Encryption and e-Discovery are Often at Odds

Posted 1/31/2012

Electronic Discovery doesn’t always align with other IT processes and business requirements. Some organizations need to archive data to relieve strains on data storage and comply with data retention requirements. And, increasingly, organizations are encrypting sensitive data to meet regulatory mandates and prevent data breaches. Both of these processes can impede e-Discovery readiness.

A lot of ink has been spilled discussing the impact of archival on e-Discovery. Questions asked include: Where is the data located? On what type of media is it stored? Will you be able to access and produce it in response to an e-Discovery request?

Encryption is an emerging challenge. According to Symantec’s 2011 Enterprise Encryption Trends Survey (download requires free registration), 42 percent of organizations have been unable to respond to e-Discovery requests due to encryption issues.

The problem is only going to increase. Forty-eight percent of enterprises increased their use of encryption over the past two years, and almost half of their data is now encrypted at some point in its lifecycle. But one-third of survey respondents said unapproved encryption deployment is happening on a somewhat to extremely frequent basis. Because these projects are not necessarily following the company’s best practices, 52 percent of organizations have experienced serious issues with encryption keys including lost keys (34 percent) and key failure (32 percent). In addition, 26 percent have had former employees who have refused to return keys. That means the encrypted data is essentially lost.

Fragmented encryption creates risk from the lack of centralized control of and access to sensitive information. That’s why it can disrupt critical processes such as e-Discovery and compliance monitoring. In fact, the inability to access important business information due to fragmented encryption solutions and poor key management is costing each organization an average of $124,965 per year, according to the survey.

The inability to respond to an e-Discovery request could cost much, much more. Encryption must therefore be tightly integrated with e-Discovery tools, processes, and policies. Organizations should take steps now to prevent ad hoc encryption and ensure that data can be decrypted in the event of litigation.

Data Collection and Production

E-Discovery efforts should employ sound data collection methods that return the expected results quickly and efficiently. The Whitehouse Law Firm can work with you to devise and test collection strategies that meet your litigation objectives. We’ll discuss what to collect, how to collect and preserve it, and whether everything collected should be reviewed.

Even if you’re not conducting e-Discovery in a matter, The Whitehouse Law Firm can work with your opponent’s attorneys to review their collection methods. You want to ensure that you receive all of the information requested, and having an attorney on your side who understands e-Discovery could get you closer to that result.

Once the data collection and document review phases are complete, The Whitehouse Law Firm can coordinate with third-party vendors and your opponent’s attorneys to validate the exported data (known as “load files”), whether incoming or outgoing.

Contact The Whitehouse Law Firm to discuss your data collection and production needs.