Losing litigant's hard drive to die, but her lawyers' computer stays safe

There was no stay of execution
of the court's order ...

Three weeks ago the IPKat reported here on the litigation between Brandeaux Advisers and a former employee, Ruth Chadwick, who had cunningly but unlawfully helped herself to a large quantity of confidential information which she anticipated that she might need in the event that a pre-existing dispute between her and Brandeaux got to court. In the earlier decision the court ruled against her, since it was open to her to apply for disclosure (or 'discovery', as the Kat sometimes fondly thinks of it) of such information as she might actually need for that purpose.

In the second ruling, Brandeaux v Chadwick [2011] EWHC 58 (QB), not yet available on BAILII but efficiently noted by Lawtel, the court (Sir Raymond Jack, sitting in the Queen's Bench Division of the High Court, England and Wales, only a couple of weeks after he officially retired) had to decide on the precise form of the order. In his view

* No case could be made for a general injunction to stop Chadwick divulging the confidential information in her possession. Brandeaux had not made out any case that Chadwick had at any time intended to divulge the information to anyone except her lawyers -- or possibly to a regulatory authority (not surprising, since was was the company's compliance officer).

* An order for delivery up should do the trick, including destruction of Chadwick's data-laden hard drive,

* If Chadwick's solicitors were subject to the same delivery up process, they would lose their own computers while it was carried out -- which would obviously create a major problem. For this reason, it would be sufficient to accept the undertakings not to disclose the information which they had offered since there was no real risk that the solicitors would do anything with the information.

* Both Chadwick and Brandeaux had behaved unreasonably in relation to the claim for delivery up, standing their ground when commonsense would have dictated a solution. In terms of costs, this meant that Brandeaux, as victors, were entitled to their costs in relation to those issues upon which they were successful, but Chadwick's conduct was not so unreasonable as to justify the imposition of indemnity costs in Brandeaux's favour.

* Chadwick's work -- for which she had not been paid -- had a value to Brandeaux, which should be taken as the amount which Brandeaux was paying her. However, since the basis upon which Brandeaux's loss was to be assessed was capable of argument to the contrary effect with a real prospect of success, the company should be allowed to appeal on that issue.

This all seems sensible enough to the IPKat, who is relieved to learn that law firms' computers are safe, at least for now, from delivery up for removal of confidential information the nature of which is of no direct concern to them. But how far would this common sense extend? Would the court take the same view if the data was held by an independent company to which a legal practice subcontracts routine document storage and processing, for example?

How to kill your computer here and here

Not just any old IPKat ...

* "Most Popular Intellectual Property Law Blawg" of all time according to Justia rankings, November 2024.

* "Most Popular Copyright Blawg" of all time according to Justia rankings, November 2024.

* PermaKat Eleonora Rosati has been quoted, and the IPKat has also been hyperlinked on the New York Times, April 2024.

* "Best UK Intellectual Property blog" of all time according to FeedSpot, January 2024.

* PermaKat Eleonora Rosati and The IPKat are expressly recommended as sources to follow to get an "unstuffy look at IP issues" according to Legal Business, April 2023.

* PermaKat Eleonora Rosati received the 2022 Adepi Award.

* PermaKat Eleonora Rosati listed as one of the World Intellectual Property Review's "Influential Women in IP" of 2020.

* PermaKat Eleonora Rosati listed as one of the Managing Intellectual Property magazine's "Fifty Most Influential People" of 2018.

* IPKat founder and Blogmeister Emeritus Jeremy Phillips listed as one of the Managing Intellectual Property magazine's "Fifty Most Influential People" of 2005, 2011, 2013, and 2014.

* Recommended by the European Patent Office as reading material for candidates for the European Qualifying Examinations, 2013.

* Listed as "Top Legal Blog" in The Times Online, March 2011.

* One of the only two non-US blogs listed in the Blawg 2010 ABA Journal 100.

* Court Reporter Top Copyright Blog award winner, November 2010.

* Number 1 in the 2010 Top Copyright Blog list compiled by the Copyright Litigation Blog, July 2010.

* Selected by the United States Library of Congress for inclusion in its historic collections of Internet materials related to Legal Blawgs as of 2010.

* Top Patent Blog poll 2009: 3rd out of 50 in the "Favourite Patent Blog" poll and 2nd out of 50 in the "Most-read" poll.

* ComputerWeekly IT Law and Governance Blog of the Year, 20 August 2008.

* Best of the Blogs, Times Online, 21 August 2008.

4 comments:

AnonymousWednesday, 2 February 2011 at 22:57:00 GMT
I'm not going to comment on this case because the retired should stay retired and leave the jobs for the youngsters. An exception is to be made for work in B&Q in order to make use of the valuable knowledge of our senior citizens.

Back ups are valuable sources of information. Can't just hit 'delete' as the EU Commission walk in the door. Not that I've tried.
AnonymousFriday, 4 February 2011 at 09:47:00 GMT
Apparently, other than smashing it to pieces, the only way to definitively wipe a hard drive and put its content beyond the reach of even the most determined forensic computer technician is to microwave it (do not try this, however, unless you derive perverse enjoyment from filling out insurance claims - microwaving metal objects will very likely cause an electrical fire).

It reminds me of a comment once made by Emo Philips:

"A computer once beat me at chess, but it was no match for me at kick boxing."
Matthew TaylorFriday, 4 February 2011 at 11:23:00 GMT
The IPKat's query about third party hardware is important - and the judgement speaks to a lack of technical understanding on all sides.

Contrary to the above it's perfectly possible to wipe a hard drive "completely" without physically destroying it. There's going to be a theoretical possibility of data recovery, but (a) it's so costly as to be utterly impractical; and (b) the same methods could be used to recover data from a smashed or microwaved drive: if you have a world class electron microscope and a few man-years, you might be able to get back that vital powerpoint presentation...

As a digression, I'm not that surprised - most law firms seem to have only the most rudimentary understanding of data security. The use of encryption is a case in point: when they do, it's often little more than 256 bit schemes bundled with data storage. You also get the classic practice of sending encrypted attachments via e-mail, and then e-mailing the password...

What makes this worse is that the likes of "TrueCrypt" and "Eraser" are available for free on GPL or similar, implementing encryption and erasure routines several orders beyond what most government use (and that's a whole other can of worms, given HMRC et al.'s record with data loss). Despite being able to get this grade of protection for free, you still routinely hear of large organisations dumping digital storage media which at best has been "deleted" (in most cases this simply means deleting a "pointer" on the drive which locates the file, and not the file itself) and at worst wasn't encrypted and hasn't been cleaned!

Makes you wonder why the SRA hasn't given a much clearer stipulation of the technical measures to be used.
AnonymousMonday, 28 February 2011 at 09:31:00 GMT
Where the confidential data and it's possesion by anyone other than the rightful owner is the subject of the case, should law firms not ensure that (in the case where they are actually entitled to store it during trial) they have such means to be able to cleanly remove all traces of it without having causing them problems with their back office systems? They could have a single, or even multiple copies for reference on write once optical media that could be delivered up in the event that they lose the case, surely?

All comments must be moderated by a member of the IPKat team before they appear on the blog. Comments will not be allowed if the contravene the IPKat policy that readers' comments should not be obscene or defamatory; they should not consist of ad hominem attacks on members of the blog team or other comment-posters and they should make a constructive contribution to the discussion of the post on which they purport to comment.

It is also the IPKat policy that comments should not be made completely anonymously, and users should use a consistent name or pseudonym (which should not itself be defamatory or obscene, or that of another real person), either in the "identity" field, or at the beginning of the comment. Current practice is to, however, allow a limited number of comments that contravene this policy, provided that the comment has a high degree of relevance and the comment chain does not become too difficult to follow.

Learn more here: http://ipkitten.blogspot.com/p/want-to-complain.html