How to Limit Who Can Access Your eDiscovery Productions

08 August 2022 by Ross eDiscovery VPN

Takeaway: Not everyone on your team needs complete control of your eDiscovery case. So, the best eDiscovery applications let you match team members to one of four user levels – each handling different tasks like case review, strategy, admin, and billing.

Cloud eDiscovery gives team members convenient access to all the same files. But this means you’ll need extra security for your data.

The beauty of eDiscovery subscription services is that your software and data are in the Cloud – giving everyone on your team easy access to the same resources. This frees them to work remotely simply by signing in to the software via their web browser. However, this ease of access means that someone could potentially alter or delete vital case data, so you’ll need to ensure your software has the right security features.

First, you’ll want multi-factor authentication as a gatekeeper for unauthorized users.

Multi-factor authorization (MFA) adds a layer of security to Software as a Service (SaaS) platforms, which is why most applications offer it as a feature (e.g., online banking apps, ATMs, Gmail, etc.). The core concept is that you’ll need more than one piece of information to verify your identity when logging in online. Usually, that means entering a password, following which you’ll receive a verification code via SMS or an authentication app like Google Authenticator. And this multi-step process means that hackers have to do more than just crack your password to compromise your case. Learn how eDiscovery applications set up MFA.

Next, you’ll want to set up custom access permissions for different users.

When choosing an eDiscovery application, look for one that lets you set up multiple access levels, with each level giving users the types of permissions listed below.

1. Some users should be allowed to only search/review data and create productions.

The first level of access should be reserved for reviewers – i.e., people who only need to go through what’s already been uploaded. This means viewing and searching files, requesting add-on services, creating/removing redactions, applying/removing tags, etc. Here are the two features ‘level-one’ users will need:

a) Creating and saving searches.

Reviewers should be able to run niche ‘advanced’ searches combining keywords, metadata, names, dates, and more to form a complex search command. (For instance, they could ask the software to find all PDFs – but not emails – created before June 2014, that mention the ‘Smith merger.’) Advanced searches use simple dropdown menus to connect conditions (that tell the search engine what to look for) and operators (e.g., AND, OR, NOT, etc.) that combine conditions in specific ways. Crafting and testing these searches take time, so reviewers must be able to save and share the searches they create. (5 steps to creating an advanced search.)

b) Applying and removing pre-existing tags.

Tags are virtual Post-its that you can attach as labels to files, allowing you to group and pull up related documents with a single mouse click. For instance, you could tag files as Privileged, Non-Responsive, Irrelevant, Important, and Confidential – a great way of adding context to documents without changing their contents. Also, you’ll be able to add notes to your tags and bulk-tag large document groups to save time. Tags help reviewers orient themselves quickly while skimming through long lists of files, and allow them to bulk-add files to produce. But level-one users should only be allowed to use pre-existing tags (i.e., not create or edit new ones).

2. The next level of user will need more file and editing access.

In addition to reviewing existing data, the next level of user should be able to upload new files, create/edit/delete tags, and delete advanced searches, productions, and reports. Uploading files, in particular, is a huge responsibility because it could potentially change a case’s outcome. Even the best eDiscovery tools can’t help if essential responsive files haven’t been uploaded, processed, and fit into your software’s database. So, uploaders must ensure that the software tracks errors, flags duplicate files, and logs/lists unprocessed files.

3. A higher-level ‘admin’ account will need special access to case management features.

Admin accounts should be able to change case settings, add/remove users, delete/archive cases, and share productions. Here’s why this is important:

a) Deleting cases

Mistakenly deleting a case could make gigabytes of valuable data irrecoverable, so only high-level users should have access to this feature. (Many eDiscovery applications allow admins to ‘archive’ files instead of deleting them. Archiving lets you store case data at a fraction of the cost of active cases, although it’ll take about 24-72 hours to archive/retrieve your files.)

b) Sharing productions

Sharing productions can be a significant eDiscovery vulnerability because users could mistakenly email them (and their sensitive contents) to the wrong people. That’s why newer eDiscovery applications let you share productions via a link. Anyone with the link can access the production through your eDiscovery software, but you’ll be able to invalidate the link at any point – effectively ‘locking’ the production. However, you’ll still want to limit these sharing privileges to admin-level users.

4. Finally, case owners should be the only ones with access to subscriptions and billing.

The best eDiscovery applications simplify billing by charging you an all-inclusive, flat monthly subscription fee. And moving between case plans is easy because all prices are prorated. However, to avoid confusion, most law firms limit subscription and billing access to just one or two case ‘owners.’ (Note: These owners have reviewer, user, and admin powers, too – so they can actively contribute to eDiscovery reviews and case strategy.)

So, how do you get this sort of multilevel protection? Look for a team-oriented eDiscovery application.

GoldFynch is an example of an eDiscovery subscription service designed for legal teams of all sizes. It comes with multi-factor authentication and custom user permissions, but just as importantly, its pricing plan stays the same regardless of how many people there are on your team. Plus, it has a few other noteworthy features:

  • It costs just $27 a month for a 3 GB case: That’s significantly less than most comparable software. With GoldFynch, you know what you’re paying for exactly – its pricing is simple and readily available on the website.
  • It’s easy to budget for. GoldFynch charges only for storage (processing files is free). So, choose from a range of plans (3 GB to 150+ GB) and know up-front how much you’ll be paying. You can upload and cull as much data as you want, as long as you stay below your storage limit. And even if you do cross the limit, you can upgrade your plan with just a few clicks. Also, billing is prorated – so you’ll pay only for the time you spend on any given plan. With legacy software, pricing is much less predictable.
  • It takes just minutes to get going. GoldFynch runs in the cloud, so you use it through your web browser (Google Chrome recommended). No installation. No sales calls or emails. Plus, you get a free trial case (0.5 GB of data and a processing cap of 1 GB) without adding a credit card.
  • It’s simple to use. Many eDiscovery applications take hours to master. GoldFynch takes minutes. It handles a lot of complex processing in the background, but what you see is minimal and intuitive. Just drag-and-drop your files into GoldFynch, and you’re good to go. Plus, you get prompt and reliable tech support.
  • Access it from anywhere, and 24/7. All your files are backed up and secure in the Cloud.

Want to find out more about GoldFynch?