Safeguarding the Confidentiality, Integrity, and Availability of ESI during Investigations and Litigations in the Asia-Pacific Region

By Michael Wudke, President, Forensic Technology and Consulting

In the world of information security, the term “CIA” is well known: Confidentiality, Integrity, and Availability. This principle is often overlooked during investigations or litigations involving ESI, particularly through the course of international/cross-border engagements involving the Asia-Pacific (APAC) region.

Preparedness for investigation/litigation is one of the main challenges faced by organizations based or operating within the APAC region. This, coupled with the exponential increase in source-data volume and difficulties associated with determining what data is potentially relevant, creates a need for specialized capabilities to handle sensitive data. In today’s competitive climate, much of the data stored in APAC organizations requires special handling in order to ensure the protection of personal data and company intellectual property.

Many APAC organizations employ security measures designed to protect information from being disseminated outside the company. These same safeguards make it difficult for law firms and service providers to conduct the necessary steps in conforming to investigation and litigation data collection and production requirements. Some organizations may prohibit data from being removed, while others may encrypt the data. Furthermore, local regulatory requirements may prevent the removal of data from the country/jurisdiction without first conducting some level of review.

To overcome these challenges, retaining a consultant/service provider with a local presence is the first step. Digital forensics and electronic discovery/disclosure are still relatively new fields in the APAC region and experienced service providers are difficult to find. However, there are a handful of service providers, like TLS, that have a local presence and can deploy teams with the technical knowledge and custom mobile technology to deal with each client’s individual needs. While every situation is unique, given the abundance of corporations doing business in the region, all challenges can be overcome with the proper advice and expertise.

Developing a game plan prior to starting any investigation or litigation collection activities is key to maintaining CIA of ESI. The creation of a playbook using a preferred vendor/process can be accomplished from just one engagement. On-site capabilities, using the latest technology, are readily available with proper experience and guidance from third-party service providers and consultants like TLS.

Most importantly, don’t wait until the last minute when responding to a request for information. Reach out to those that deal with these matters on a daily basis for advice and solutions. Keep your source data on site and in conformance with IT security policy and procedure by using the right technology and leveraging an experienced service provider to export only documents that are relevant to the matter at hand.