Debra Cassens Weiss reports:
A battle over laptops taken by lawyers to a new law firm failed to reach a settlement last week during a three-hour session before a magistrate judge.
The suit by Pennsylvania insurance boutique Nelson Brown Hamilton & Krekstein initially sought the return of laptops taken by 14 departing lawyers to Lewis, Brisbois, Bisgaard & Smith, the National Law Journal (sub. req.) reports. The suit seeks damages under the Computer Fraud and Abuse Act.
After the suit was filed last May, Lewis Brisbois returned the laptops, but erased and preserved the information they held, the story says. Now both law firms have hired computer experts to determine what information was on the devices.
The departing lawyers had represented hacked companies, and Nelson Brown says sensitive information such as Social Security numbers may have been saved on the laptops. The firm also says the devices may have contained confidential client lists and legal strategies.
Read more on ABA Journal.
From looking at the complaint, Nelson Brown owned the laptops and devices that the departing attorneys took with them in February 2014. What were the lawyers’ ethical obligations to the firm’s clients they had been representing? Could they just hand over the laptops and walk away?
And given that personal and sensitive information of data breach victims may have been on those laptops and devices, I wonder what would have happened if Nelson Brown had configured their security so that data were not stored locally but on their server from which it could be accessed but not saved locally? Why were all their lawyers walking around with PII on laptops? Were the data encrypted?