Secure Sharing With Co-Counsel and Experts: Links, Expiration, Watermarks (+ Checklist)

Secure sharing with co-counsel and experts means you give the right people the smallest amount of access they need, for the shortest time they need it, and you can prove who accessed what. A solid workflow uses a client/matter folder, tight permissions, expiring links, watermarks on key documents, and access logging. This guide walks you through a simple, repeatable process and ends with a checklist you can use every time.

Primary keyword: secure sharing with co-counsel and experts

What “secure sharing” should accomplish (and what it should avoid)

When you share discovery, exhibits, transcripts, expert materials, or draft work product, you want collaboration without losing control. “Secure” is not one setting; it is a set of choices that reduce avoidable risk.

Your secure-sharing goals

• Least-privilege access: people only see what they need for their role.
• Time limits: access ends automatically (expiration) or can be revoked fast.
• Traceability: you can see access history (audit/logs) and confirm the current permission state.
• Fewer copies: reduce uncontrolled downloads, re-shares, and forwarded email attachments.
• Defensible process: you can explain your steps if the question comes up later.

What to avoid

• Sharing the parent folder (or your whole “Clients” drive) when you only meant to share one matter folder.
• Using “Anyone with the link” for sensitive materials.
• Sending files as email attachments when you need the ability to revoke access.
• Leaving links active forever, with no owner reviewing them.
• Letting collaborators “re-share” or “invite others” without controls.

Step-by-step workflow: client/matter folder → permissions → expiring links → watermarks → access log

This workflow stays the same no matter which platform you use (SharePoint/OneDrive, Google Drive, Box, Dropbox Business, a VDR, or an eDiscovery portal). The names of the toggles vary, but the order of operations is consistent.

Step 1: Create a client/matter folder with a clean structure

Create a dedicated folder for the matter and keep it separate from general client folders. A clear structure helps you share only what you intend to share.

• Folder name: ClientName – MatterName – MatterID (avoid sensitive details in the name).
• Recommended subfolders:
  • 01_Admin (engagement letters, billing docs)
  • 02_Pleadings
  • 03_Discovery_In
  • 04_Discovery_Out
  • 05_Depos_Transcripts
  • 06_Exhibits
  • 07_Experts (create separate subfolders per expert)
  • 08_Drafts_Work_Product (tightest permissions)

Tip: If you expect outside parties to need different access, plan for that upfront by splitting sensitive content into its own subfolder. It is easier than trying to “unshare” later.

Step 2: Set the owner, backups, and a default permission baseline

Before you invite anyone, decide who owns access decisions for the matter and who can step in if they are unavailable. Then set a baseline that blocks accidental over-sharing.

• Assign folder owners: lead attorney + backup (or practice manager/IT).
• Limit who can share: restrict “share/invite others” to owners if your platform supports it.
• Turn off public links: disable “anyone with the link” at the org level where possible.
• Decide the default: view-only unless someone truly needs edit rights.

Step 3: Apply permissions by role (co-counsel vs. expert vs. vendor)

Start with roles, not individuals. This makes your access model easier to review and maintain when people change.

• Co-counsel: often needs broader access, but not necessarily to admin or internal draft folders.
• Experts: usually need a narrow slice (their materials, selected discovery, key transcripts/exhibits).
• Vendors (court reporters, copy services): typically need upload-only or a single drop folder.

Practical approach: Share the matter folder with your internal team, then share only selected subfolders to outside parties. Avoid giving outside parties access to the matter root unless you have a strong reason.

Step 4: Share using expiring links (not attachments) when possible

Expiring links help you enforce time limits without relying on memory. They also reduce the spread of uncontrolled copies.

• Set an expiration date: match it to the task window (for example, “expert review due date + 7 days”).
• Require sign-in: use named accounts rather than anonymous access.
• Use view-only first: allow downloading only if the recipient truly needs local copies.
• Disable re-sharing: if your platform allows “block download” or “prevent viewers from sharing,” use it.
• Add a short message: state what is being shared, the purpose, and when the link expires.

When links are not enough: Some experts need offline work (specialty software, travel, no stable internet). In those cases, treat downloads as a deliberate exception and document it.

Step 5: Watermark sensitive documents before sharing

Watermarks do not replace access controls, but they can discourage casual forwarding and make leaks easier to trace. Use them for transcripts, draft reports, key exhibits, and anything that would harm the case if it spread.

• What to watermark: PDFs, exported images, draft expert reports, transcript PDFs.
• What the watermark should include: recipient name or email (if you can generate per-recipient copies), matter ID, date, and “Confidential” (if appropriate).
• Where to place it: diagonally across the page at low opacity, plus a footer with the same text.
• Don’t forget metadata: consider removing sensitive document properties before sharing.

Important: A watermark will not stop screenshots or retyping. Treat it as a deterrent and a label, not as protection.

Step 6: Log and review access (and keep a simple sharing register)

Access logs help you answer basic questions later: Who had access? When did they access it? Did you revoke access after the task ended?

• Turn on audit/access logs: use your platform’s admin console or activity panel.
• Track changes: watch for new shares, permission escalations (view → edit), and new links.
• Keep a “sharing register”: a simple spreadsheet or matter note with:
  • what was shared (folder/file)
  • to whom (name + email + role)
  • how (named access vs expiring link)
  • expiration date
  • who approved it
  • revoked date (when completed)

Step 7: Offboard access when the task ends

Most sharing problems come from access that never gets removed. Make offboarding part of the workflow, not an afterthought.

• Revoke links after the deadline or deliverable.
• Remove external collaborators who no longer need access.
• Confirm that you did not accidentally grant access at the parent folder level.
• Archive the matter folder with a tighter internal-only policy if needed.

Decision criteria: links vs named permissions vs a portal/VDR

Not every sharing method fits every situation. Use these criteria to choose the lightest tool that still controls risk.

Use named permissions (recommended for ongoing collaboration)

• Best when co-counsel or an expert will collaborate for weeks or months.
• Easier to manage long-term access and avoid link sprawl.
• Typically offers stronger audit trails and simpler revocation.

Use expiring links (recommended for short tasks)

• Best for short reviews (e.g., “please review these 12 exhibits by Friday”).
• Good when you do not want to add someone as a long-term collaborator.
• Works well for view-only distribution.

Consider a portal/VDR or specialized platform (recommended for high-volume or high-stakes matters)

• Best when you need strong controls, structured Q&A, and detailed reporting.
• Useful when there are many external parties and strict compartmentalization.
• Often used for large productions, transactions, or matters with protective orders.

Accessibility note: If you share video or audio, consider providing captions or transcripts so collaborators can search and review quickly. If needed, you can use closed caption services for video materials.

Common mistakes (and what to do instead)

Most secure-sharing failures come from small oversights that compound over time. Fixing these patterns can reduce risk without slowing the team down.

• Mistake: Sharing the parent folder.
  Do instead: Share a matter folder or specific subfolder, and double-check inherited permissions.
• Mistake: Using “anyone with the link.”
  Do instead: Require sign-in and use named recipients, with expiration turned on.
• Mistake: Giving edit access by default.
  Do instead: Start with view-only and upgrade only when needed.
• Mistake: Letting external users re-share.
  Do instead: Limit re-sharing to owners or disable it for external collaborators.
• Mistake: Relying on email attachments.
  Do instead: Share a controlled link and revoke it when complete.
• Mistake: No link review process.
  Do instead: Keep a sharing register and schedule quick monthly reviews on active matters.
• Mistake: Forgetting to watermark sensitive drafts.
  Do instead: Watermark draft reports and key PDFs before external sharing.

Secure sharing checklist (copy/paste for every matter)

Use this checklist as a pre-send review and a post-send cleanup. It is short enough to run every time.

Before you share

• Create a dedicated client/matter folder with clear subfolders.
• Confirm matter owners (primary + backup) and who can share externally.
• Place sensitive items in separate subfolders (drafts, expert materials, admin).
• Set baseline permissions (internal team only) and confirm no parent-folder overreach.
• Decide recipient role (co-counsel, expert, vendor) and required access level (view/edit/upload).
• Choose sharing method (named access vs expiring link) based on task length.

When you share

• Require sign-in (avoid anonymous links).
• Set an expiration date for links.
• Disable download and re-sharing where feasible.
• Watermark key PDFs/drafts (recipient + date + matter ID) when appropriate.
• Send a clear message with purpose, scope, and the expiration date.

After you share

• Record the share in a sharing register (what/whom/how/expiry/approver).
• Verify access logs show expected activity only.
• Revoke links and remove collaborators when the task ends.
• Run a quick permission review before major filings, productions, or mediations.

Common questions

Should I share one folder or several smaller folders?

Share smaller folders when recipients have different roles or when some material is more sensitive. It reduces the chance that someone sees documents they do not need.

Are expiring links enough, or do I still need named permissions?

Expiring links work well for short tasks, but named permissions are usually better for ongoing collaboration. Named access is easier to audit and revoke without tracking multiple links.

Do watermarks make documents “secure”?

No, watermarks mainly deter casual forwarding and help you label or trace copies. You still need strong access controls, expiration, and logging.

What’s wrong with “anyone with the link” if the link is random?

Anyone who receives or finds the link can access the material, and you may not know who opened it. For sensitive case files, require sign-in and limit sharing to specific people.

How do I handle an expert who insists on downloading everything?

Treat downloads as an exception: limit the scope to what they need, watermark files, document approval, and set a date to remove access. If possible, keep the master set in your system and share only exported working copies.

How often should I review sharing permissions?

Review at key case moments (new co-counsel, new expert, protective order, production, mediation, trial prep) and on a simple cadence like once a month for active matters. Focus on external access, old links, and edit permissions.

Do I need to worry about accessibility when sharing audio or video?

Yes if you want faster review and easier search. Captions and transcripts can help collaborators find key moments without replaying recordings, and they can support accessibility needs; the WCAG overview from W3C explains the broader accessibility goals.

Key takeaways

• Secure sharing works best as a workflow: structure → permissions → expiring links → watermarks → logs → offboarding.
• Avoid sharing parent folders and avoid “anyone with the link” for sensitive case materials.
• Use view-only by default, and grant edit/download rights only when needed.
• Keep a simple sharing register so you can revoke access and explain decisions later.

If you collaborate on depositions, interviews, hearings, or expert recordings, clean transcripts can make secure sharing easier because teams can search and reference specific lines without passing around large media files. GoTranscript can help with professional transcription services and related deliverables you can store and share using the controlled workflow above.