An interesting article I just read illustrates the importance of making sure confidential information is protected when in the hands of third parties. It has nothing to do with breaches but holding confidential content hostage in a game of tug of war between a client and a vendor. I had actually never thought of this before.
The dispute is between Glaxo SmithKline and a litigation and eDiscovery vendor named Discovery Works. Discovery Works was withholding up to 50 terabytes of confidential information, including trade secrets, patent portfolio data, pricing information, sensitive communications among top executives, and privileged work product that belonged to Glaxo. It also appears that Discovery Works was facing insolvency and in a rather emotional moment, the CEO Harry Debari sent the following to Glaxo and their legal team: “Wire $55,000 to a secret account or its “bombs away.” The vendor allegedly threatened to destroy hundreds of millions of documents belonging to GlaxoSmithKline unless that sum was paid.
The article brought up a good point in saying “The case makes a strong argument for a “buyer beware” warning to even large corporations. London-based Glaxo is among the world’s biggest pharmaceutical companies with revenues of about $27 billion. Some may wonder how a conglomerate that is constantly in litigation would entrust so much sensitive data to a company of modest means and few employees.”
The suit has been resolved, but how it was resolved is not available to the public. According to Glaxo, “If [confidential data is] disclosed, the genie could not be put back in the bottle,” Glaxo said.
Even though there was a contractual agreement to return the confidential information it obviously had no impact in this situation. I am wondering what you do for due diligence. As the author pointed out why would Glaxo entrust their confidential data to Discovery Works. Although rather an odd occurrence, are there any precautions your organization takes in this scenario? Is it possible to take any precautions?