Jenkins Fenstermaker, PLLC

Local: 304.521.4571

Toll Free: 866.617.4736

Quality. Dedication. Service.

Inadvertent Disclosure of Confidential Information: Does File Sharing Waive Legal Privileges and Protections?

Photo of Kierston Rosen

Cloud computing services offer unprecedented convenience. File sharing has changed the way we do business, allowing us to share documents across our own devices or even with others. But how can sharing files affect a company's legal position in a lawsuit? Does file sharing waive the attorney-client privilege or attorney work product protection?

What Is File Sharing?

In traditional computing, users stored documents locally, on the hard drives of their computers. Computers were unable to share documents with others without using a physical medium, such as a floppy disk. It was not until cloud-based computing that we harnessed the power of the Internet to store and share documents like never before. Individuals can now work from anywhere, with files seamlessly synchronized across our devices.

Collaborating on documents is simple using file sharing services such as Dropbox, Google Drive, and Box, Inc. No longer must we ship voluminous documents across the country or across town, as we can electronically share documents with others almost instantly. But this convenience does not come without risk.

Does File Sharing Result in an Inadvertent Disclosure of Confidential Information?

With any new technological advance comes a responsibility to understand potential risk. It is easy to see the many benefits presented by cloud-based file storage and sharing. In the absence of active litigation, however, it can be more difficult to recognize some of the potential drawbacks.

Consider this recent lawsuit, which illustrates what not to do if you want to leverage the power of file sharing in your business.

A Virginia insurance company recently lost valuable legal protection in a declaratory judgment action in Harleysville Ins. Co. v. Holding Funeral Home, Inc. In the case, a funeral home submitted a claim for fire loss to its insurer, Harleysville Insurance ("Harleysville").

A senior investigator for Nationwide Insurance uploaded a claim-related video to Box, Inc., an online file sharing service. The investigator then sent an email containing a link to the video to the National Insurance Crime Bureau ("NICB"). Although the email included a confidentiality notice, the video could be accessed with no password by using the link. The same investigator then uploaded the investigative files of both Harleysville and Nationwide to Box, Inc., and sent an email containing the same link to Harleysville's legal counsel.

Unbeknownst to Harleysville, Nationwide, or their counsel, the funeral home's lawyer used a subpoena to obtain copies of documents from the NICB, which provided a copy of the investigator's email containing the unprotected link. Counsel for the funeral home downloaded both claims files and the video, and later produced it in discovery.

The Court found that the insurer had waived any claim of attorney-client privilege or work product by placing the documents on Box, Inc. with no password protection. Any person with Internet access could have accessed the documents, as an unprotected hyperlink was transmitted in the investigator's email. Therefore, the company had taken insufficient precautions to maintain confidentiality.

The Harleysville Lesson

While file sharing can enhance productivity, users must take reasonable steps to protect the confidentiality of documents stored or shared on those services. Failing to do so can result in the waiver of some of the strongest legal protections of information.

To avoid a result similar to that in the Harleysville case, explore best practices like these:

· Advanced password protocols;

· Two-step verification;

· Employee training; and

· File and email encryption during transmission and storage.

Of course, the steps you take will depend on the nature of your business, the information it possesses, and the legal risks it faces. To discuss how to best protect your legal interests in the era of cloud-based computing, please contact me, Kierston Eastham Rosen, at Jenkins Fenstermaker, PLLC. You may reach me by calling (304) 523-2100 or completing this e-mail contact form


No Comments

Leave a comment
Comment Information
Jenkins Fenstermaker, PLLC