Protecting Privilege Series / Part Two of Three
Even clear rules can’t save you from a privilege disaster if your workflows fall short. In this second part of our series, we examine two real-world cases where simple mistakes — like unsecured links and missed deadlines — led to costly privilege waivers.
The Birth of Rule 502(b)
In 2011, something important happened in the world of ediscovery. The Federal Rules were amended to address a glowing crisis: Lawyers were inadvertently producing privileged materials at an alarming rate, and courts were struggling to establish consistent standards.
That’s why Federal Rule 502(b) was established. But as we’ll see, even clear rules don’t prevent disaster when attorneys fail to take basic precautions.
The High Stakes of Attorney-Client Privilege in the Digital Age
Catch up on Part 1, where we explore why protecting privilege has become increasingly complex in today’s digital-first legal landscape, and how a single mistake in managing modern data can jeopardize your case.
The Rules That Changed the Game
On December 1st, 2011, updates to Fed. R. Civ. P. 26(b)(5) and Rule 502(b) of the Federal Rules of Evidence were adopted to clarify how privilege should be protected in litigation.
The rule established that accidental disclosure of privileged material doesn’t automatically waive privilege, but only if two conditions are met:
- Prevention: The privilege holder took “reasonable steps to prevent disclosure”
- Rectification: The holder “promptly took reasonable steps to rectify the error”
Sounds fair, right? If you tried to protect the information and acted quickly to fix the mistake, then you’re protected. However, what exactly counts as “reasonable steps”?
The Receiving Party’s Obligations
Rule 502 isn’t just about the producing party. Once you receive privileged information, you have obligations to:
- Promptly return, sequester, or destroy the material
- Don’t use or disclose the information until the claim is resolved
- Notify the sender
Both sides have ethical duties here. Attorneys can face professional discipline for mishandling privileged materials, whether they sent them or received them.
Case Study #1: When a Boilerplate Warning Isn’t Enough
Harleysville Ins. Co. v. Holding Funeral Home, Inc. (2017)
What happened:
An insurance company employee made a critical mistake when they:
- Uploaded an entire case file, including privileged materials, to Box.com.
- Sent an unprotected link to an outside investigator
- That same link was later inadvertently forwarded to opposing counsel
No password. No encryption. No access restrictions. Just a public link to confidential case files, floating out on the internet.
The Defense:
Harleysville’s attorneys argued they hadn’t waived privilege because they never intended to share the files with opposing counsel. They pointed to a confidentiality notice in the email as proof of their intent to protect the information.
You know the one — that boilerplate language automatically appended to the bottom of every email that nobody reads.
The Court’s Brutal Assessment
The magistrate judge didn’t mince words:
“It is hard to imagine an act that would be more contrary to protecting the confidentiality of information than to post the information to the world wide web.”
The Ruling:
- Privilege was waived for all materials in question
- No evidence that “any precautions were taken to prevent this disclosure”
- Making files “accessible to anyone with access to the internet” failed the basic test of reasonableness
- Defense counsel’s actions were also deemed improper
- Defense counsel had to bear costs for both parties
The Lesson: Boilerplate confidentiality notices are worthless without actual security measures. A password would have changed everything.
Case Study #2: A Real-Life Perry Mason Moment
The Alex Jones Case (2022)
This case made national headlines, and for good reason. It perfectly illustrates what happens when privilege protection fails spectacularly.
What Happened:
During a defamation trial in Texas, Alex Jones’ legal team made an error that became courtroom legend. A paralegal accidentally sent opposing counsel:
- A complete digital copy of Jones’ cell phone
- Every text message sent over two years
- Attorney-client communications related to the case
And then? They failed to identify any of it as privileged within the required timeframe.
Plaintiffs’ attorneys Mark Bankston waited until Jones was on the stand under cross-examination to reveal what had happened:
“Mr. Jones, did you know that 12 days ago, your attorneys messed up and sent me an entire digital copy of your entire cell phone with every text message you’ve sent for the past two years? And when informed, did not take any steps to identify it as privileged or protect it in any way…”
The Critical Detail:
Under Texas Rule of Civil Procedure 193.3, the producing party has 10 days after discovering inadvertent production to amend their response and assert privilege.
Jones’ attorneys missed that window.
The Aftermath
Jones’ attorneys filed an emergency motion for a protective order on 2.3 gigabytes of materials. The judge denied it; the damage was already done.
The Result: Jones was ordered to pay $45.2 million in damages.
While many factors contributed to that judgment, the inadvertently produced communications played a significant role in undermining his defense.
Understanding Privilege Rules
Both cases highlight an important reality: Privilege is earned, not automatic.
Remember these key provisions of Rule 502:
Rule 502(a) – Federal Proceedings:
Limits waiver to the specific communications disclosed, not the entire subject matter (unless “fairness” requires broader disclosure)
Rule 502(b) – Inadvertent Disclosure:
No waiver if you took reasonable prevention steps and promptly rectified the error
Rule 502(c) – State Proceedings:
When state disclosure is later considered federally, the law providing the greatest privilege protection applies
Rule 502(d) – Court Orders:
Federal courts can enter confidentiality orders stating that disclosure in that litigation doesn’t waive privilege
Rule 502(e) – Party Agreements:
Parties can agree to limit the effect of any disclosure
The Growing Challenge
As litigation teams increasingly rely on computer-aided review and AI tools to manage enormous volumes of data, the likelihood of overlooking privileged documents grows. The very tools designed to reduce review costs may increase the risk of accidental production.
Protecting privilege requires awareness, a proactive strategy, and the right technology to back it up.
Dive deeper into best practices and real-world strategies in our free eGuide, Protecting Attorney-Client Privilege.
In our final post, we’ll share practical, actionable strategies for protecting privilege in your practice, from the technology choices you make to the workflows you implement.
