It’s 6.45am. There’s a knock at your front door. You leave the kettle boiling in the kitchen to check the spy-hole. Suits appear in the glass like charcoal-coloured clouds. Gingerly, you ask, ‘who is it?’.
They have something important to deliver in person, they say. The voice sounds credible and steely. They aren’t going away in a hurry. You open the door.
With mild-manners they introduce themselves (though you barely catch their names, job titles and organisations). They are solicitors, apparently, but instead of lanyards they brandish neat-cut business cards. You are given several heavy bundles of documents.
It turns out that a law firm has obtained a High Court order against you. (‘I knew nothing about this’, you say). One of them takes you aside and explains that the Court order requires you to immediately deliver up all of your electronic devices (USB sticks, smartphones, tablets, laptops and desktop computers…) and divulge the login details for your personal email, online banking, social media and cloud storage accounts. As the kettle wheezes a last puff of steam, your head starts spinning.
RELATED: Data-grab by porn company claim farmers blocked by High Court, post-GDPR
Welcome to the curious world of Search and Seizure Orders (‘SSOs’), a powerful legal weapon used by well-resourced claimants since at least the 1970s in response to alleged breaches of confidentiality, misuse of private information, infringement of intellectual property rights and fraud.
The aim of SSOs is to preserve material that may otherwise be destroyed by defendants if they got wind of legal proceedings being commenced against them.
You cooperate. Smartly dressed strangers pour past your kitchen quietly and efficiently gathering up your back-catalogue of digital devices. The kitchen table groans under the weight of accumulated hardware. Someone with a clipboard is writing a very long list of serial numbers.
Soon, the digital data on all of your devices and cloud storage will be ‘imaged’ using a secure disclosure review platform, creating a digital carbon copy of all of your data for inspection during the incoming legal proceedings against you.
But what happens once this enormous digital archive has been preserved? Which party should inspect the image first – you or them? What if the image contains private material, or priveleged communications between you and your lawyer? The available guidance on this part of the process in the Civil Procedure Rules is opaque and out-dated.
A v B
In A v B and Hewlett Packard v Manchester Technology Data (Holdings) Ltd and others  EWHC 2089 (Ch), Mr Justice Mann gave a combined judgment in two cases which considered these important questions about the SSO process.
The first case, A v B, concerned a breach of confidence claim seeking to prevent individuals and a company from misusing confidential information obtained from the claimant and which would give the defendants a competitive edge.
RELATED: When is a company liable for mis-describing its services online?
The second claim, Hewlett Packard v Manchester Technology Data was brought by the IT company and one of its partners against suppliers of IT hardware. Hewlett Packard accused the suppliers of dishonestly selling parallel imports (ie. genuine products imported from other jurisdictions but without the manufacturer’s consent), counterfeit goods and other illicit goods sales. An SSO was required for the claimants to assess the extent of their claims and to consider claims against other parties in the supply chain.
In each case, the claimants obtained and executed SSOs. The claimants argued that they were entitled to review the imaged data first and the defendants argued that after the image has been preserved, the parties are then into a disclosure phase where the defendant should first review and then disclose relevant documents to the claimant.
The technology sector is prone to these kinds of dramatic legal disputes over intellectual property. Just take the US litigations between Uber, Waymo and former Google engineer, Anthony Levandowski, for example. Levandowski is accused of theft and attempted theft of trade secrets from Google’s self-driving car project by downloading some 14,000 confidential engineering and business files before joining Uber. He could face a maximum sentence of 10 years imprisonment, a fine of $250,000, plus compensation payments.
- The purpose of an SSO is to keep the imaged data safe, not to provide claimants with early disclosure and enable them to search the data themselves (§ 23);
- However, SSOs will only be made where the claimant has shown a strong case on the face of it that the defendant is dishonest and has attempted to cover their tracks by destroying evidence. Therefore a claimant may be able to argue that the defendant cannot be trusted to do disclosure properly;
- It may be possible that the defendant’s solicitors may honestly miss the relevance of some of the documents if they review them first. The claimant may be in a better position technically to identify its own confidential information;
- Urgency might justify the claimant reviewing the documents first;
- Use of narrow search terms may refine the class of documents that fall to be disclosed and enable efficient review by the claimant;
- The fact that the claimant may have greater resources than the defendant may justify the claimant going first for practical reasons, although Courts should be sensitive to the risk of privileging the wealthier party;
- The SSO process is highly intrusive and the digital image is likely to contain irrelevant, private and confidential information which the claimant should not see (§ 30).
In A v B, the claimant proposed a third-way. They would apply key-word searches to narrow down the batch of documents they wished to inspect from the imaged data. The defendants would then have the opportunity to review the documents and weed out anything private or privileged. The rest of the documents would be disclosed for inspection. The Judge approved this proposal as it was efficient (in a case of some urgency) and struck a better balance between the rights of both parties.
In Hewlett Packard, the data haul covered 500,000 mobile phones, 2.7 million computers and 5.4 terabytes of backups. The Judge allowed the claimants to take the lead in identifying and inspecting the documents with the aid of keyword searches, subject to the defendants’ solicitors identifying and removing private and priveleged information. The defendants were simply not up to doing it themselves and had admitted as much. Any concern about the Hewlett Packard’s legal costs getting out of control could be dealt with by a costs Judge.
No easy or simple answers then, but A v B offers a nuanced and flexible discussion of the competing arguments and factors that underlie them, which should inform the way in which parties make proposals about what should happen to imaged data in the aftermath of an SSO.
It’s important that parties who obtain an SSO consider the aftermath carefully as, in practice, the urgency of getting the order may sometimes overshadow the detail of the procedure that inevitably follows.
If you or your organisation have queries about litigation, technology law or data rights, contact me here for a no obligation discussion. I help clients navigate these complex areas of law regularly.
[…] RELATED: Nobody seems to know what should happen to imaged digital data in civil litigation. Until n… […]