Case Summary: Phillip M. Adams & Assocs., On Spoliation and Info. Management

Phillip M. Adams & Assocs., L.L.C. v. Dell, Inc., 2009 U.S. Dist. LEXIS 26964 (D. Utah Mar. 27, 2009)

FACTS: Plaintiffs, and requesting party, Philip M. Adams & Associates, alleged infringement of their patents for technology that detected and resolved defects in the most widely used floppy disk controller, thus preventing data from being destroyed. The patents in question were purportedly assigned to plaintiffs by the original inventor. FDC-related defects gave rise to multiple lawsuits, culminating with the settlement of a class action suit against Toshiba in October of 1999.
Requesting party accused producing party of spoliation, as stated in the opinion:

…first, that ASUS has illegally used Adams’ patented software; and second, that ASUS has destroyed evidence of that use. The first assertion is identical to the liability issue in this case. The second assertion is premised on the first: Assuming ASUS used Adams’ software, ASUS’ failure to produce evidence of that use is sanctionable spoliation. Adams has no direct proof of destruction of evidence but is inferring destruction or withholding of evidence. Since Adams is convinced that ASUS infringed, Adams is also convinced that failure to produce evidence of infringement is sanctionable.

Issues we examine:

1. When did the producing party’s duty to preserve attach?
2. How does the Safe Harbor provision (FRCP 37(e)) factor into the determination of sanctions in this case?
3. What role does producing party’s information management system play in the sanctions calculus?
4. How does the producing party’s lack of produced data on certain subjects in the aggregate balanced against the absence of specific evidence of wrong-doing by requesting party?

Issue 1: Court’s reasoning:
Producing party acknowledges receiving a letter from requesting party’s counsel asserting infringement on February 23, 2005. It does not acknowledge receiving an earlier letter dated October 4, 2004. Thus, Producing Party dates the beginning of its duty to preserve from the date of the February letter, and states that it has complied with that duty from that time forward. Producing party takes the position that a delay in giving notice and bringing suit by requesting party is the reason for the lack of available data from the years 2000 and 2001.
The court noted that both parties agreed that “a litigant’s duty to preserve evidence arises when ‘he knows or should know [it] is relevant to imminent or ongoing litigation.’” The court acknowledged the producing party’s stance that this trigger occurred upon receiving counsel’s letter, but stated that this was “not the inviolable benchmark.” The court cited 103 Investors I, L.P. v. Square D Co., 470 F.3d 985 (10th Cir. 2006) to buttress its argument.
In 103 Investors, the defendant disposed of 50 to 60 feet of “busway” material after a fire had occurred, destroying all but four feet of the busway, and eliminating any of the busway that should have contained a warning label. The court concluded that in that instance, the defendant should have known that litigation was imminent, although the material had been disposed of long before the complaint was filed.
The court described the history of this defect. In 1999 Toshiba paid a large sum to settle a class action related to the floppy drive error in play in the instant matter. That same year, a class action suit was filed against HP for the same defect. In 2000, producing party was working on correcting the issue. Sony became embroiled in a class action in 2000. The court stated that the industry had (or should have become) “sensitized” to the possibility of litigation on this issue.

It appears that this extends the duty to preserve, which is already among the more difficult and costly issues in e-discovery today. By extending the duty’s trigger to occur prior to any direct or specific action against defendants, the court is asking too much of any IT department. It may be that the lack of documents produced by the defendants (this is discussed below) puts the court in the position of trying to fashion a rationale for punishment. But taken literally, the effects of the opinion could set a difficult, perhaps impossible, standards for compliance with the duty.

Issue 2: Safe Harbor?

The court, to the dismay of many commentators, dismisses the effects of the safe harbor provision in FRCP 37(e). Ralph Losey claims the court “mines” the rule into oblivion. I think what is in play here is that the court feels that the producing party would use Safe Harbor as a rationale for not producing data that it should have. Nevertheless, Safe Harbor’s reach, already attenuated, appears to weaken further in this opinion.

Issue 3: What role does producing party’s information management system play in the sanctions calculus?
The court comes down hard on the IG practices of the producing party. It stated that the system’s architecture, possessed of questionable reliability, should not be excused, though it evolved, rather than was deliberately designed to operate as it does. The result is that it operated to deprive the requesting party of access to evidence.
Traits of this system are described thusly:
[Producing Party] extensively describes its email management and storage practices, to explain the nearly complete absence of emails related to the subject of this litigation.

First, [Producing Party] says its email servers are not designed for archival purposes, and employees are instructed to locally preserve any emails of long term value.

[Producing Party] employees send and receive email via company email servers.

Storage on [Producing Party's] email servers is limited, and the company directs employees to download those emails they deem important or necessary to perform their job function from the company email server to their individual company issued computer.

[Producing Party] informs its employees that any email not downloaded to an employee’s computer are automatically overwritten to make room for additional email storage on ASUSTeK ’s servers.

It is [Producing Party's] routine practice that its employees download to their individual computer those emails the employee deems important or necessary to perform his or her job function or comply with legal or statutory obligations.

Second, ASUS employee computers are periodically replaced, at which time ASUS places all archiving responsibility for email and other documents on its employees. During the course of their employment, ASUSTeK employees return their individual company issued computers in exchange for newer replacement computers.

40. The hard drives of all computers returned to or exchanged with the company are formatted to erase all electronic information stored on these computers before they are recycled, reused or given to charity.

41. During a computer exchange, it is [Producing Party's] practice to direct its employees to download those emails and electronic documents from the employee’s individual computer to the employee’s newly issued computer that the employee deems important or necessary to perform his or her job function or comply with legal or statutory obligations.

The court stated that descriptions these data management practices may explain why relevant e-mails were not produced, but it did not establish the Producing Party’s good faith in managing its data. It calls the information management practices of the producing party “questionable” and that although an organization may design its systems to suit its business purposes, the information management practices are still accountable to such third parties as adversaries in litigation. The court opines that: “[a] court – and more importantly, a litigant – is not required to simply accept whatever information management practices a party may have. A practice may be unreasonable, given responsibilities to third parties.

Furthermore, while the court accepts that the Producing Party’s system “evolved” rather than was purposefully designed with the goal of hiding data needed for litigation, it nevertheless quoted the Sedona Conference: “An organization should have reasonable policies and procedures for managing its information and records.”

Finally, the court took aim at the practice of allowing individual users to drive retention practices, when it stated: “[Producing Party's]‘ practices invite the abuse of rights of others, because the practices tend toward loss of data. The practices place operations-level employees in the position of deciding what information is relevant to the enterprise and its data retention needs.”

Issue 4: How does the producing party’s lack of produced data on certain subjects in the aggregate balanced against the absence of specific evidence of wrong-doing by requesting party?

Producing Party turned over executable files of their own invention, but failed to surrender the source code for those executables. They also failed to produce other relevant executables and related source code, or “a single document” relating to the development of the applications under scrutiny. The court expressed concern over the absence of certain types of documents from the production:

[Producing Party's] only response is that it has produced a large volume of documents. That may be the case; but, it has not produced the most critical documents – those that relate to its misappropriation, its copying, and its willful behavior. The only conclusion after all this time is that [Producing Party] has destroyed critical evidence that it simply cannot show did not exist.

By this expression, the court adopted Requesting Party’s argument that Producing Party had “’spoliated the most critical evidence in this case, e.g., test programs and related source code’ “[S]ince [Producing Party] has not produced it, the only conclusion is that [they have destroyed it."

The court also noted, in its analysis of Producing Party's objection to the admissibility of data produced by third parties on grounds of authentication, that the Producing Party, while claiming "a near total absence of evidence...[sought] to eliminate the only evidence available. The court concluded that such tactics should not prevail to “prevent consideration of the best evidence available.”

Requesting Party listed types of documentation that they would expect Producing Party to possess, but never received during production. Communications and documentation from outside sources contributed to a suspicion that such documentation once existed. Indeed, as the court examines the Producing Party’s duty to preserve, it leads off by stating: “[t]he universe of materials we are missing is very large. Indisputably, we have very little evidence compared to what would be expected.”

In dismissing arguments that destruction of the data in question was covered by the “Safe Harbor” provision under FRCP 37(e), the court stated: “[o]ther than the patent application and the executable file, it does not appear [Producing Party] has produced any significant tangible discovery on the topics where information is conspicuously lacking.”

Ultimately the court found that Producing Party had breached its duty to preserve relevant data. It appears from the information above that the dearth of critical documentation from the Defendant’s productions was a significant contributor to the ruling, but the court does not explain the weight to which it assigned this as an element in its ruling.

The difference between an archive and a backup

Computer Technology Review has posted an article describing the effect of the FRCP on business and corporate IT departments. The article contains the now familiar refrain to proactively manage your digital resources. One nice blurb, though, discusses the difference between archives and back-ups:

This underscores the difference between an archive and a backup system. An archive in today’s regulatory and litigation preparedness sense is an actively managed set of information kept as a business record when needed and disposed of when not. Backups on the other hand are designed for near term disaster recovery and not long term preservation. But many companies have suspended the rotation of their backup media, sometimes for years, because of a fear of sanctions or even bad press resulting from the improper deletion of this potentially discoverable data. What should have been a disaster recovery mechanism is now functioning as a very inefficient archive of all historical information. This becomes magnified as companies inherit backup media through merger and acquisition. In many instances the current IT staff has no idea what data exists upon those tapes.

On a New British Standard for Storing Data to be Used as Evidence

The Register reports that the national standards body of the U.K., the BSI Group, has formulated a new standard for storing data properly for “maximizing” the weight of data presented in court. The standard deals with the manner in which evidence is stored.
From the article:

By complying with BS 10008, “it is anticipated that the evidential weight of electronic information transferred to and/or managed by a corporate body will be maximised,” said national standards body BSI British Standards.

The Standard is called Evidential weight and legal admissibility of electronic information – Specification. It sets out the requirements for the implementation and operation of electronic information management systems, including the storage and transfer of information, and addresses issues relating to authenticity and integrity of information.

Legal admissibility concerns whether or not a piece of evidence would be accepted by a court of law. To ensure admissibility, information must be managed by a secure system throughout its lifetime, which can be for many years. Where doubt can be placed on the information, the evidential weight may be reduced, potentially harming the legal case.

From the BSI Group’s description:

What does the standard include?

* The management of electronic information over long periods, including through technology changes, where information integrity is vital
* How to manage the various risks associated with electronic information
* How to demonstrate the authenticity of electronic information
* The management of quality issues related to document scanning processes
* The provision of a full life history of an electronic object throughout its life
* Electronic transfer of information from one computer system to another
* Covers policies, security issues, procedures, technology requirements and auditability of electronic document management systems (EDMS).

Blogging LegalTech West 2008: Litigation Holds

The second, and for me last, presentation of the day was “Ready…Set…Preserve: Navigating the Legal Hold Process and Technology. The panel consisted of Patrick Oot of Verizon, Kraft’s Chief Counsel Theodore Banks, and American Electric Power’s Kamal Kamara.

The rule of thumb that triggers a legal hold is (say it with me class), the date when litigation may be reasonably anticipated. The very last date that can be justified for the issuance of a legal hold is the date the complaint is actually filed. The first step to implementing a legal hold is to determine the identity of the key players. However, before the hold is even necessary, some preemptive actions should have been addressed. Litigation readiness best practices suggest that record management training for all employees is important. These rules apply:

1. The guidelines employees study must be related to their jobs.
2. Information on how to comply with relevant policies should be easy to find. They should have access to manuals, or intranet web sites with the necessary guidelines.
3. Training should be consistent, and reinforced periodically.

The purpose of the legal hold is to stop destruction of potentially responsive information, identify that data, and save it. Employees should understand the consequences of failing to comply, and where to get help when they have questions.

Mr. Banks explained that for Kraft, the legal hold was triggered later than would be appropriate for some others, because of the nature of the complaints his company confronted, and the design of its information system. Much of the data needed was historical information that was preserved anyway, often for reasons of compliance with federal retention laws.

Mr. Kamara described his company’s home-built lit hold solution as being similar to e-vite. All three companies used custom built solutions rather than “off the shelf” products.

Some important points: acknowledgment by recipients is an essential component to a lit hold system; audit trails and the availability of reports is important.

I enjoyed this presentation more than the previous session. The panelists were good, but I also got to see screenshots of various systems, which I found interesting. The next step now is to see how technology can be used not only to issue notice of a hold, but to also take action to prevent actual destruction of information.

Blogging LegalTech West 2008: Building an e-discovery task force

As mentioned in the previous post, there were three main tracks of courses to choose from. My associates and I glanced over them to divide the subject matter up between us, and I ended up on the “Corporate Perspectives” track, which suited me.

What was less than satisfying was that the first event was a panel discussion centered on building an E-Discovery task force inside the company. Not a particularly interesting topic for me; not because it’s unimportant, but rather because I have already attended a number of similar presentations, read much of the literature on it, written about it in my own papers, and dealt with the subject extensively in my own work. So it’s “old hat” to me, as they say.

Nevertheless, a colleague of mine and I found good seats and settled in. The panel consisted of Kroll Ontrack’s Linda Sharp (who acted as moderator), Cynthia Nichols from Taco Bell Corp., Michael Kelleher of Folger Levin & Kahn LLP, and Joel Vogel o Paul, Hastings, Janofsky & Walker LLP.

Most of the information presented was standard, and no new ground was covered (at least for me), however, it was well-done and all panelists contributed significantly to the discussion. No new ground was covered, but in all likelihood, the needs of the target audience were met.

The meeting began with a discussion outlining the need for the proactive implementation of pre-litigation measures to deal with issues presented by in the era of “ESI.” With Ms. Sharp leading the way, it was noted that 50% of corporate America has no policiy with respect to managing ESI, and 75% feel they lose time due to inefficient or non-existent ESI policies.

The panel then turned to the question of what elements and constituencies should comprise an E-Discovery team? Depending upon the size and internal structure of the company, the panel listed the following possibilities:

• Corporate Counsel
• IT
• Human Resources
• Records Management
• Corporate Security
• Trial Counsel
• Discovery Counsel
• Outside Vendor(s)

Obviously, the nature of the matters that confront any particular corporation, and the relationship the company has with outside law firms and vendors are factors in building the right team.

The discussion then moved the task force’s need to educate themselves on their company’s data infrastructure. Questions the task force should address are: where does company data reside? How is it maintained? How is it accessed, and by whom? When (and how) is it destroyed? Here, some recommended that a systems information directory be generated and maintained by the team. Others argued maintaining the document was inefficient, and that this could best be addressed by updates as needed (i.e., as new legal matters arise). I tend to lean toward maintenance on a regular basis, although I can see some situations in which the contrary view would be a better fit.

The discussion then looked at Discovery Response Checklists, and what elements should constitute it. Some of these items included: the issuance of hold statements, discontinuing data destruction and back-up tape recycling policies; and handling e-mail archiving.

Overall, a fairly pedestrian, but useful presentation. The panelists were articulate and knowledgeable, and laid out the issues in an organized and effective manner. If you’re interested in the subject, and other ideas for proactive measures, one article that I liked on the issue is:., Renee T. Lawson, Taming the Beast—Implementation of Effective Best Practices for Electronic Data Discovery, 747 PLI/LIT 305, (Oct-Dec 2006).

Return to sender…please

The International Herald Tribune has posted an article discussing the fact that e-mails don’t always reach their destinations…and the sender isn’t always notified:

The basic Internet e-mail standard – SMTP, or simple mail transport protocol – has always provided for the destination server to send back an error message if the original message cannot be delivered. If no error message comes back, however, can the originating server assume that the message arrived, safe and sound? Not necessarily. A misconfigured server anywhere in the path between sender and recipient can miscarry the message.

The problem that leads to the loss of a message can also prevent the sender from receiving a report of failed delivery. In such instances, e-mail disappears into the ether.

Assuming a message sent is received is dangerous. In a case, if you’re trying to prove communication, retrieve the recipient’s inbox.

Case Blurb: Creative Pipe; Not all keyword searches are created equal

While it is known that [Producing Party] and [Producing Party's attorneys] selected the keywords, nothing is known from the affidavits provided to the court regarding their qualifications for designing a search and information retrieval strategy that could be expected to produce an effective and reliable privilege review. As will be discussed, while it is universally acknowledged that keyword searches are useful tools for search and retrieval of ESI, all keyword searches are not created equal; and there is a growing body of literature that highlights the risks associated with conducting an unreliable or inadequate keyword search or relying exclusively on such searches for privilege review. Additionally, the Defendants do not assert that any sampling was done of the text searchable ESI files that were determined not to contain privileged information on the basis of the keyword search to see if the search results were reliable. Common sense suggests that even a properly designed and executed keyword search may prove to be over-inclusive or under-inclusive, resulting in the identification of documents as privileged which are not, and non-privileged which, in fact, are. The only prudent way to test the reliability of the keyword search is to perform some appropriate sampling of the documents determined to be privileged and those determined not to be in order to arrive at a comfort level that the categories are neither over-inclusive nor under-inclusive resulting in the identification of documents as privileged which are not, and non-privileged which, in fact, are. The only prudent way to test the reliability of the keyword search is to perform some appropriate sampling of the documents determined to be privileged and those determined not to be in order to arrive at a comfort level that the categories are neither over-inclusive nor under-inclusive.

Victor Stanley, Inc. v. Creative Pipe, Inc., 2008 WL 2221841 (D.Md. May 29, 2008 )

Trends in E-Discovery Point to Bad News for the Unprepared

E-discovery should be the thing which causes IT departments to break out their cub scout books and remember what it means to “be prepared.” A recent article posted by the Wisconsin Technology Network discusses the meanings of emerging trends in electronic discovery:

A CIO who is on top of things will have frequent meetings with staff attorneys, review e-discovery processes, and map out what the organization’s infrastructure looks like – essentially knowing where data “lives” so the organization can react to litigation. The number of hours spent on e-discovery is growing, but the time investment depends largely on a company’s litigation profile.

This will sound familiar to frequent readers. The article notes some general trends:

Even for complacent companies, Phelps said e-discovery case law is providing more answers in three specific areas: litigation holds, obligations to preserve data, and the determination of what information is reasonably accessible.

Of course, sometimes the guidance is conflicting and ambiguous, but what is clear is that indifference to the rules won’t be excused by courts.

Why it’s best to be proactive

Two articles (ht: EDD Blog Online) I’ve just read illustrate the need for corporate legal and IT departments to be proactive with respect to the effects of litigation on everyday IT decisions. Mark Apicello has penned an article that suggests your lawyer accompany you when you buy storage hardware:

[Choosing hardware] used to be relatively simple: Research your requirements; conduct a critical analysis of how your current infrastructure meets those needs; and then make Draconian decisions on what to toss, what to buy, and what can be reasonably integrated with new systems.

And when it came to requirements, they traditionally boiled down to balancing capacity and speed. Thanks in large part to regulations such as the FRCP (Federal Rules of Civil Procedures), however, that is no longer the case. These days, choosing a storage system without knowing your company’s legal obligations can cost you dearly.

Hmmm. Considering how well attorneys and technology mix, this thought seems unlikely to make the typical IT pro’s day.

A second article, suggests that IT will be blamed if something goes wrong during e-discovery:

In a survey conducted by Canvasse Opinion among in-house legal departments at 200 of the Fortune 500 companies, 18 percent of the attorneys said that IT has primary responsibility for the development of an ESI [Electronic Storage Information], aka e-discovery, strategy/policy within their organization.

Let me add that FRCP covers only litigation. Government regulations and ensuing investigations would more than likely make an even greater demand on e-discovery than the new Federal Rules, according to Kristin Nimsger, Kroll Ontrack president, the company for whom the survey was conducted.

Okay, well 18 percent is far from a consensus, but this will nevertheless irritate those in IT. Ultimately, the lesson that should be gleaned, is that corporations need to address the issue before major disputes erupt. Being proactive is the key. And, as Ralph Losey might suggest in one of his well-written articles, obtaining a bit of technical competence might not be a bad place to start:

[P]laintiff’s position was basically that since the email was not reasonably accessible to plaintiff’s counsel, it did not have to be produced. After all, he argued, there could be privileged materials in there. Apparently it never occurred to him to hire someone with technical competence to open and read the emails for him.

The court doesn’t usually buy incompetence, and such an argument might very well establish an attorney’s violation of Model Rules requiring diligent and competent representation. Be careful there, buddy.

Again…e-discovery is part of every-day litigation. Follow the example of the Boy Scouts, and be prepared.

Dealing with Search Criteria

A recent post of ours cautioned readers to be careful on formulating, and to use some method of verifying, their initial assumptions. We refer to initial assumptions with respect to EDD as assumptions on keywords, effective date ranges, and data sources that must be preserved for an electronic discovery project.
Law.com has posted an article discussing keyword searches, and calls attention to one danger of not carefully considering the formulation of search criteria:

The results of a recent e-discovery keyword search should have come as no surprise. Working on a case related to a specific transaction, the attorneys requested production of all documents containing the word “buy.” Despite being cautioned against this broad search, they were reluctant to heed the warnings, and many unrelated documents were incorrectly deemed responsive. Unfortunately, it takes a $750,000 mistake like this one for some people to understand the benefits of using a strategic approach to keyword selection.

If this had been my project…well, never mind. As I have said repeatedly, it is essential for the initial assumptions used in extracting data for review to be thoroughly vetted, because the filter ultimately determines what documents the reviewer sees. Searches that are too broad cost time and money. Searches that are too narrow will miss vital data, and could cost the client even more in the long term (by skipping over helpful information or by landing them in hot water with the judge). The importance of the process of building a verifying a list should not be underestimated.

That said, keywords are not the panacea. New technologies, using concept-based ontologies and techniques continue to evolve, and will move us beyond the era of the boolean keyword search.