As the volume of electronically stored information (“ESI”) continues to expand rapidly, working with e-discovery vendors for collection, processing, review and production has become commonplace. Entrusting massive amounts of sensitive company data to an e-discovery vendor for the life of a litigation (and sometimes longer) is routine. But do you really know where your data is and who is responsible for it?
Earlier this week, it was reported that GlaxoSmithKline PLC filed a complaint in New York state court alleging that a New York City-based e-discovery vendor, Discovery Works Legal Inc., and its CEO Harry Debari is “holding hostage over 20 terabytes of GSK’s most sensitive and confidential data, and threatening to withhold and destroy the data unless GSK pays the ransom” of more than $80,000. According to the article discussing the complaint, Discovery Works was in control of roughly 3.75 billion pages of GSK documents in “unknown” locations.
While this is an extreme, and hopefully isolated incident, it highlights the potentially precarious situation that can be created when ESI is handed over to a third-party vendor. Of course, there is a very low likelihood such a hostage situation would ever arise with the large number of reputable vendors that occupy the e-discovery space. That said, there are many steps that could be taken to mitigate such risk, and/or simply give companies and law firms the ability to reduce storage/hosting fees or switch e-discovery vendors for any number of reasons.