As any lawyer knows, data security is a huge concern to clients, and it is an area that all Litigation Support vendors should have resources dedicated to. As, in order to ensure that the most robust data protection and information processes are in place, this must be underpinned by a rigorous physical security process.
Make sure you’ve read part one to this blog.
Due to the confidential nature of work that any eDiscovery vendor undertakes, they should hold a number of certifications regarding Data Security which are complemented by comprehensive internal company policies.
Certifications regarding data security
One of the most important is the internationally recognised ISO 27001 certificate, which encompasses company security policy, asset management, physical and environmental security, access control, security incident management and compliance. The ISO 9001 certificate in Management Systems is also extremely important certification and ensures that companies are complying with industry standards regarding internal policies, records, auditing and have sufficient business continuity systems in place. Each member of the delivery team should work within the ISO 9001 recognised standards to ensure continuity of service and to ensure that clients data remains secure.
Fines of data breaches
It is important to understand the consequences that may be applied by the various regulatory bodies if there is a breach of these and other standards. For example, under the UK’s Data Protection Act, the maximum fine for companies for data breaches was £500.000. Since the EU’s GDPR came in to force on 25 May 2018, companies can now be fined a penalty of up to 4 per cent turnover. In July 2019, the ICO flexed its GDPR enforcement muscles for the first time. British Airways is facing a record fine of £183m for last year’s data leakage (1.5 per cent of its turnover), and it was revealed that hotel chain Marriott would be fined £99m (3 per cent).
