You just figured out that the materials you got from opposing counsel include documents that may have been inadvertently included.  What should you do? Model Rule 4.4(b) provides a clear answer—promptly notify the sender. But what happens when you receive, through non-party discovery, a DropBox link that supplies you with live access to opposing party’s corporate file directory? A court in New York was recently presented with this novel question.

How did this happen?

Defendants subpoenaed documents from Plaintiff’s financial consultant. The production contained emails that contained links to a DropBox site. Plaintiff used the site in lieu of an in-house server to store its electronic files.  For about a week, Defendants’ counsel and the client used the links to download and review the Plaintiff’s unproduced documents before finally alerting Plaintiff’s counsel and warning of their intent to use the accessed materials.

Thinking beyond the Rule 

Similar to the Model Rules, New York’s Rule 4.4(b) requires lawyers to promptly notify the sender upon receiving documents related to the representation of the lawyer’s client when the lawyer knows or reasonably should know were inadvertently sent. In addressing the obligations, the Commercial Division referenced both Cmt.[2] and Cmt.[3] in its Decision. The court concluded that the Rule does not support the argument that Defendant’s counsel was allowed to download and examine Plaintiff’s electronically stored corporate files prior to notifying Plaintiff’s counsel.

Cmt.[2] in relevant part provides that “Although this Rule does not require that the receiving lawyer refrain from reading or continuing to read the document, a lawyer who reads or continues to read a document that contains privileged or confidential information may be subject to court-imposed sanctions, including disqualification and evidence-preclusion. Whether the lawyer or law firm is required to take additional steps, such as returning the document or other writing, is a matter of law beyond the scope of these Rules, as is the question whether the privileged status of a document or other writing has been waived.”

Cmt.[3] in relevant part provides that “Nevertheless, substantive law or procedural rules may require a lawyer to refrain from reading an inadvertently sent document or other writing, or to return the document or other writing to the sender or permanently delete electronically stored information, or both. Accordingly, in deciding whether to retain or use an inadvertently received document or other writing, some lawyers may take into account whether the attorney-client privilege would attach. But if applicable law or rules do not address the situation, decisions to refrain from reading such a document or other writing or instead to return them, or both, are matters of professional judgment reserved to the lawyer.”

A distinction should be drawn here

The court found that the difference between the issue being one of whether the review of and use of was permissible under the more typical situation under Rule 4.4(b) where one received inadvertently received individual privileged documents in discovery is that the corporate file directory was not actually produced. Instead, the corporate directory was secretly and continually accessed by Defendant and their counsel under circumstances that should have raised red flags and that were outside of the scope of discovery. Further, while Plaintiff should have taken greater precautions to secure its DropBox files, that still did not authorize Defendants to rummage through these electronically stored files without authorization. The Court found that the Defendant should have notified opposing counsel and/or requested direction from the court as to what use could be made from the documents accessed through the DropBox.   

The Decision

The court found that the cases provided did not suggest “that when an e-mail contains a link to an entire cloud-based file directory to facilitate the recipient’s provision of services (i.e., not as a link to specific documents referenced in the email), that automatically means that the producing party’s entire cloud-based file directory becomes fair game for discovery.”

Accordingly, the Defendants were ordered to return all documents from the DropBox that were not independently produced during discovery, destroy all notes and derivative work product flowing from such documents, and for Defendants (counsel and client) to pay plaintiff for the cost of bringing the motion for protective order and for attorneys’ fees—to the tune of $155,977.  The Decision has been appealed. Upon motion, the court denied Defendant’s challenge to the attorney fees award, but stayed the enforcement of the sanctions award pending appeal due to the novelty of the issue. 

Takeaway

While your jurisdiction’s ethics rules may or may not explicitly prohibit lawyers from reviewing inadvertently sent documents or links to document, do not just assume that you are allowed to keep reviewing the materials or that you can use the materials in any meaningful way, especially without researching the applicable substantive rules. While you may at first think you got a lucky break by seeing the materials, what you do afterward may cost your client and firm a substantial amount of money and harm.