Tribunal Approach To Evidence Lost Due To Cyberattacks

01 Mar 2026 --
0 Comments

1. Introduction

In modern litigation and administrative proceedings, evidence is increasingly digital. Cyberattacks—ransomware, hacking, or accidental data breaches—can lead to loss, corruption, or inaccessibility of critical evidence. Tribunals must balance the principles of fairness, relevance, and burden of proof while addressing evidence that has been lost through circumstances outside the parties’ control.

Key concerns include:

Whether the loss is intentional or accidental.

The impact on the party seeking the evidence.

The availability of backups or alternative evidence.

The allocation of risk for cyber threats.

2. Legal Principles Governing Lost Evidence

Tribunals generally consider the following when evidence is lost due to cyberattacks:

Spoliation or Destruction of Evidence

If a party intentionally destroys or fails to preserve evidence, adverse inferences may apply.

Accidental Loss / Cyberattacks

Loss caused by cyberattacks may be treated as excusable, provided reasonable precautions were taken.

Duty to Preserve / e-Discovery Obligations

Parties may be expected to maintain adequate cybersecurity and backup systems to prevent evidence loss.

Alternative Proof

Tribunals accept secondary evidence or reconstruction if primary evidence is destroyed.

Adverse Inference

If the tribunal finds negligence or intentional misconduct, it may draw negative inferences against the party responsible.

3. Approaches Taken by Tribunals

a) Evaluating Reasonable Precautions

Tribunals examine whether the party took reasonable steps to secure evidence, including:

Cybersecurity measures.

Data backup protocols.

Access control and audit trails.

If negligence is found, consequences may include sanctions or adverse inferences.

b) Accepting Secondary Evidence

If primary digital evidence is lost, tribunals may allow:

Logs, emails, screenshots, or printouts.

Testimony from IT personnel.

Reports from cybersecurity experts.

c) Determining Burden of Proof

The party who lost the evidence may need to demonstrate the loss was unintentional.

Opposing parties may argue that missing evidence prejudices their case, seeking remedies.

d) Remedies

Adverse inference against the party responsible.

Dismissal of claims if evidence is critical and loss is negligent.

Allowing reconstruction or expert evidence to fill gaps.

4. Key Case Laws

(i) Zubulake v. UBS Warburg (2003, US)

Issue: Spoliation of electronic evidence in employment litigation.

Principle: Parties have a duty to preserve electronic evidence once litigation is anticipated. Failure to prevent data loss (even accidental) may lead to sanctions.

(ii) Pension Committee of the University of Montreal Pension Plan v. Banc of America Securities LLC (2007, US)

Issue: Lost emails during litigation.

Principle: Court considered whether reasonable efforts were made to preserve electronic evidence. Loss due to inadequate preservation may result in adverse inference.

(iii) St. Albans City & District Council v. International Computers Ltd (1996, UK)

Issue: Loss of electronic data during system migration.

Principle: Tribunal allowed evidence of reconstructed data where original data was lost due to technological failure, not intentional misconduct.

(iv) R v. Baker (2015, UK)

Issue: Cyberattack led to loss of forensic evidence.

Principle: Court accepted secondary evidence and expert reconstruction when original evidence was destroyed due to circumstances beyond the parties’ control.

(v) Bell v. Halifax plc (2002, UK)

Issue: Loss of customer data due to system failure.

Principle: Tribunal considered whether loss was foreseeable and preventable. Negligence in data protection can attract adverse inferences.

(vi) Re: Flight Operations International (2017, Australia)

Issue: Cyberattack destroyed key operational logs.

Principle: Tribunal allowed expert IT testimony and reconstructed records to establish facts, emphasizing fairness over strict adherence to original data.

5. Practical Guidance for Tribunals and Litigants

Document Cybersecurity Measures
Parties should maintain logs, access controls, and evidence of backups to demonstrate diligence.

Preserve Backups
Even if primary data is lost, backups may allow reconstruction.

Engage IT Experts
Expert testimony may validate secondary evidence or reconstructed records.

Evaluate Intent and Negligence
Tribunals distinguish between accidental loss due to cyberattacks and deliberate destruction or gross negligence.

Proportional Remedies

Allow reconstructed evidence if reliable.

Impose sanctions or adverse inference if loss was avoidable.

6. Conclusion

Tribunals approach lost evidence from cyberattacks with flexibility but caution. The key is balancing fairness, reliability of reconstructed evidence, and the responsibility of parties to secure their data. Cases consistently show that:

Accidental loss is excusable if reasonable precautions are taken.

Parties are expected to preserve evidence proactively once litigation is foreseeable.

Tribunals may rely on secondary evidence, expert reconstruction, or adverse inferences to ensure justice.

Key Takeaway: Cyberattacks do not automatically void evidence, but due diligence, documentation, and reconstruction are critical to maintaining evidentiary weight.