Protecting eDiscovery Privilege, the Case Against File Sharing Sites

File sharing services, such as DropBox, have become increasingly used as eDiscovery repositories for incoming data and outgoing productions. With easy sharing, via a simple URL link, it’s understandable why these tools appear to offer an optimal solution for sending and receiving massive amounts of data as one does with eDiscovery litigation. Unfortunately, this “solution” can become a massive liability and we caution clients against using these services because it is simply too easy to accidentally share privileged documents. In fact, there are several cases in which information has been inadvertently shared and the results were disastrous for the offending party.

What’s the problem?

It is not that it can’t be done correctly, it is more that one is asking for problems with an open platform like this. With default settings in place, the “owner” of a file relinquishes control of the data within the file when shared with other users. Once shared, the data within the file can be copied, changed and shared without the owner’s permission. New users can be added to the file to view the data and, with seemingly unlimited “cooks in the kitchen,” it is too difficult to maintain chain of custody and ensure responsible sharing. A few specific issues with file sharing services include:

  1. Shared files and folders are not static. This is not the equivalent of sending a document attachment via email. The shared file or folder remains “live”, thus any future additions or changes can still be seen by people with the link into perpetuity.
  2. On many platforms, user groups are created and can be duplicated to other folders with a simple click. For example, if several users have access to “Case X Final Production” folder, another attorney could grant access to all users in that file to “Case X Notes”- not realizing that opposing counsel was part of the original group.
  3. The link is not automatically password protected so anyone with the link can view the file unless proper authentication measures are manually enabled. This literally means that without setting up a password, anyone on the internet could potentially access your file.

What have the courts said?

In Harleysville Ins. Co v. Holding Funeral Home, Inc., Case No. 1:15cv00057 (W. D. Va. February 9, 2017), an insurance company refused a funeral home’s fire damage claim after determining the fire was caused by arson. An investigator for the insurance company uploaded video taken at the scene to a platform sharing site, box.com. The investigator sent the link to the insurance company attorney who then shared it with the funeral home attorney in order to substantiate their arson claim. Later, however, the insurance investigator uploaded additional files to that same folder, which the funeral home attorneys still had access to. The court found that because the link and files within were not properly password protected the insurance company had, in essence, “left the files on the park bench” in a virtual sense and thus waived privilege.

From the court:

Whether a company chooses to use a new technology is a decision within that company’s control. If it chooses to use a new technology, however, it should be responsible for ensuring that its employees and agents understand how the technology works, and, more importantly, whether the technology allows unwanted access by others to its confidential information.

What does Lexbe Recommend?

We have developed the Lexbe eDiscovery Platform to include a number of checks against inadvertent disclosure of privileged docs. We create a secure encrypted link specific to each production that can then be safely shared. By insulating exports with secure production links, we help prevent user error that could result in sharing documents not meant for opposing counsel or outside parties.

Best Practices to Avoid Missing Key Evidence in Large Doc Review (Uber Index)

Nothing can be more disastrous than showing up at a depo and finding that your team missed a key piece of evidence in document review, but your opposition found it. Not finding that “smoking gun” admission, or allowing critical privileged information to slip through into a production can be avoided, but only if your search tools are fully functioning. Many attorneys assume that all eDiscovery processing approaches and search tools and techniques are basically the same, but nothing could be further from the truth. In this webinar learn crucial search functions and critical indexing differentiators that will protect you from inadvertently missing important evidence during eDiscovery.

Key Points

  • Overview Modern Search and eDiscovery Indexing Technologies
  • Basic and Advanced Search Options in Use Today
  • Search Indexing ‘Gotchas’
  • Pitfalls of Relying Solely on Image-Based OCR Indexing
  • Why Native Extraction Alone is Ineffective
  • Complexities of Working with Foreign Language and Translated Text
  • Optimal Seach with a Concatenated Indexing Approach
  • Takeaways

About the Speaker

Erin Derby is a Certified eDiscovery Specialist (ACEDS) and member of the Technical Services team with Lexbe LC. She specializes in working with clients handling eDiscovery in complex litigation and provides a high level of precision and expertise.

She provides guidance for technical discovery issues and procedures and ensures compliance with all court-ordered ESI guidelines. Prior to joining Lexbe, Ms. Derby was a Litigation Paralegal for 10 years for both plaintiff and defense law firms.

Read More

Latest Blog

Subscribe to LexNotes

LexNotes is our monthly newsletter of eDiscovery and legal document management and review tips and best practices.