Blog / Shining a light on dark data – what should law firms do?


21 June 2019

While ‘dark data’ is a hot topic in the legal industry and an issue that almost every firm has to deal with, there is no exact law or specific guidance as to how to proceed. This short guide will explain dark data, how it threatens law firms who ignore it and best practice on how to stay on top of the problem.

What is dark data?

Dark data is data that organisations keep unknowingly. The bulk of a firm’s dark data is often old client data, such as scanned files, email attachments and bulk file imports added into a file system. This important information can go dark if the law firm lacks the searchable technology necessary to find it.

The issue

Unmanaged, uncategorised content is widespread in most law firms. While all lawyers have an explicit obligation to preserve and protect client records, it remains unclear for how long said records need to be retained.

The threat

This overlooked information occupies valuable storage capacity and may contain hidden risks. For instance, dark data is a serious threat to GDPR compliance because sometimes a law firm is required by an organisation to provide all data relating to the requestor. Failure to provide all of the information because the documents were undiscoverable can lead to costly financial penalties. What’s more, forgotten data may even conceal obsolete or inaccurate information that could be misinterpreted if discovered when being audited.

Best practice – take action

It is always better to take pre-emptive action rather than waiting for a data leak to occur. On the bright side, potential ROI can also be rediscovered when bringing dark data to light. A potential solution is to bring in new technology that can analyse, categorise and classify the information lying dormant in your files. This will not only allow you to understand how much dark data you have, but also help you to figure out what should be salvaged, studied further or destroyed. It should be stressed that you can safely destroy dark data – so long as you document your process by demonstrating that you have consistently defined the scope of the destruction and that you have been consistent in your approach throughout. Having a well-documented process that is consistently applied will help to defend your firm against potential claims of spoliation in the future.