Law firms and in house counsel are no strangers to the challenges posed by cyber threats. However a new risk is quickly emerging catching some companies and lawyers by surprise. We’re referring to errors during e-discovery and electronic document management – or more specifically, errors that result in unintended data exposure. Some may not consider such errors true cyber security events in and of themselves due to the internal nature of data exposure and lack of any actual intrusion. But due to the fact that cyber risk and data privacy is so intertwined, these errors are often discussed in a cyber context - particularly due to the unintended exposure of confidential information and usage of technological platforms in the process.

Two recent cases in the past 6 months demonstrate the potential damage that can result when such e-discovery errors are made. The first case occurred in Feb 2017 in "Harleysville Insurance Co Vs Holding Funeral Home" when a lawyer for the insurance company was found to have waived attorney client privilege resulting from the uploading of confidential information to an unprotected cloud sharing service. While sending confidential case information to the plaintiff’s attorney, the Harleysville attorney uploaded the case files to a cloud sharing site that contained no password protection, effectively allowing the general public access to said files.

In a more recent and considerably more publicized case, an attorney for Wells Fargo, intending to deliver subpoenaed documents to a plaintiffs’ attorney (representing a former employee in a defamation suit against the bank), mistakenly handed over a vast amount of personal information to the plaintiff’s attorney. This information, entirely unrelated to the case, included highly sensitive data of roughly 50,000 of their wealthiest clients – including information such as dates of birth, social security numbers and financial information.

E-Discovery and electronic document management have become critical components of evidence retrieval and evidence sharing - they are also practices in which lawyers are still becoming acquainted with, continuing to perfect. These recent cases highlight the potential damage that can result when errors are made. It may also be logical to assume that, lawyers less fluent with technology may be more prone to making such errors. In response to this growing risk, law firms and companies with in house counsel should (among other items):

• Incorporate ongoing e-discovery training
• Incorporate training on any tech/cloud platforms utilized for discovery, document management, etc.
• Implement appropriate policies and procedures
• Implement proper verification procedures to verify the accuracy of the documents provided
   

Lastly, it’s important to note that, while these errors may be discussed in a cyber context, cyber policies are generally not well suited to provide coverage in such circumstances. Coverage may be better sought under an appropriate Lawyers’ E&O policy and/or an Employed lawyers professional liability policy (or endorsement extended from a D&O policy).