to get their name out and to position themselves as... You’re in Sales, Get Over It: Every communication involves selling. Every utterance is a sales call. Every time you... Presentation Is Key: After all of the painstaking discovery work that goes into a case, what a win or loss... Community News – September 2017: Newmeyer & Dillion LLP is pleased to announce that four of the firm’s Business... A Resourceful Collaborator: “I think the most important thing about me is that I care about finding practical... Tried, Tested & Triumphant: Khashayar Law Group Secures Position as One of Southern California’s Top... Convert Unhappy Clients into Fans: Clients can become upset with us for many reasons, some of which are within our control,...
Executive Presentations-468x60-1

WARNING: e-Discovery Missteps Can Open Up the Door to Identity Theft

Identity Theft monitorCorporate legal departments and law firms that host and review data online bear a significant responsibility to  ensure  that  personally  identifiable  information (PII) remains protected. According to the Social Security Administration, identity theft is one of the fastest growing crimes in America, and the Federal Trade Commission (FTC) estimates approximately nine million Americans have their identities stolen each year. Most of these crimes rely heavily on a single piece of information—the Social Security number (SSN). As more and more information moves online, criminals have developed a variety of methods to steal information, and the majority of these lost or stolen SSNs are a result of database security breaches. By stealing SSNs, criminals can commit financial fraud, open new lines of credit, empty bank accounts and even rack up false medical bills. This means that protecting access to SSNs in the digital era is more important than ever.

When organizations collect large volumes of data during discovery, and especially when client information is collected, sensitive information is often swept up in the collection and processed. With hackers’ ability to break into any computer system, it is imperative that document management databases be safeguarded. If there is a security breach, innocent bystanders may become victims of identity theft, and the organization hosting the data will almost certainly be held responsible and endure a public relations nightmare.

The FTC,  acutely  aware  of  the  risks  of  collecting  and hosting data that contain PII, has written and published their own  security  guidelines  to  ensure  that  data  are  protected. Firms hosting data internally in a Concordance, Summation, Relativity  or  other  proprietary  database  should  consider implementing  security  measures  and  policies  that  track  the FTC guidelines. If a third-party provider is used, firms are well- advised to consider the provider’s security systems in light of those guidelines and perform an audit of their environment. Most reputable providers offer top-notch security, and for many firms, these providers may represent a more economical option than attempting to set up a firewall in-house.

ProtectSSN

While sensitive information is particularly vulnerable when firms are hosting data, it can also be compromised when turned over to adversaries or government entities, or when it is filed with the court. Rule 5.2 of the Federal Rules of Civil Procedure, as well as many state equivalents and industry regulations such as the Health Insurance Portability and Accountability Act (HIPAA), require privacy protection for parties or non-parties whose information may be included in court filings. Such information not only includes SSNs, but also taxpayer-identification numbers, birth dates, financial account numbers and the names of minors. As awareness of identity theft increases, courts have become increasingly intolerant of un-redacted PII and have recently granted sanctions when sensitive information has been exposed.

Three recent cases illustrate the risk to counsel that fails to heed the importance of protecting PII. In Allstate v. Linea Latin, the plaintiffs filed an Amended Complaint on the court’s Electronic Case Filing System, which contained more than 160 pages of exhibits disclosing birth dates, names of minors, and financial and other sensitive information. The court cited the advisory committee note to Federal Rule 5.2 and made clear that it is up to the parties to remember all documents are now available over the Internet. The court went on to add that attorneys can no longer ignore technology and shift blame for missed redactions to support staff; the potential consequences of filing documents with personal information are now far too serious. The court emphasized that it is the responsibility of counsel to ensure that personal identifiers are properly redacted. Accordingly, sanctions were granted against plaintiff’s counsel.

In Weakly v. Redline Recovery, documents were filed with the plaintiff’s full SSN listed. Prior to filing the documents, the defendant’s attorney checked a box indicating that he had read a notice that explicitly established his responsibility for redacting  sensitive  information:  “IMPORTANT  NOTICE OF REDACTION RESPONSIBILITY: All filers must redact: Social Security…numbers…in compliance with Fed. R. Civ. P. 5.2.” Sanctions were granted against the defendant’s counsel. Finally,  in  Engeseth  v.  County  of  Isanti,  counsel  filed an affidavit with full SSNs and dates of birth for 179 individuals. The court stated it was deeply concerned about the harmful and widespread ramifications associated with negligent and inattentive electronic filing of court documents and noted that, although electronic filing significantly improves the efficiency and accessibility of our court system, it elevates the likelihood of identity theft and damage to personal privacy when lawyers fail to redact. Again, sanctions were granted.

In light of these and other cases, it is crucial that attorneys identify  all  instances  of  PII  during  the  review  phase  of e-Discovery. Tired eyes can often miss data that reveals personal information. To mitigate this risk, firms should consider using a tool that automatically redacts patterned data such as SSNs and birthdates. With auto-redact technology, reviewers can designate redaction patterns of data to look for, including specific number patterns (such as SSNs or phone numbers or account numbers) or specific text strings. The tool will search for and find them automatically, obscuring them with a black box to ensure they are not produced. A good tool will also incorporate a number of quality control protocols to validate performed redactions, flag instances of data that may require manual redaction and generate reports to document a defensible process.

Now that nearly all evidence is stored electronically and can be accessed online, implementing security measures that meet FTC standards for protecting private data is an essential first step to ensure PII is protected, but many firms will also want to consider using automated redaction tools, which not only significantly reduce the risk of missed redactions, but also streamline the redaction process to save both time and money.

Samantha Green

Samantha Green serves as e-Discovery Counsel for DTI. She is an attorney with over 10 years experience. Samantha has substantial expertise in all aspects of electronic discovery, including drafting best practices for both law firms and corporate clients, as well as formulating workflow solutions for large discovery projects. She has an in depth understanding of electronic discovery, litigation readiness, ESI hosting, review and production processes as well as the different technology and business approaches and cost implications associated with each. Samantha has taken cases from pre-discovery through trial. Samantha has advised, written and spoken on all phases of the electronically stored information (ESI) life cycle with a broad range of experience in initial case assessment and engagement management. She has worked on many government investigations, including FCPA and antitrust matters, as well as, second requests and litigations that cross all spectrums. Prior to joining DTI, Samantha was the e-Discovery Attorney for Blank Rome LLP.

More Posts

Digg This
Reddit This
Stumble Now!
Buzz This
Vote on DZone
Share on Facebook
Bookmark this on Delicious
Kick It on DotNetKicks.com
Shout it
Share on LinkedIn
Bookmark this on Technorati
Post on Twitter
Google Buzz (aka. Google Reader)
PDF24    Send article as PDF   

Filed Under: Technology

About the Author: Samantha Green serves as e-Discovery Counsel for DTI. She is an attorney with over 10 years experience. Samantha has substantial expertise in all aspects of electronic discovery, including drafting best practices for both law firms and corporate clients, as well as formulating workflow solutions for large discovery projects. She has an in depth understanding of electronic discovery, litigation readiness, ESI hosting, review and production processes as well as the different technology and business approaches and cost implications associated with each. Samantha has taken cases from pre-discovery through trial. Samantha has advised, written and spoken on all phases of the electronically stored information (ESI) life cycle with a broad range of experience in initial case assessment and engagement management. She has worked on many government investigations, including FCPA and antitrust matters, as well as, second requests and litigations that cross all spectrums. Prior to joining DTI, Samantha was the e-Discovery Attorney for Blank Rome LLP.

RSSComments (0)

Trackback URL

Leave a Reply

  • Polls
    Sorry, there are no polls available at the moment.