Digital White Papers

I L T A W H I T E P A P E R | L I T I G A T I O N A N D P R A C T I C E S U P P O R T 9 limitations for the data, and process for its disposition. This is best regulated in an automated environment. It is important that attorneys not keep data on their local drives. When a firm maintains a policy of storing internally produced work product separate from client provided data it is easier to return client data at case close. Best practices will dictate keeping internally produced work product exclusively on the firm document management system (DMS). Data from the client should be segregated into a document review and production tool or an extranet or network share. Due to the highly sensitive nature of the data, extra measures need to be established and deployed to ensure that client data is protected at case close out. This is true whether or not protective orders exist for the matter. Electronic Files: If the client chooses to have its electronic data returned, the firm should encrypt the files then securely transmit them back to the client via Secure File Transfer Protocol (SFTP). Other methods exist, such as encrypting the files and loading them to an external drive to be delivered to the client via courier. No matter which of the many methods are used, it is very important that care be taken to secure the files so that they cannot be intercepted by a third party. If the client elects to have its electronic files deleted, it is very important that they be permanently deleted. Purposefully segregating client data throughout the matter will help identify and capture client data to ensure that proper deletion can take place. Electronic copies of client data will not only appear on the firm servers but also on PC's, smartphones, and in the cloud. Opening and saving documents locally is not recommended due to the time and effort that it takes to capture all client data. File analysis software or content analytics software will find copies of client data so that it can be deleted. Automated disposition is recommended when it can be employed. Where automation is not possible, attorneys should be told to manually delete files off drives – not to keep copies. E-discovery providers should also be notified to permanently delete all client data. Paper Files: If a client chooses to have its physical data returned, the client should provide the firm with shipping credentials, including tracking, so that the chain of C A S E C L O S U R E , B E S T P R A C T I C E S , P A R T 2 ( C O M P L I A N C E ) custody can be followed until the data is received by the client. In most cases the client will not ask to have its physical data returned and will choose to have its data destroyed. Paper files should be shredded to destroy all content and information. Secure bins and a reputable shredding vendor who will certify to the shredded bins should be used so that no client information falls into the wrong hands. Additionally, a firm-wide "shred everything" policy where all paper gets shredded in the normal course of business will ensure that no sensitive client documents will accidently wind up in the garbage where a breach can take place. Client data needs to be protected and well managed so that it is securely and entirely deleted and disposed of or securely transferred back to the client at case close out. ILTA Kathryn McRae Kathryn is the Director of Research and Knowledge at Hawkins Delafield & Wood LLP. She manages strategic planning, project development and the annual operating budget of the R&K department, in addition to involvement on cross-functional teams. She has implemented many initiatives, including the firm-wide intranet. Prior to her current position, she worked at Wachtell Lipton Rosen & Katz as a Reference Librarian. Kathryn is a graduate of the State University of New York at Buffalo, where she received a B.A and an M.L.S, as well as of the City University of New York, where she received a J.D. She is admitted the NYS Bar and is a certified IGP.

• Cover