Texas Jury Hits E-Discovery Vendor with Penalties for Violation of Computer Crimes Statute
November 21, 2024
Privacy Plus+
Privacy, Technology and Perspective
This week, let’s highlight a recent Texas case presenting significant e-discovery liability and privacy issues.
Case Overview
Three Maine plaintiffs filed suit in Tarrant County against Consilio, LLC, one of the world's largest e-discovery firms, alleging unauthorized access and mishandling of email data during e-discovery collection.
Background
According to the amended petition filed in the case, Consilio agreed to search Plaintiff Angelyn Olson's email using 12 specific search terms from 2012-present and to confine that search to the email address fields and not to the full body of the emails. Instead, Consilio downloaded her entire email archive (34,000+ files) containing sensitive personal data and searched across all fields. Post-collection, Consilio allegedly destroyed 3.9GB of data after being instructed to secure it.
Cause of Action
The Plaintiffs asserted numerous causes of action:
· Negligence/Gross Negligence: Breach of duty to follow agreed-upon e-discovery protocol and secure data
· Invasion of Privacy: Unauthorized intrusion into private affairs
· Common Law Fraud: Misrepresentation of collection methodology
· Negligence Per Se: Violations of Texas/Maine criminal computer access statutes
· Harmful Access by Computer: Violation of Texas Penal Code §33.02(a)
· Civil Conspiracy: Coordinated unauthorized access between technicians
· Spoliation: Destruction of evidence after notice
Damages and Verdict
In their petition, the Plaintiffs sought damages for mental anguish (past/future), medical expenses, punitive damages, attorney fees and court costs.
On November 6th, a Fort Worth jury found Consilio guilty of violating Texas Penal Code § 33.02(a), which states that accessing a computer without the owner's consent a Class B Misdemeanor. It assessed penalties against Consilio for $50,000.
Additional Information
A link to the Plaintiffs’ Second Amended Petition follows:
A link to a local news story highlighting the result can be found here:
Our Thoughts
This verdict signals a dramatic shift in vendor liability. Criminal consequences for exceeding authorized access will likely reshape how vendors approach collection protocols, consent documentation, and contracts with the law firms that retain them. Lawyers must now intensify oversight of vendor compliance, including providing clear documentation of scope limitations and collection methodologies, as well as monitoring e-discovery protocol adherence.
While the broad collection of data is expedient in litigation, this verdict suggests juries will prioritize privacy over convenience. The common "collect everything, filter later" approach now appears fraught without explicit, informed client consent. Moving forward, litigators should re-evaluate their e-discovery contracts and protocols, secure explicit client consent for the collection of data, place increased attention on vendor oversight, and maintain rigorous post-collection security measures and destruction protocols. Where possible, we would also suggest that litigators work with information governance, data, or privacy lawyers on collection and retention issues.
---
Hosch & Morris, PLLC is a boutique law firm dedicated to data privacy and protection, cybersecurity, the Internet and technology. Open the Future℠.