Data security concerns have increased in the past several years, as hacking, corporate espionage, and data breaches are on the rise around the globe. Third-party attacks are becoming not only more sophisticated but also larger in scale. Law firms, legal matters, litigation and produced data remain high-profile targets for cyber-attacks. As discussed in a previous article, producing parties remain vulnerable to the risk that even if they adequately protect data in their own systems, third parties may steal data from the requesting parties’ systems.
Parties and counsel who receive data in litigation have an obligation to take reasonable steps to protect that data. See The Sedona Principles, Third Edition: Best Practices, Recommendations & Principles for Addressing Electronic Document Production, 19 Sedona Conf. J. 1, 179 (2018); see also William LaRosa, Note, New Legal Problems, Old Legal Solutions: Bailment Theory As A Baseline Data Security Standard of Care Owed to Opponent’s Data In E-Discovery, 167 U. Pa. L. Rev. 1 (2019). Moreover, “[a] requesting party inherits the data privacy and protection obligations that come with the ESI it receives, including the responsibilities that arise from the loss of that information.” The Sedona Principles at 179, n. 147.
