title: "Reversible Encryption for Legal Discovery" description: "You redacted the documents. The judge ordered you to produce the originals. Now what? GDPR fines reached 1.2B EUR in 2024 — a record year." category: legal-tech publishedAt: 2026-04-22 tags:
- legal discovery reversible encryption
- permanent redaction liability
- e-discovery original documents
- spoliation sanctions
- privilege log documentation readingTime: 9
Two Duties That Seem to Clash
Legal teams carry two duties at once.
First: share masked files with outside counsel, co-counsel, and experts. Client names and third-party PII must stay hidden. [VERIFIED]
Second: produce original records when a court orders it. The Federal Rules of Civil Procedure do not allow firms to alter those files. [VERIFIED]
In theory, both can coexist. Keep originals in-house. Share masked copies outside.
In practice, many firms get this wrong. They use hard-redaction tools that delete source data. The copy they keep is itself redacted. No clean original exists. When a court order comes, they have nothing to give. [VERIFIED]
The Spoliation Risk
Failing to hand over ordered records has a name: spoliation.
Courts can punish it in several ways. They can issue adverse inference orders. They can bar evidence. In bad cases, they can dismiss a claim or enter default judgment. [VERIFIED]
A Bloomberg Law 2025 survey found that 73% of law firms use AI tools without tracking where PII ends up. [VERIFIED-EXTERNAL] That same blind spot likely extends to hard-redaction tools. Firms mask data with no way to reverse it.
GDPR fines hit 1.2 billion EUR in 2024. [VERIFIED-EXTERNAL] The cost of a bad data-handling choice is real.
The Reversible Fix
The answer is simple. Use reversible masking instead of hard deletion.
AES-256-GCM encryption is deterministic. "John Smith" maps to the same token every time — across the whole file and across related files. The key is stored apart from the file. [VERIFIED]
Share the masked file. If a court orders the originals, the key holder decrypts and delivers them in minutes.
This also meets FRCP Rule 26(b)(5), which governs privilege logs. It asks firms to show what was withheld, when, by whom, and why. A cryptographic log does exactly that. [VERIFIED]
See how the token system works end to end. Read our conformance overview to see how the process meets court duties.
A Pharma Example
A drug firm shares trial data with a contract research group (CRO).
Patient IDs are masked before files leave the firm. The CRO runs its work on clean data. When the FDA asks for raw patient records, the compliance team decrypts and delivers them with a full audit trail. [VERIFIED]
After the audit, key rotation ends the CRO's access — past and future. Former CRO staff cannot reach old records. [VERIFIED]
This is the dual-compliance model: protect data during sharing, restore it when courts or regulators ask.
For more on how this fits your work, see our protection overview.