How secure is my Managed Review? What confidentiality measures should be in place for Managed Reviews?
As any Partner, Associate or Corporate Counsel is aware,
client confidentiality is key to any litigation or investigation.
All clients justifiably have concerns regarding confidentiality. One of the most important elements of confidentiality is that it helps to build and develop trust and allows for the free flow of information between all parties involved in a project.
A breach of these processes can have catastrophic consequences for clients. Data breaches are often reported in the press whereby an individual has not followed the relevant data security processes and therefore has created a potential data breach.
Confidentiality measures recommended for reviews
Any competent review company will have comprehensive processes in place regarding confidentiality around review projects. With reviewers on a project at times numbering 100 or more, it is vital that uniform NDAs are created and that the opportunity to breach these confidentiality terms is mitigated wherever possible. The Review Manager should create a project specific NDA for each project which are signed, electronically stored and sent to the client for their records.
Unless specified by the client, a secure box that contains all reviewers’ mobile phones should be used. Internet access should be limited – but not forbidden. No data should leave the review room unless taken by the client, and access to printers should be very limited.
It’s important to work with clients to establish a happy balance that neither interferes with work but keeps a pleasant working environment. For example, downtime space, refreshments and access to fully functioning kitchen will keep the reviewers refreshed and engaged. You want a space that balances security with an environment with which reviewers are happy and productive.
A review centre should have the correct and relevant access controls in place, which are monitored, and the review centre should only be entered with a security fob that is taken back at the end of the review. All notes relating to a project are disposed of in an ISO registered unit which is then taken away and destroyed in an ISO compliant manner.
In the last 12 months, Altlaw have undertaken managed reviews on highly sensitive public inquiries and projects involving regulatory bodies, where our clients have had very high requirements regarding data security. Before these reviews started, Altlaw provided our clients with details outlining our stringent security measures and explained in detail how we ensure the security of the data that was being reviewed. The fact that we have had projects such as these on a regular basis reflects the fact that Altlaw have continuously satisfied our clients’ rigorous demands regarding confidentiality.
All the above confidentiality measures, coupled with a deep understanding of the nature and requirements of a managed document review will make for a successful outcome. One that will deepen the trust between the law firm, the client and managed review provider.
If you have any questions regarding our managed review services, don’t hesitate to contact us today.