Using Dropbox may drop privilege, court holds

Laura Wasson, Dickinson Law Firm, Iowa Cybersecurity Law, Iowa Banking Law, Des Moines Iowa

Posted on 07/06/2017 at 12:00 AM by Laura Wasson

On February 9, 2017, a Virginia court held that an insurance company, Harleysville, waived their attorney-client privilege with respect to a file it uploaded to an online file-sharing service operated by Box, Inc. Harleysville Ins. Co., v. Holding Funeral Home, Inc., et al, No. 1:2015cv00057 – Document 68 (W.D. Va. 2017). The link to the file-sharing site was sent via an e-mail that contained a confidentiality notice stating the material was privileged and subject to legal penalties for unauthorized use. Notwithstanding, the online file-sharing site was not password-protected. It could be accessed by anyone in possession of the hyperlink.

Harleysville later produced this e-mail to opposing counsel in litigation. The opposing counsel clicked on the link and accessed the privileged materials. Harleysville argued that this disclosure was “involuntary” because the e-mail was not originally addressed to opposing counsel so their access was unauthorized. The court rejected that argument, finding that Harleysville intentionally uploaded the document onto the site, so regardless of whether opposing counsel should have clicked on the link, disclosure was not involuntary.

The court ultimately found that Harleysville’s use of the file-sharing site waived their attorney-client privilege with respect to files on that site because Harleysville had not taken reasonable measures to protect the confidentiality of those files. It did not matter that the e-mail stated it was a privileged communication. To the court, the fact that the site was not password protected was “equivalent of leaving [Harleysville’s] claims file on a bench in the public square and telling its counsel where they could find it.”

In a world where technology and data storage is rapidly evolving, the Harleysville decision could be a glimpse into many companies’ futures - but it doesn’t have to be yours. Now is a better time than ever to review your company’s data storage and sharing policies to ensure you have passwords and other reasonable measures in place to protect the confidentiality of your information. For additional questions on corporate technology policies, contact Laura Wasson.

The material in this blog is not intended, nor should it be construed or relied upon, as legal advice. Please consult with an attorney if specific legal information is needed.

- Laura Wasson


Questions, Contact us today.

Contact Us


The material, whether written or oral (including videos) that is posted on the various blogs of Dickinson Bradshaw is not intended, nor should it be construed or relied upon, as legal advice. The opinions expressed in the various blog posting are those of the individual author, they may not reflect the opinions of the firm.  Your use of the Dickinson Bradshaw blog postings does NOT create an attorney-client relationship between you and Dickinson, Bradshaw, Fowler & Hagen, P.C. or any of its attorneys.  If specific legal information is needed, please retain and consult with an attorney of your own selection.

There are no comments yet.
Add Comment

* Indicates a required field