Not All Software Audits Protected By Privilege
Companies faced with a demand for a software audit from a software publisher or an entity such as the Business Software Alliance or Software & Information Industry Association are increasingly turning to their own internal IT departments or hiring technology consultants to conduct software audits, the results of which may be discoverable in future litigation. The discovery risks associated with conducting an internal audit or hiring an outside IT firm to conduct a software audit may be mitigated by hiring legal counsel to conduct the audit and prepare a legal analysis.
Often software companies like Microsoft demand that a company comply with a software audit conducted by an auditor of Microsoft’s choosing, such as KPMG Deloitte & Touche, or other auditors or face a potential copyright infringement lawsuit. These auditors do not work on behalf of the company, but work on behalf of the software publisher who hires them. Therefore, the audit results are not protected from confidentiality or privilege if the matter ultimately proceeds to litigation.
Work product privilege was specifically addressed by a Massachusetts federal district court in Columbia Data Products, Inc. v. Autonomy Corp. Ltd. (D.Mass 2012). Columbia Data Products believed Autonomy Corporation Limited unlawfully copied and distributed its software, committing copyright infringement and violating the terms of the license agreements. Pursuant to the software license agreement, PriceWaterhouseCoopers conducted a software audit, resulting in an assessment of more than $23 million in damages and unpaid fees, which Autonomy disputed. Columbia Data Products sought to compel Autonomy to produce information related to the audit at trial after Autonomy claimed the information was protected by attorney-client privilege and work product privilege.
Attorney-client privilege applies where legal advice is sought from an attorney in his or her capacity, the communication is for that purpose, made in confidence, and is not waived. Work product privilege may be asserted when a party or its representative prepares a document or tangible item in anticipation of litigation.
The court concluded that work product privilege did not apply because the audit results were not prepared in anticipation of litigation, highlighting that PWC was hired pursuant to Columbia Data Products’ rights pursuant to the software license agreement. Additionally, the court held that attorney-client privilege did not apply because the communications extended to a third party, therefore waiving the privilege.
One of the few ways a company faced with an audit that could result in copyright infringement claims can successfully protect the results of a software audit is to engage legal counsel for the specific purpose of gathering facts and conducting a legal analysis. The key is to protect the information from both internal and external disclosure in order to preserve the privilege if litigation ensues. In addition, companies should obtain an agreement pursuant to Federal Rule of Evidence 408 that the results of the audit cannot be used in litigation and that any information communicated for settlement purposes must remain confidential.