If your company is involved in a litigation in which electronic evidence will play a significant role, chances are you or your lawyers will engage a forensics expert to assist in the investigation.\u00a0 Doing so is now considered a best practice.\u00a0 But what about the risks involved in having an outside expert accessing your systems, reviewing your data, and potentially storing your data at its offsite facilities for further analysis?\u00a0 Computer and forensic experts will likely come in contact with highly sensitive information of parties to the litigation and, potentially, their customers.\u00a0\u00a0 Types of sensitive information include personally identifiable consumer information (financial records, healthcare records, employment records, transaction information from e-commerce sites, etc.), trade secrets, product development plans, and other proprietary information of the business.\u00a0 The duties assigned to the expert may require contact not only with the adverse party\u2019s information, but also the information of the party for whom the expert is working.\u00a0 The important point is that any mishandling or compromise of the security of that information may (i) cause extreme prejudice in the pending litigation; and\/or (ii) expose the expert and the party who engaged the expert to potentially significant liability.\u00a0 Given the foregoing, it is critical to ensure the expert has in place appropriate information security safeguards to protect the information entrusted to the expert.The following are the types of questions that should be asked of any expert who will be handling highly sensitive information: What safeguards does your company use to protect the security of the data entrusted to it? Do you have an information security policy for your company?\u00a0 If so, provide a copy. Are your personnel specifically trained regarding information security issues?\u00a0 What is the extent of that training and how often is it repeated? Does your company subcontract or outsource any of its data review, analysis, or other services to a third party? Does your company send any data offshore for processing?\u00a0 This is a very significant issue.\u00a0 If the expert intends to send highly sensitive data of either party offshore, this creates a significant information security risk.\u00a0 All agreements with experts should include strict limitations on this activity, without the company or its lawyer\u2019s express authorization. Do you have strict policies regarding the protection of information stored on removable media? Has your business experienced any compromise of security in the last two years, including the loss of project laptops or any removable media on which sensitive data was stored?