(Photo: Brian A. Jackson/iStockphoto.com.)

Commercial litigation invariably requires the disclosure of confidential information. These disclosures are facilitated by a protective order, which sets the terms for the disclosure and use of such information. If best practices and effective case management techniques are followed, protective orders are invaluable for ensuring the protection of confidential information at minimal cost. But if best practices are not followed and something goes wrong—as occurred in the high-stakes litigation between Apple Inc. and Samsung Electronics Co.—the results can be distracting and expensive. The Apple/Samsung protective order dispute provides important lessons that can help a company avoid or mitigate these types of errors.

The Apple/Samsung Dispute

Last fall, while Samsung and Apple were preparing for retrial of Apple’s billion-dollar verdict in federal court, the parties became embroiled in a heated battle over Samsung’s violation of the protective order. After months of discovery and motion practice, a magistrate judge found that the lack of oversight by Samsung and its outside counsel resulted in widespread improper dissemination of Apple’s sensitive licensing information, and ordered Samsung to pay more than $2 million in sanctions.

The saga began with a simple, late-night redaction mistake. In March 2012, a junior associate at Samsung’s outside counsel, while preparing a redacted version of Samsung’s expert report, overlooked a footnote that contained key, highly confidential terms of certain Apple license agreements, including one with Nokia. The associate uploaded the incompletely redacted report, which no other lawyer double-checked, to an FTP site accessible to dozens of Samsung employees.

In the ensuing months, Samsung distributed the report to more than 200 employees (including licensing executives) and to counsel representing Samsung in other matters. Nine months later, an associate at Samsung’s outside counsel noticed the improper redactions after emailing the report to an in-house attorney at Samsung, and brought it to the attention of a senior associate and a partner. The senior associate sent a properly redacted report to the in-house attorney and requested that the attorney delete the previous email. However, nothing was done to contain the March disclosure.

Months later, during the negotiation of a license agreement with Nokia, a Samsung licensing executive seemed to be aware of the terms of Apple’s license with Nokia. While the source of the executive’s knowledge would later be hotly disputed, Nokia was sufficiently alarmed to seek relief from the federal court.

It was not until August that Samsung notified Apple of the improperly redacted report—17 months after it had been sent to Samsung, eight months after the error was discovered and after Nokia’s motion. Apple moved for sanctions. Months of satellite litigation ensued, including extensive motion practice, more than 40 hours of depositions, extensive document productions and in camera review of Samsung’s privileged documents.

In the end, the magistrate judge found that the initial failure to redact the report was a violation of the protective order, but was the kind of inadvertent mistake that can occur in any large, complex litigation. However, while the initial mistake was not sanctionable, the magistrate judge explained, “[t]he cavalcade that followed did not happen because of this one mistake . . . [I]f the process . . . had been more appropriately engineered to guard the sensitive information . . . the missed redaction could have been caught and this entire fiasco avoided.” Samsung and its outside counsel, he said, “set up a system that would allow violations of that scope to ensue from a mistake that small and, frankly, predictable.” Accordingly, he ordered Samsung to pay Apple and Nokia’s fees and costs, amounting to almost $2 million.

Best Practices

The dispute between Apple and Samsung provides some important insights for both in-house and outside counsel on simple techniques to avoid Samsung’s experience.

  • Involve the opposing party in the redaction process: Parties should agree to promptly exchange key documents, such as expert reports or sealed filings, in which each indicates the specific text it believes contains its confidential information. This saves time and money. The party claiming confidentiality will be more efficient at identifying its information, and neither side will have to spend resources identifying their opponent’s confidential information. Both parties also reduce their risk. The party claiming confidentiality can ensure appropriate attention is devoted to the redaction exercise, and the receiving party can circulate the document in reliance on the opposing party’s redaction. Unsurprisingly, something like this procedure was mandated by the magistrate judge at the conclusion of the Apple/Samsung saga. In some instances—such as with drafts—this exchange is impossible, but in those situations the other best practices should be even more carefully followed, and distribution of those drafts should be limited.
  • Engage in multiple levels of review of sensitive documents: The Samsung expert report was the type of document likely to include sensitive information. The magistrate judge faulted Samsung’s counsel for failing to include, given the high sensitivity of the information, at least one or two more levels of review beyond the initial redaction. Counsel should build in basic quality-control procedures to catch inevitable mistakes. These procedures need not be expensive. For example, it is likely that a more senior lawyer was familiar with the expert report in the Samsung case, and a skim of the redactions might have caught all but the most subtle omissions.
  • Promptly follow up on mistakes: When Samsung’s counsel became aware of the mistaken redaction, it took minimal corrective actions and waited eight months before notifying Apple. Had Samsung promptly investigated and notified Apple of the relatively minor mistake, the dispute likely could have been resolved at a far lower cost.
  • Control the dissemination of information: The magistrate judge faulted Samsung for widely distributing litigation documents within Samsung and “min[ing] documents produced in the litigation for all the value they could possibly extract.” This resulted in the improperly redacted expert report being sent to hundreds of people who were not involved in the Apple litigation. Counsel should carefully control disclosures of documents to those who need the information to assist the litigation, particularly when redactions have not been approved by opposing parties. This not only limits the damage from inadvertent disclosures, but broad circulation of litigation documents can be a bad idea for reasons unrelated to confidentiality. For example, it may tarnish fact witnesses, create unintended witnesses or create additional discoverable information.
  • Anticipate a need to share disclosures in parallel matters: Samsung provided copies of the expert report to outside counsel working on related litigation. These disclosures might not have been problematic if the protective order allowed for the sharing of confidential information among outside counsel in related cases. Even though such provisions often are opposed by the other party, many judges are receptive to them and counsel should seek one if coordination between counsel in related cases is important. Indeed, even though the magistrate judge in this case criticized Samsung’s disclosures, he recognized that Samsung had a “legitimate goal of maintaining consistent positions in all its litigation across the world.”
  • Train employees to be sensitive to confidential litigation information: All employees with access to information under a protective order should be carefully instructed on their obligations. Moreover, individuals given access to litigation documents should be encouraged to raise confidentiality concerns if they believe they have information they should not have. For example, employees should be trained to raise a red flag if they obtain a competitor’s sensitive information through litigation documents, unless they know they are authorized to see such information. This avoids not only protective order disputes, but more serious allegations such as misappropriation of trade secrets. This sensitivity can be encouraged by having employees who may be involved in litigation attend trainings on the confidentiality obligations litigation entails.

Ultimately, Samsung’s experience teaches us, once again, that careful, proactive case management by both in-house and outside counsel is the shortest path to reducing cost and risk, while still ensuring vigorous and effective litigation.

Marco J. Quina is a partner in Foley Hoag’s intellectual property department who represents clients in commercial litigation with a focus on intellectual property, patent, inventorship, trade secret and antitrust disputes. His practice has involved a range of technology, including biotechnology, medical devices, pharmaceuticals and medical equipment. He has extensive experience in managing and trying cases involving complex electronic discovery. Stephen T. Bychowski is an associate in the same department. He represents clients in a variety of technology and intellectual property-related matters. He works with clients in matters involving contract disputes, false advertising, data security and privacy, and other commercial controversies. He is also a contributor to the firm’s Security, Privacy and the Law blog and Trademark & Copyright Law blog.