Confidentiality agreements and protective orders are a commonplace, yet indispensable, feature of modern commercial litigation. These agreements are typically the end result of a series of negotiations between counsel specifically designed to balance the seemingly incompatible objectives of ensuring ready access to vital evidence and ensuring that sensitive information, such as trade secrets, remains carefully shrouded from the public eye and industry competitors. The importance of ensuring that sensitive information remains confidential vis-à-vis the world at large during a lawsuit cannot be overstated. Confidentiality agreements often provide detailed provisions addressing who may access information and how information may be used. Once the litigation has concluded, parties are often faced with the sometimes challenging task of ensuring that all confidential information is either returned to the producing party or destroyed. Without proper planning, it may be difficult to put the proverbial genie back into the bottle.
It is this final step that became the subject of a recent case decided by the Appellate Division of the Supreme Court of New York, Oxxford Info. Tech., Ltd. v Novantas LLC. Upon settlement of the underlying litigation, plaintiff’s counsel learned that large volumes of defendants’ confidential business data had inadvertently been backed up onto the plaintiff’s law firm’s disaster recovery back-up tapes. After analyzing the situation, plaintiff’s counsel determined that the identification and complete removal of all of the defendants’ confidential information from its back-up systems would be extremely costly. Thus, plaintiff moved to modify the confidentiality order to permit its counsel to retain the information on the tapes subject to certain proposed safeguards. The motion was denied, and plaintiff appealed.
In affirming the trial court’s order, the Appellate Division noted that plaintiff’s counsel “have demonstrated experience in and sophisticated knowledge of electronic discovery matters” and “should have foreseen the potential problem and addressed it while negotiating the Confidentiality Order.” Essentially, the appellate court found that defendants had bargained for a promise that all confidential information would either be returned or destroyed and that even a showing that compliance would be expensive for the plaintiff was not sufficient to relieve it of the duties it had freely agreed to during negotiations.
Oxxford Info teaches that attorneys should be astutely aware of the pitfalls of hosting data subject to protective orders and confidentiality agreements on their firm’s own servers. One possible alternative would be an agreement to host sensitive data through a third party escrow service. Or, if the data must be hosted locally, attorneys should work closely with their IT staff to carefully control where the data resides and whether it is backed up. Addressing these issues at the outset should enable the rapid identification and deletion of all sensitive data subject to the terms of any confidentiality agreements at the conclusion of litigation.