Yesterday, I talked about trusting experts with confidential data, which doesn't always work out very well. But there was a recent case, which shows something alarmingly stupid that lawyers do all the time. They make discovery productions via a file sharing site without using a password.
In Harleysville Insurance Co. v. Holding Funeral Home, Inc., No. 1:15cv00057 (W.D. Va. Feb. 9, 2017), Virginia Magistrate Judge Pamela Meade Sargent ruled that the plaintiff’s placement of privileged information on a file sharing site and distribution of the hyperlink to access that information without providing any protection for the site resulted in a failure to take reasonable steps to protect the information. As a result, the attorney-client privilege and work-product protections were waived. Judge Sargent also denied the plaintiff’s motion to disqualify defense counsel for accessing the information without informing plaintiff’s counsel, but did order defense counsel to pay the plaintiff’s fees and costs in bringing the motion after scolding defense counsel and indicating that the court should expect better behavior. In this case, the defense counsel received the hyperlink to the file sharing site as part of a response to a subpoena from the plaintiff - which included the e-mail with the hyperlink.
In this case, the file sharing service was Box - more typically it is Dropbox, but the ethics sure don't vary with the vendor.
My friend Doug Austin has a good case summary here.
E-mail: email@example.com Phone: 703-359-0700
Digital Forensics/Information Security/Information Technology