For the half-year to 30 June 2014, the IPKat's regular team is supplemented by contributions from guest bloggers Alberto Bellan, Darren Meale and Nadia Zegze.

Two of our regular Kats are currently on blogging sabbaticals. They are David Brophy and Catherine Lee.

Wednesday, 2 February 2011

Losing litigant's hard drive to die, but her lawyers' computer stays safe

There was no stay of execution
of the court's order ...
Three weeks ago the IPKat reported here on the litigation between Brandeaux Advisers and a former employee, Ruth Chadwick, who had cunningly but unlawfully helped herself to a large quantity of confidential information which she anticipated that she might need in the event that a pre-existing dispute between her and Brandeaux got to court. In the earlier decision the court ruled against her, since it was open to her to apply for disclosure (or 'discovery', as the Kat sometimes fondly thinks of it) of such information as she might actually need for that purpose.

In the second ruling, Brandeaux v Chadwick [2011] EWHC 58 (QB), not yet available on BAILII but efficiently noted by Lawtel, the court (Sir Raymond Jack, sitting in the Queen's Bench Division of the High Court, England and Wales, only a couple of weeks after he officially retired) had to decide on the precise form of the order. In his view
* No case could be made for a general injunction to stop Chadwick divulging the confidential information in her possession. Brandeaux had not made out any case that Chadwick had at any time intended to divulge the information to anyone except her lawyers -- or possibly to a regulatory authority (not surprising, since was was the company's compliance officer).

* An order for delivery up should do the trick, including destruction of Chadwick's data-laden hard drive,

* If Chadwick's solicitors were subject to the same delivery up process, they would lose their own computers while it was carried out -- which would obviously create a major problem. For this reason, it would be sufficient to accept the undertakings not to disclose the information which they had offered since there was no real risk that the solicitors would do anything with the information.

* Both Chadwick and Brandeaux had behaved unreasonably in relation to the claim for delivery up, standing their ground when commonsense would have dictated a solution. In terms of costs, this meant that Brandeaux, as victors, were entitled to their costs in relation to those issues upon which they were successful, but Chadwick's conduct was not so unreasonable as to justify the imposition of indemnity costs in Brandeaux's favour.

* Chadwick's work -- for which she had not been paid -- had a value to Brandeaux, which should be taken as the amount which Brandeaux was paying her. However, since the basis upon which Brandeaux's loss was to be assessed was capable of argument to the contrary effect with a real prospect of success, the company should be allowed to appeal on that issue.
This all seems sensible enough to the IPKat, who is relieved to learn that law firms' computers are safe, at least for now, from delivery up for removal of confidential information the nature of which is of no direct concern to them.  But how far would this common sense extend? Would the court take the same view if the data was held by an independent company to which a legal practice subcontracts routine document storage and processing, for example?

How to kill your computer here and here

4 comments:

Anonymous said...

I'm not going to comment on this case because the retired should stay retired and leave the jobs for the youngsters. An exception is to be made for work in B&Q in order to make use of the valuable knowledge of our senior citizens.

Back ups are valuable sources of information. Can't just hit 'delete' as the EU Commission walk in the door. Not that I've tried.

Anonymous said...

Apparently, other than smashing it to pieces, the only way to definitively wipe a hard drive and put its content beyond the reach of even the most determined forensic computer technician is to microwave it (do not try this, however, unless you derive perverse enjoyment from filling out insurance claims - microwaving metal objects will very likely cause an electrical fire).

It reminds me of a comment once made by Emo Philips:

"A computer once beat me at chess, but it was no match for me at kick boxing."

Matthew Taylor said...

The IPKat's query about third party hardware is important - and the judgement speaks to a lack of technical understanding on all sides.

Contrary to the above it's perfectly possible to wipe a hard drive "completely" without physically destroying it. There's going to be a theoretical possibility of data recovery, but (a) it's so costly as to be utterly impractical; and (b) the same methods could be used to recover data from a smashed or microwaved drive: if you have a world class electron microscope and a few man-years, you might be able to get back that vital powerpoint presentation...

As a digression, I'm not that surprised - most law firms seem to have only the most rudimentary understanding of data security. The use of encryption is a case in point: when they do, it's often little more than 256 bit schemes bundled with data storage. You also get the classic practice of sending encrypted attachments via e-mail, and then e-mailing the password...

What makes this worse is that the likes of "TrueCrypt" and "Eraser" are available for free on GPL or similar, implementing encryption and erasure routines several orders beyond what most government use (and that's a whole other can of worms, given HMRC et al.'s record with data loss). Despite being able to get this grade of protection for free, you still routinely hear of large organisations dumping digital storage media which at best has been "deleted" (in most cases this simply means deleting a "pointer" on the drive which locates the file, and not the file itself) and at worst wasn't encrypted and hasn't been cleaned!

Makes you wonder why the SRA hasn't given a much clearer stipulation of the technical measures to be used.

Anonymous said...

Where the confidential data and it's possesion by anyone other than the rightful owner is the subject of the case, should law firms not ensure that (in the case where they are actually entitled to store it during trial) they have such means to be able to cleanly remove all traces of it without having causing them problems with their back office systems? They could have a single, or even multiple copies for reference on write once optical media that could be delivered up in the event that they lose the case, surely?

Subscribe to the IPKat's posts by email here

Just pop your email address into the box and click 'Subscribe':