Your single source for new lessons on legal technology, e-discovery, and the people innovating behind the scenes.

Connecting the Dots Between e-Discovery, Information Governance, and Cybersecurity

Mary Rechtoris

Throughout the legal tech industry, there are experts in a variety of fields, including cybersecurity specialists, information governance gurus, digital forensic sleuths, and e-discovery superstars.

When suspecting a potential data breach, companies often seek a cybersecurity expert to mitigate their risk. Similarly, a company facing a lawsuit will often use an e-discovery expert to help them find “truth” among the competing facts and disparate allegations in the case. 

But what if there are no distinct lines between cybersecurity, information governance (IG), and e-discovery?

“The convergence of cybersecurity, e-discovery, and information governance has arrived forcefully,” said VP of Forensic Services at Charles River Associates Josh Hass. “For this reason, we cross-train our personnel extensively and identify exciting new use cases for technological tools.”

The New Status Quo

A cybersecurity incident often uncovers deficiencies in an organization’s IG system. Hackers can access data, and companies are particularly vulnerable if they didn't appropriately train their personnel, preserve various logs, and secure or dispose of their data. An organization without a robust IG program may be putting their data at a dangerous level of risk, according to Josh.

These connections are clear. So where does e-discovery come into play?

“What many people don’t understand is that the backend of cybersecurity is e-discovery,” Josh said. “Our e-discovery expertise, workflows, and technologies are incorporated into our cyber, forensics, and information governance offerings.”

For example, when a client suspects or uncovers a data incident, CRA consultants analyze its infrastructure and data to determine if a breach occurred and to identify and remediate any potential weaknesses. The team uses RelativityOne and other tools to collect data that may have been exposed. The consultants then use early data assessment (EDA) and data analytics workflows to identify what data sources specifically have been breached.

The team then processes, reviews, and produces that data all within the platform.

“RelativityOne allows us to complete these projects in a short timeframe with high accuracy,” Josh said. “And, to do so cost-effectively and with budget predictability.”

Cybersecurity groups that fail to follow the EDRM are doing their clients a disservice, Josh noted. Some still use forensic examiner tools to investigate pockets of data when a potential breach occurs. These tools provide high-level insight.

Traditionally, this has sometimes been sufficient when handling a data incident, but in this new era of security regulation, the status quo is no longer enough. May 2019 marked the one-year anniversary of the EU General Data Protection Regulation. And there is talk about an American equivalent to the GDPR being on the horizon – California will implement its own version (California Consumer Protection Act) in January 2020.

“Organizations only doing what they need to mend the hole will not be compliant with information security/privacy regulations moving forward,” Josh said. “You need that deep insight into your data. RelativityOne helps deliver the line of sight we need, and thereby help our clients better adhere to new security protocols.”

The Key Differentiator: People, Process and Technology

CRA’s forensic services practice continuously invests in its technology stack and enhancing its service offering. Additionally, the company has boosted its army of subject matter experts (SMEs).

“Technology alone is no longer a main differentiator,” Josh said. “You must have people with unique skillsets and forensic perspectives, using technology in creative and effective new ways.”

On a recent client matter, CRA’s forensic services team paired the appropriate SME with an e-discovery specialist. The SME was able to make informed conclusions about the data. In turn, the e-discovery expert drove the workflows to help the SME conduct her analysis.

“We leverage our SMEs and e-discovery team to work quickly, stay within budget, and deliver a high quality work product,” Josh noted. “We strive to be ultra-nimble so we are able to pass along any cost savings to our clients, recognizing that speed and accuracy are essential in most of these matters”

Clients also have one criteria top-of-mind when selecting a provider for their matters: security. A cloud-based solution has been key in securing business with CRA's corporate clients.

“We’ve learned to lead with how cybersecurity is at the forefront of what we are doing,” Josh said. “We always talk about the Calder7 team at Relativity to illustrate our commitment to this objective.”

The Calder7 team at Relativity has experts in product security, cybersecurity, risk, and compliance. The team's diverse areas of expertise drive forward their core mission—they anticipate threats and mitigate risk for Relativity and RelativityOne clients.

“Having a team that maintains the highest level of security is a key reason we moved to RelativityOne,” Josh said. “Everything else was gravy.”

Learn More about Security in RelativityOne


Mary Rechtoris is a senior producer on the brand team at Relativity, where she's always collaborating and looking for new ways to develop and socialize stories.

The latest insights, trends, and spotlights — directly to your inbox.

The Relativity Blog covers the latest in legal tech and compliance, professional development topics, and spotlights on the many bright minds in our space. Subscribe today to learn something new, stay ahead of emerging tech, and up-level your career.

Interested in being one of our authors? Learn more about how to contribute to The Relativity Blog.