eDiscovery Daily Blog

• October 4, 2013

On Monday
and Tuesday
of this week, we discussed 10 Things to
Know Before Moving eDiscovery to the Cloud, emphasizing the importance to
know where your data is located.  This
example illustrates the importance of that principle.

As reported by Robert Hilson in the Association of Certified E-Discovery
Specialists ® web site (Judge
eyes vendor contracts as ‘frightening’ ransoming of Glaxo data unfolds),
New York-based eDiscovery vendor Discovery Works Global has been accused of
holding hostage nearly four billion pages of data on behalf of its client, pharmaceutical
giant, GlaxoSmithKline.  Glaxo sued Discovery
Works and its CEO, Harry Debari, in January saying they withheld 20 terabytes
of sensitive information.

In a hearing on September 24, New York County state
Judge Shirley Werner Kornreich “ordered Discovery Works to provide a full
accounting by November 1 of all the Glaxo materials it has received. If it is
unable to do so, Glaxo may send its IT personnel to retrieve its data from
Discovery Works servers”.  As noted in
the article, “Judge Kornreich said representations by Discovery Works suggest
Glaxo data is dispersed randomly across its databases in raw uncoded form.
Retrieving it will take significant time and IT sources, she said.”

This is amid reports that Discovery Works is “said to
be insolvent” after “two recent judgments for more than $800,000 in New York state courts against Discovery Works for
unpaid invoices” and reports that the “telephone numbers listed on the
Discovery Works website have been disconnected”.

“It’s a frightening thought,” Judge Kornreich said.
“And a cautionary tale for anyone who uses a discovery vendor.”

Hilson’s article goes into more depth about this case
and provides some best practices for an organization using an eDiscovery vendor
to host its data, including insisting that all original materials provided to
the vendor are returned when the relationship is terminated and maintaining a
copy of all materials provided to the vendor.

Those are sound practices in dealing with an
eDiscovery vendor.  At CloudNine Discovery, we include in our
contracts with clients language giving them the option to request data
destruction, near ready retention or destruction of the data (with an export of
the data back to the client) once a project is concluded, so we cover the
handling of data whether or not our clients address it with us.

Judge Kornreich’s comments in her ruling make it seem
like this is a common occurrence, but, I have not seen any other instances
where eDiscovery hosting providers have behaved in such a manner, solvent or
insolvent, as Glaxo alleges that Discovery Works has done.  If you know of any other instances, feel free
to comment.  Nonetheless, it pays to make
sure that you protect yourself.  Know
where your data is located and have language in the contract that covers destruction
and return of the data at the conclusion of services.

So, what do you think?  How do you protect your online data?   Please share any comments you might have or
if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the author,
and do not necessarily represent the views held by CloudNine Discovery. eDiscoveryDaily is made available by CloudNine Discovery solely for educational
purposes to provide general information about general eDiscovery principles and
not to provide specific legal advice applicable to any particular circumstance.
eDiscoveryDaily should not be used as a substitute for competent legal advice
from a lawyer you have retained and who has agreed to represent you.