CXO Bytes

Video Depositions: Data Security and Attorney-Client Privilege Concerns

Video depositions are not new. Attorneys have been using them for years to conduct discovery for court cases. They have proven useful when witnesses cannot appear in court or pinpoint inconsistencies in testimonies. They also offer lawyers a more impactful way of presenting a deposition to juries. Normally, these video depositions happen on-site in legal offices, with the presence of a court reporter to transcribe the deposition, a legal videographer, and the lawyers of both parties.

However, during the COVID-19 pandemic, with stay-at-home orders in place, video depositions began being conducted and recorded remotely. As a consequence, a wealth of highly sensitive data was suddenly created. In the aftermath of the pandemic, remote video depositions are here to stay, but law firms now face the difficult task of securing these files against potential data breaches.

Law firms and data breaches

Should video depositions be stolen or made public, attorneys risk not only breaking attorney-client privilege but also causing a mistrial that might considerably delay legal proceedings and cause clients to seek a different law firm to move forward with their case. Such incidents can also severely undermine the public image of a law firm, making clients distrustful that the confidential information they provided the company with will not be leaked publicly.

Data protection is not only crucial from a reputational point of view and can lead to legal liabilities in case of data breaches.

Data security risks associated with video depositions

Video depositions are large media files that need to be shared with various parties and are usually edited for trials as some questions may not be admissible in court. Due to their size, they cannot be easily shared via simple emails. They need to be transferred over the internet using cloud or file sharing services or copied onto removable devices. Both of these methods come with associated risks.

When it comes to removable devices such as USBs, due to their size, they can be easily lost or stolen. Transfers over the internet can be risky if employees use their personal accounts or services whose security has not been verified by a company’s IT department. Using insecure cloud or file sharing services can easily lead to data leaks.

Ideally, law firms should provide employees with their own approved services to facilitate such data transfers. However, at the same time, they must ensure that employees use only these trusted services. This can be done through Data Loss Prevention (DLP) solutions which allow companies to identify, monitor, and control sensitive data transfers.  By using DLP, companies can ensure that employees use only approved services for video deposition transfers. They can also block video depositions from being uploaded on video streaming websites, sent through popular messaging apps, or shared on social media.

DLP solutions can address the issue of removable devices. Law firms can block or limit the use of USB and peripheral ports as well as Bluetooth connections. There is also the option of USB enforced encryption which ensures that any files transferred onto a USB are automatically encrypted with government-approved 256bit AES CBC-mode encryption.

By monitoring the use of ports, companies can also keep track of which employees have copied which video depositions on removable devices and at what time. In this way, law firms can monitor the movements of video depositions at all times, avoiding potential leaks and data loss.

(The author is Mr. Filip Cotfas, Channel Manager, CoSoSys and the views expressed in this article are his own)

Leave a Response