Sensitive and secure: How we dealt with a high-profile litigation [Case Study]
While we handle all data with utmost due diligence and care, some client documentation can be either commercially sensitive or high profile enough that we must challenge ourselves strategically in order to manage it. Read on for a recent example of how we did that in order to deliver a seamless, secure and value-added client service.
Project hosting with government-level security
Our client was involved in a high-profile litigation and had a large amount of sensitive data that they wanted hosted in a dedicated environment with airtight security.
We discussed a range of potential options with the client, from which they eventually selected the following two-stage workflow, allowing for the review and redaction of sensitive documents before moving qualifying documents to the next stage of the project.
Step 1: Initial Filtering
We hosted the source data in a single-tenancy environment where the client had both exclusive use of the hardware and software, as well as a dedicated physical space in a London data centre.
Step 2: General Review
The client’s qualifying documents were then moved to a multi-tenanted system, where their data was kept separate from other projects by standard eDiscovery processes.
Dealing with highly confidential data
The client regarded the source data as both highly confidential, and highly commercially sensitive – in addition, this data was originally located outside of the EU.
The initial filtering of the data (first-pass review and redactions) needed to be completed on an isolated system with dedicated review software.
The client did not wish the data to sit alongside other client data in a multi-tenanted environment, so we waited for the data gleaned from this initial filtering to be cleared for confidentiality (or if appropriate, redacted) before transferring it to a standard multi-tenanted system.
This methodology allowed for both a high level of security during the filtering stage and flexibility once the data was transferred.
Identifying a suitable colocation
A suitable data colocation with governmental level security was then identified for use – the client undertook a site visit to ensure they were satisfied with the physical and procedural security.
After the client expressed their satisfaction with the site, the server suite was leased and appropriate equipment was installed into a dedicated cabinet with upgraded locks.
A mid-level data processing and hosting software was selected and installed on the servers along with all the other ancillary software required to operate the system effectively.
Time and data
There was an initial 12-month commitment for the initial filtering stage due to the hardware cost and data co-location minimum terms, after which there were 6-month extensions available.
Data was received from the client via encrypted drives and was loaded on to the storage device. Initially, 1.2TB of data was ingested into the review tool and deduplicated, resulting in a total reviewable document pool of several million documents.
The client then utilised over 50 reviewers based outside of the EU to undertake the filtering process.
Altlaw produced supporting documentation to allow reviewer machines to be configured correctly and training material for the reviewers.
We also provided daily progress reporting, working to ensure that there were always adequate batches to maintain a consistent workload for the reviewers and that as soon as documents were qualified for the general review they were then batched up and transferred to Altlaw’s standard Relativity instance in our colocation data centre.
The initial filtering database was live for a total of 18 months before being decommissioned, and the storage media returned to the client.