This exchange that was written up on the Exterro blog reminded me of a training session I once had:
So, back to the conversation between Legal and IT. Recently, I participated in a call with a prospective client who seem extremely interested in the possibility of having ECA, Collection, Review and Production capabilities at their fingertips. Both Legal and IT were present on the call. Here’s how it went (with slight paraphrasing):
Paralegal from prospective client: “So how does your system get to the data sources we believe have responsive data?
Exterro: “We use connectors that are part of our Data Management application which then access the data sources and are able to see inside the data source.”
Paralegal from prospective client (and without a second of hesitation): “Oh, forget it then. IT would never let us do that. We couldn’t possibly have access to the systems that have responsive data.”
[My inner voice: “WHAAATTT? Really? That’s going to make your job very difficult.”]
Exterro: “In the traditional landscape of Legal and IT and data, this was not really possible. Today there is technology that makes this possible. Legal, IT and even other parts the organization can use the application to access data sources and find the responsive data they are looking for.”
Paralegal from prospective client: “IT would never let us do that.”
Now in my case, I had students in a class from the legal department, and others from the information security department. We were talking about using a tool to collect data from their network, and I said something about the tool needing Admin access or similar in order to access all of the potential information needing to be preserved.
This was met by the security team telling me that no one had those kinds of privileges on their network, because it was a security risk.
You know what, they’re right. It is a security risk. So we had to discuss possible compromises. The reality is, while we were able to find some potential ways for the legal folks to do what they needed to do, without completely voiding their security policies, it wasn’t easy. And the hoops they were going to have to jump through to meet both sets of requirements didn’t exactly result in an efficient workflow.
So be it. You can’t have easy access to all of the potential data your legal team might need, and limited access for security purposes. Those two things aren’t really compatible. You have to find a middle ground somewhere, that you can both live with.
If you’ve been in this situation, what kind of solutions did you come up with?
Image by smag