Keeping Confidential Information Confidential - Page 2

Jul 10, 2008

Kurt Stitcher

       Training - Group training, handbooks, human points of contact, and compliance mechanisms are all vital to ensuring that your company can avoid questions about its conduct in the event of a government investigation. Notably, the destruction of data, if conducted in compliance with company policy, can save you both money and logistical headaches and can help defeat charges of obstruction or spoliation.

       A crisis management team - Form one that includes management, legal, IT, and accounting personnel. When a crisis arises, the team should ensure immediate notice to those who know how and where the company is storing potentially relevant ESI. The team should also arrange the immediate suspension of automatic data destruction procedures and the circulation of preservation notices (a.k.a. “holds”).

       Data segregation - Segregate privileged and otherwise protected data from non-privileged and routine data. Internal IT and outside consultants can address the technical feasibility of various proposals. Even if the government winds up seizing ESI, the prior segregation will bolster the company’s position when it seeks return of the segregated data and will assist you in crafting a post-seizure review process that maximizes the company’s chances of preserving the sanctity of privileged and private ESI.

Data Encryption - The more radical approach to ESI self-help is the encryption of privileged and otherwise protected data within the company’s computer system. Data encryption comes in many forms but, at base, all encryption systems require encryption codes (typically from software) and encryption keys (e.g., symmetric, public, one-time pads). The goal of any encryption program is to prevent unauthorized persons from accessing your privileged and protected ESI.

Let us suppose the government has executed a search warrant at your place of business and has seized both encrypted and unencrypted files for off-site review. How does the government get access to your encrypted data? First, it can try to break the encryption, which, depending on the encryption method utilized, could be extraordinarily difficult and time-consuming.

Second, the government can serve a grand jury subpoena demanding production of the encryption key. Unfortunately, your company has no Fifth Amendment rights and cannot refuse to comply with the subpoena. But all is not lost—the company can still negotiate with the government regarding the withholding of privileged materials and/or move to quash the subpoena. Pre-search negotiations beat post-search negotiations any day.

Third, even if the government never serves a subpoena, it can still negotiate with the company over an appropriate protocol for a search of your ESI. Having gone through the dual processes of segregation and encryption, you will be in an excellent position to establish that the encrypted information is legally protected from disclosure.


Government search and seizure in the digital age can pose serious problems for your company. By taking appropriate proactive steps, however, you can help secure your company’s privileged and protected information—and that of your clients or customers—against unwarranted intrusion from potentially overreaching government investigators.

Kurt Stitcher is a partner in the Litigation Practice Group at Levenfeld Pearlstein LLC, where he represents clients in product liability and toxic/mass tort litigation, corporate internal investigations and white-collar criminal defense, and general commercial and class action litigation.

Page 2 of 2


0 Comments (click to add your comment)
Comment and Contribute

Your comment has been submitted and is pending approval.



 (click to add your comment)

Comment and Contribute

Your name/nickname

Your email


(Maximum characters: 1200). You have characters left.