An interesting article (available through Law360 subscription) by Mark Cooper and Richard Bacon at Eversheds Sutherland, specifically relating to the TBD (Owen Holland) Limited v Simons & Others  EWHC 30 (Ch) case. This case presents a scenario that is all too common where an employee leaves Company A to join Company B and is alleged to have taken confidential data with them to use at Company B at the expense of Company A. A search order is often sought in these scenarios to ensure that documents that could be relevant to the case are preserved.
Although I am not able to comment on the case from a legal perspective as the authors do, it is interesting to see how the facts played out in this scenario. We often get involved in assisting on these type of cases where we act as the independent computer expert during the execution of an order.
When these orders are sought, from a technical perspective, it is important to ensure that they take into account the way people use technologies and where data may be stored. For example, it is not simply the computers in the buildings subject to an order that could hold relevant documents, but much data can exist in the Cloud or in data centres - therefore, how this data is included in an order must be considered.
Equally, virtually all devices and on-line accounts that need to be captured will have some form of security around them, sometimes just a username and password, but often they can also have two-factor authentication built in. These factors must also be considered in the drafting of the order.
And as this article points out, the preservation is just the starting point with the data. Any further actions, which will need to be properly agreed by the parties and/or the court, will include two distinct technical processes:
- The first will involve preparing the user-created documents (e.g. emails, office documents, PDF files etc) to be indexed and analysed to determine a set of documents that can be reviewed.
- The second will involve a more forensic analysis of the captured data, looking to recover artefacts that could also be useful to the case, for example, recovering deleted files, extracting Internet browsing history and identifying USB devices connected to a machine.
These processes will often include steps that include the identification of materials that may not be reviewed, for example privileged data, so that it can be isolated and excluded from the ongoing process.
If you'd like to know more about our experiences in respect of search orders, please feel free to contact me.
Applicants for a search order should not make use of preserved documents without specific court sanction. The search order precedent in Section 25 of the civil procedure rules envisages an item-by-item review of material, whereby the respondent facilitates the display of items listed in the search order, which can then be read and copied. This however may not be suitable for soft-copy documents, which generally are of a large volume and in practical terms cannot be subject to an item-by-item review. While imaging will be a less disruptive and more efficient way to proceed, it is likely to involve the production of material that is not only not listed in the search order, but may also be privileged or incriminating. In such circumstances, a search order that also provides for disclosure will be exceptional until such time as the respondent and any other interested party has been heard, given that exactly what has been imaged will not be known.