Pierre Grosdidier for Law360: Failing To Prevent Inadvertent Disclosures Can Be Costly


A party uploaded privileged documents into a cloud file-sharing account unprotected by a password. Opposing counsel found the hyperlink through discovery happenstance, accessed the account, and downloaded and read the documents. The court held that the party waived both the attorney-client communication privilege and the work-product doctrine immunity as to the documents. The court also denied the party’s motion to disqualify opposing counsel, but it held that “some sanction [wa]s appropriate,” and it awarded the party certain costs. Harleysville Ins. Co. v. Holding Funeral Home, Inc. Harleysville illustrates how an e-discovery fluke can compromise a case.

This case is significant because the practice of loading files that contain privileged information to cloud storage accounts that are not explicitly password-protected, the so-called file link method, is not uncommon. Counsel then transmit the account hyperlink to the intended recipient by email and assume that the files are safe because the hyperlink is so complicated that it acts as a de facto password. Because no one else knows the hyperlink, no one can access or stumble upon the data cache. In effect, the sender assumes that the very small likelihood of a breach does not justify the administrative burden of creating a password. In Harleysville, this assumption proved erroneous. Opposing counsel obtained the hyperlink and Harleysville paid a heavy price.

To read the full article, click here.

Originally published in Law360 (subscription required).

Email Disclaimer