As the battle against COVID-19 continues, with growing hope of seeing an end to the crisis sometime during 2021, we are still not out of the woods yet. The COVID-19 impact is still very widespread and has affected most industries and sectors. E-discovery is no exception, and the current impact on the field will continue to be present long after the crisis is over.
There are numerous challenges and concerns facing those conducting discovery during these testing times. These issues need to be taken into consideration and in certain cases remedied, now or in the near future.
The pandemic has radically impacted the work environment, with many businesses working from home or remotely. This in turn affects e-discovery in several ways. It creates new data sources that need to be preserved and collected.
Various factors such as connectivity, IT infrastructure, work habits and security guidelines have created new sources of data as digital files are transmitted from and stored in new locations. New information is constantly being generated and stored on a myriad of devices that the organization does not control and is often not even aware of.
In addition, the need for remote communication both internally between individuals and teams, and externally with clients, services provider and other counterparts has led to the proliferation of communication tools and applications, many of which are nonstandard or have not been cleared by the organization for official use.
These issues may add to the preservation and collection requirements when responding to discovery requests for information created during this period. Furthermore, some experts believe this bell cannot be “unrung”, even after the pandemic is over, and that e-discovery practices, tools and solutions need to be updated with these factors in mind.
Social distancing and lockdowns are hindering forensic collections, except those that can be done remotely. The current situation and the subsequent government and municipal regulations make it very difficult and, in some places, practically impossible to have in-house or 3rd party forensic experts collect data and documents that require physical access. Thus, parties may need to find vendors or tools that allow them to carry out remote forensic collections and defer collection where remote collections are not possible.
Locating and scanning paper documents has become a big challenge since it requires physical supervision at each step of the process. Paper files and other documents that require in-person collection may need to be deferred until the crisis abates and travel restrictions are lifted.
Cyber and data security considerations are also a major concern, as remote working and widespread remote access have ushered in a host of cybersecurity vulnerabilities. While this is true across all aspects of the business, it is particularly significant in our case. The COVID-19 crisis has required organizations and vendors to scramble and modify their systems very quickly, and they may not all have been properly configured or protected. Moreover, hackers are aware of the vulnerabilities inherent in remote working configurations, and that discovery vendors and reviewers have access to highly valuable and important data. This makes all players involved an attractive target for cyber-attacks.
In response to governmental remote working and social distancing restrictions, many vendors had to quickly transition from on-site review to remote review to address discovery deadlines. Many vendors have touted their ability to have their reviewers work from home with some claiming that it is just as secure. As an initial matter, it is simply not accurate to say that remote review is as secure as review done in a vendor’s dedicated facility with all the physical and data security protections and on-the-ground oversight and management that physical locations offer.
For instance, when a reviewer is working remotely, other household members or visitors may be able to see confidential information displayed on the reviewer’s screen. The reviewer might also have undetected malware or viruses on their systems. Moreover, the reviewers are using untested (and possibly unsecure) internet access, elevating the risk that attackers may be able to intercept the data.
Given all the above issues, all parties involved need to better acknowledge and understand the challenges underlying discovery during the pandemic. Opposing parties need to reach reasonable compromises regarding what can and cannot be done and when, what is doable and when it can be done, all while maintaining the security and confidentiality of the parties’ business information.