Making Sense of Third-Party Discovery

It would be so nice if something made sense for a change!

- Alice, “Alice’s Adventures in Wonderland” by Lewis Carroll
 

What happens when, out of nowhere, the “other side” in a litigation matter wants electronic information during discovery not from you, but from a third-party who has worked directly with your company? Yikes! What about all that confidential information you provided them, never imagining that anyone else would have access to such electronic information? Alternatively, what if those third parties have purged their files and no longer have the requested information? Is there a duty to maintain electronic documentation which is out of your immediate control? 

The issue was addressed by United States Magistrate Judge Paul W. Grimm in his decision Goodman v. Praxair Servs., Inc., 2009 WL 1955805 (D. Md. July 7, 2009), where the Plaintiff asked that consultants to Praxair Services turn over their electronic documents in discovery.  The Plaintiff alleged that the Defendants violated their duty to preserve evidence when they failed to implement a litigation hold on the third party, resulting in a significant loss of data, including the contents of hard drives and emails relevant to the dispute at issue.

The Court found there was no duty to preserve third party evidence.  Although Fed. R. Civ. P. 34(a) does provide that documents are considered to be under a party's control when that party has “the right, authority, or practical ability to obtain the documents from a non-party to the action,”  the Court determined that Praxair did not have “the sufficient legal authority or the practical ability” to ensure the preservation of documents prepared by its third-party consultants or "any legal control" over those documents.  Accordingly, the Court held that Praxair had no duty to preserve any of the documents prepared by the third-party consultants.  Absent any duty to preserve evidence under a party’s control, there could be no finding that spoliation of evidence had occurred. 

This is a holding that makes perfectly good sense.  Alice would be delighted.

Data Talk: Cache and Transient


E-discovery requests often focus on “tangible” data that exists on physical storage devices, such as e-mail messages, documents, pictures, music, video, sound clips, or application program files. But what about data that is not so tangible, such as elusively cached or transient files that exist only in integrated circuitries such as Random Access Memory (RAM)?  Is that data discoverable? And is there a duty to preserve? Courts appear to say YES, as long as a litigating party has requested it.

In Arista Records LLC v. Usenet.com Inc., 2009 WL 185992 (S.D.N.Y.), several record companies filed a claim for copyright infringement against a Usenet provider, alleging that Usenet.com's subscribers swap music recordings in the format of MP3 files without obtaining permission from the record companies. To prove their case, the plaintiffs requested production of Usenet.com's usage data logs. Usenet.com refused to produce the logs, contending that it had no duty to preserve or produce that data because it is of a transitory nature, and because it serves no business purpose. Arista Records LLC v. Usenet.com Inc., 2009 WL 1851992 (S.D.N.Y.), at *15.

The court was not persuaded by the defendant's argument. Indeed, the court imposed sanctions on grounds that Usenet.com had willfully failed to preserve data that was subject to a discovery request. Noting that the plaintiff record companies had specifically requested the usage data logs, the court held that Usenet.com had notice of its duty to preserve.

In another case, however, the same court distinguishes between e-mails (which have a "semi-permanent existence") and wave forms, or "ephemeral" data displayed on oscilloscope during "tuning" of computer disk drives. The court noted that no business purpose dictated that such data be retained, and held that under a general litigation hold, and absent a preservation order, failure to preserve such data did not warrant sanctions. Convolve, Inc. v. Compaq Computer Corp., 223 F.R.D. 162 (S.D.N.Y. 2004).

In Healthcare Advocates, Inc. v. Harding, Earley, Follner & Frailey, 497 F.Supp.2d 627 (E.D.Pa.2007) a party failed to preserve temporary cache files. There the court held that sanctions were not warranted because the party had not purposefully destroyed cache files that could have been used as evidence.

In reviewing these cases, it appears that the discoverability of cache, transient or ephemeral data hinges on the following factors:

  • whether the data serves a business purpose that warrants retention
  • whether the requested data is relevant to the case
  • whether the party is capable of preserving the data
  • whether data that might have served as evidence has been purposefully destroyed
  • the timeliness of the request for data, and whether a party has been given notice of the duty to preserve
  • whether the party acted in good faith to preserve the data
  • whether the data is inaccessible because of undue burden or cost (FRCP 26(b)(2)(B))

As transient data becomes more important to the discovery process, it will be interesting to see how courts handle situations of cloud computing, where data crosses infinite system domains and geographical boundaries. Stay tuned!

Use Caution When Doing Your Spring Cleaning!

 

Although we're in the middle of winter, and the Midwest had -40 degree wind chills last week, this is the time for you to think about spring cleaning. I don't mean scrubbing floors or washing windows. Now is the time to develop a record retention policy and a litigation hold policy and then begin appropriately "cleaning house."  Micron Technology, Inc. v. Rambus, Inc., 2009 WL 54887 (D. Del. Jan. 9, 2009) shows us why it is so very important to have a litigation hold policy in place before starting that spring cleaning.

Rambus was a microchip technology company that became concerned about possible patent infringements by microchip manufacturers. It sought counsel regarding possible litigation, and counsel developed a litigation strategy. During this time, Rambus also designed and implemented a record retention policy, then held a series of "Shred Days" where many expired records were destroyed.

Micron sought a declaratory judgment from the court that its designs did not infringe on Rambus' patent.  The court held a separate trial on whether Rambus' wholesale destruction of documents pursuant to its document retention policy constituted spoliation of evidence and the appropriate sanction to be imposed on Rambus if in fact spoliation had occurred.  

In analyzing the spoliation issue, the court found that Rambus had a duty to preserve its documents once litigation became reasonably foreseeable.  According to the court,

Rambus knew or should have known, that a general implementation of the policy was inappropriate because the documents destroyed would become material at some point in the future.  Therefore, a duty to preserve potentially relevant information arose in December 1998 and any documents purged from that time forward are deemed to have been intentionally destroyed, i.e. destroyed in bad faith. 

Because Rambus' bad faith was so clear and convincing and because Rambus destroyed innumerable documents relating to all aspects of Rambus' business, the court determined that the very integrity of the litigation process had been impugned.  The court found that neither adverse jury instructions nor the preclusion of evidence nor the imposition of fees and costs on Rambus could cure the damage done by the massive document destruction.  Instead, the court delivered the ultimate sanction of all, it declared Rambus' patents involved in the lawsuit unenforceable. 

The moral of the story?  Companies must exercise extreme caution in implementing document retention policies and must strongly consider whether a "litigation hold" needs to be placed on some documents, even in cases where litigation has not been officially commenced yet.  Consequently, when you get that itch to do some spring cleaning, plan ahead so that you can protect your intellectual property and your business.

The Five (or Six) Steps of Electronic Discovery

When a client is hit with a request for electronically-stored information, it is useful to think globally about what has been set in motion--a discovery process that will extent over some period of time and encompass some universe of information.  There are five major steps that the client will need to be prepared for:

(1) Strategy: what is the preservation obligation; what is being requested; where is it stored, and in what form; who knows how to get it, etc.;

(2) Collection of Data: how will the data be retrieved;

(3) Preparation of Data: in what form will the data be presented;

(4) Review of Data: is any data privileged or confidential; what are the key documents, etc; and

(5) Production of Data.

Savvy counsel will also want to go through a sixth step, which is to debrief with their client and talk about what went right, what went wrong, and how to make the process go smoother in the future.

Credit: Mary Mack & Matt Deniston, A Process of Illumination: The Practical Guide to Electronic Discovery 42 (2004).

Spoilation and Sanctions: When a Rogue Employee Deliberately Destroys Data

Assume the worst of your employees, lest a judge or jury assume the worst of you. 

That's the upshot of a recent e-discovery case out of the US Bankruptcy Court for the District of Hawaii. The debtor, Hawaiian Airlines, had shared proprietary information with prospective post-petition investors under a strict confidentiality agreement. Hawaiian later claimed that Defendant Mesa Airlines, once a prospective investor, had breached the confidentiality agreement and misused proprietary information for Mesa's own competitive advantage. After Hawaiian filed its complaint, an attorney for Mesa promptly sent an email to Mesa's three top officers imposing a "litigation hold," which explicitly included electronic documents. One of the recipient executives, Vice President and CFO Peter Murnane, responded by sending out emails from his company account (um, wow) to outside individuals searching for a data-wiping program. Apparently his search bore fruit, and Murnane installed software containing a data-wiping feature on his two company laptops.  He also changed the system clocks on those two laptops in an attempt to make it appear that he had deleted the data well before Hawaiian filed its complaint.

Of course Murnane's machinations ultimately came to light, and Hawaiian filed a motion for sanctions against Mesa. Although no one else at Mesa knew anything about Murnane's crack computer caper, the court granted the motion, finding that Mesa facilitated Murnane's independent wrongdoing by failing to take "reasonable steps to prevent all of its employees from doing wrongful and foolish things, like destroying evidence, under the pressure of litigation." The company managed to dodge a default judgment sanction (whew!), but the court did impose an adverse inference sanction (d'oh!).  So now, instead of being faced with the data, however ugly it might have been, the judge instead can assume the worst set of facts a bankruptcy judge can conjure. I'm thinking those facts are probably pretty bad.

What are these "reasonable steps" that a company should take to prevent spoliation of electronic evidence by a rogue executive or employee? That remains unclear, although the court stated that Mesa could have and should have backed up all data on Mr. Murnane's laptop as soon as Hawaiian filed its complaint. Other thoughts:

  • Better safe than sorry: it's always a good idea to review the company's document retention policies and make sure they are comprehensive and up-to-date.
  • Talk with your IT folks about limiting the ability of individual users to delete data from the network server or to install software onto company machines. Consider a blanket policy that only your company's IT department can install software on company computers. 
  • Work with IT to ensure you have a system that reliably backs up the data on your network server on a regular basis. 
  • Once litigation is underway, just issuing a standard litigation hold and trusting others to comply is not enough.  Be actively involved in ensuring you preserve what you must preserve. 
  • Keep in mind the lesson from Hawaii: as soon as you are aware of litigation involving the company, make every effort to copy the hard drives of all computers - desktops, any and all laptops, even home computers that are used for business - used by all key and/or relevant employees as soon as is reasonably possible.

Read the opinion here.  And you can find further discussion here.  What happened to Murnane, you ask?