This Sidley Update addresses the following recent developments and court decisions involving e-discovery issues:
- an order from the U.S. District Court for the Northern District of California limiting a subpoena to Discord for electronically stored information (ESI) and declining to compel Discord to produce passwords and content for certain accounts, under 28 U.S.C. § 1782 and the Stored Communications Act (SCA)
- a decision from the U.S. District Court for the Middle District of Tennessee finding that an employer did not have an obligation to preserve ESI after an employee reported alleged harassment or filed an internal complaint and that the duty to preserve did not arise until the company received a charging document from the Equal Employment Opportunity Commission (EEOC)
- a ruling from the U.S. District Court for the Western District of Texas declining to compel a nonparty to produce metadata for a category of documents that the plaintiff sought for the purpose of selecting the documents she would request from the third party
- an opinion from the U.S. District Court for the Middle District of Florida requiring the plaintiff to return electronic devices to his employer so that the employer could preserve the ESI on them for purposes of litigation
In In re Path Network, Inc., No. 23-MC-80148-PHK, 2023 WL 8115045 (N.D. Cal. Nov. 22, 2023), U.S. Magistrate Judge Peter H. Kang considered the standards applicable to a subpoena for information related to certain Discord accounts, including password information, under 28 U.S.C. § 1782 and the SCA.
This action concerned a subpoena for ESI served on Discord, Inc. for aid in a Canadian litigation. The subpoena was served by the Plaintiffs in the Canadian litigation, which were two companies that provide “data, hosting, and cyber services to subscribers.” Id. at *1. The Defendants in the Canadian action consisted of Michael Gervais, a former employee of Plaintiffs, and several of Gervais’ alleged co-conspirators. Plaintiffs alleged that Gervais disclosed their confidential information to third parties as his employment was ending, made defamatory statements about Plaintiffs, and acted with the other defendants to help terminate Plaintiffs’ relationships with their clients.
Plaintiffs alleged that Defendants communicated among themselves over the electronic messaging application Discord under various usernames and also communicated with Plaintiffs’ employees to make a ransom demand for return of confidential information. Plaintiffs sought and received from the Canadian courts an order requiring Defendants to grant access to Defendants’ Discord accounts. Id. at *2. Plaintiffs secured many of Defendants’ devices, but Plaintiffs claimed that the accounts contained on these devices were locked behind passwords and Defendants did not effectively provide those passwords. Plaintiffs subsequently requested that Discord “preserve all messaging data” related to Defendants. Id. at *3. Discord responded that it “would not preserve the requested data unless legally obligated to do so,” which prompted Plaintiffs’ subpoena application under 28 U.S.C. § 1782 (“Section 1782”) in the Northern District of California for discovery in aid of a foreign proceeding.
In the California proceeding, Plaintiffs sought access to Defendants’ account data, login history, passwords, and message contents on the Discord platform, across Defendants’ various Discord accounts. Discord agreed to provide account data and login history but resisted turning over passwords and message contents. Ultimately, Magistrate Judge Kang granted Plaintiffs’ application as modified to exclude passwords and the message contents and ordered Plaintiffs and Discord to submit a revised subpoena to the court for approval. Id. at *18. He also agreed to the parties’ stipulated protective order, finding that there was good cause to protect the private messages of third parties, especially of minors, because Discord “is a messaging platform which is popular with young people playing online video games” and so “information, messages, and documents involving minors may be implicated (whether inadvertently or because the subpoena is broadly drafted) by the discovery sought.”
Magistrate Judge Kang began by analyzing Plaintiffs’ request under the requirements of Section 1782. Id. at *4. He noted that there were three statutory factors and four discretionary factors that required consideration. He held that the three statutory requirements were all satisfied. First, “the person from whom the discovery is sought ‘resides or is found’ in the district of the district court where the application is made” because Discord was headquartered in San Francisco, California. Second, “the discovery is ‘for use in a proceeding in a foreign or international tribunal’” because the discovery sought was in aid of a Canadian proceeding. Third, “the application is made by a foreign or international tribunal or ‘any interested person’” because Plaintiffs were interested parties in the underlying Canadian litigation. Id. at *4-6.
Magistrate Judge Kang also noted four discretionary factors that the court “considers ... in determining whether to authorize discovery requested” under the Supreme Court’s opinion in Intel Corp. v. Advanced Micro Devices, Inc., 542 U.S. 241 (2004): (A) whether the discovery target is a “participant” in the foreign proceeding, “(B) ‘the nature of the foreign tribunal, the character of the proceedings underway abroad, and the receptivity of the foreign government or the court or agency abroad to U.S. federal court judicial assistance,’” “(C) whether the request ‘conceals an attempt to circumvent foreign proof-gathering restrictions or other policies of a foreign country or the United States,’” and “(D) whether the request is ‘unduly intrusive or burdensome.’” Id. at *4 (quoting Intel, 542 U.S. at 264-65).
Magistrate Judge Kang held that the proposed discovery satisfied the first three discretionary factors. He held that the first factor was satisfied because Discord was not a party to the foreign proceeding such that the Canadian court could order Discord to comply, necessitating the subpoena in the California action. Id. at *6-7. He held that the second factor was satisfied because the Canadian courts had sought the kinds of discovery at issue in the subpoena. Id. at *7. He held that the third factor was satisfied because “the record of the proceedings in the Canadian lawsuit demonstrates that [Plaintiffs] pursued proof-gathering procedures in Canada extensively before filing the instant Application.”
However, Magistrate Judge Kang held that the fourth discretionary factor, “whether the request is ‘unduly intrusive or burdensome,’” counseled against disclosing passwords and personal information associated with Defendants. Id. at *4, 7. He found that the subpoena provided too little information to Discord to identify accounts or information associated with Defendants other than the accounts explicitly mentioned in the subpoena. Id. at *9. This was especially true because the subpoena mentioned the individuals by name and username only, but, other than those individuals, “it is unknown how many other persons among Discord’s worldwide customer base have the same or similar names” or usernames. Id. at *10. He thus found that the suggested subpoena as written would be overly burdensome and consequently was overbroad such that it was disproportionate to the needs of the case.
Magistrate Judge Kang therefore granted in part the application for leave to serve a subpoena and ordered Plaintiffs and Discord to meet and confer and produce a subpoena compliant with the court’s findings. Id. at *10, 18. But he noted that “[e]ven if [Plaintiffs] satisfy the Section 1782 requirements, the Court may not grant the application if granting the application would cause a violation of the Stored Communications Act.”
The SCA “prohibits electronic communication service providers from knowingly divulging to any person or entity the contents of a communication while in electronic storage by that service” unless that person or entity consented to that disclosure. Id. at *11 (internal quotation and alteration omitted). Magistrate Judge Kang found that Defendants’ account passwords were appropriately designated communication “contents” under the SCA and that Defendants had not consented to the disclosures at issue. Id. at *11-16.
Magistrate Judge Kang first turned to the issue of what comprised the “contents” of a communication under the SCA. Id. at *11. The SCA defines “content” as “any information concerning the substance, purport, or meaning of [a] communication.” Discord argued that passwords were “information concerning” the communications at issue. Magistrate Judge Kang agreed, noting that this was a question of first impression and considering the text of the applicable provisions of the SCA, its language and design, and its legislative history. Id. at *12. He noted that passwords were themselves information and “broadly ‘relate to’” the contents of the communications, and this information “controls a user’s access to the content or services that require the user to prove their identity” as the author of the contents of a message. Thus, Magistrate Judge Kang reasoned, the password communicates to the recipient of a communication that the communicator has at least “completed the process of authentication,” which itself was information concerning the communication. He further reasoned that any other rule would allow litigants to “circumvent the very purpose of the SCA,” as most stored electronic information is locked behind passwords, so individuals seeking information barred from disclosure under the SCA could “simply request[] that a service provider disclose the password for a user account” containing those communications, “ultimately vitiating the protections of the SCA.” Id. at *13. In Plaintiffs’ case, “[t]he only conceivable use for the passwords here is for [Plaintiffs] to access the requested accounts (such as ‘Archetype’) and view the contents of all electronically stored communications in those requested accounts.” Id. at *15.
Magistrate Judge Kang then moved to the consent prong of the analysis. Id. at *16. He noted that the SCA would not prohibit the disclosure of this information if the target consented. He held that Defendants had not consented, either explicitly or impliedly, to the disclosure of the content at issue. Id. at *15-16. Although Plaintiffs argued that Defendants’ relinquishment of their personal devices in the Canadian litigation constituted implied consent, Magistrate Judge Kang agreed that Defendants did so pursuant to Canadian court orders in which their objections were preserved, which did it not itself constitute implied consent. Id. at *16. Magistrate Judge Kang also found that Plaintiffs’ declaration documented numerous efforts to thwart compliance with the subpoena, which belied that it was consented to. Considering the disclosure restrictions under Section 1782 and the SCA, Magistrate Judge Kang held that the subpoena should be modified and thus ordered Plaintiffs and Discord to meet and confer to produce a subpoena compliant with the court’s findings. Id. at *18.
In Chatman v. TruGreen Limited Partnership, No. 22-cv-2705-TLP, 2023 WL 8284401 (M.D. Tenn. Nov. 30, 2023), Chief U.S. Magistrate Judge Tu M. Pham addressed when a company’s obligation to preserve evidence related to alleged harassment began in the context of an internal complaint that ultimately led to litigation.
In this employment discrimination and retaliation case under Title VII of the Civil Rights Act of 1964, Plaintiff alleged that she reported an incident of harassment on July 9, 2021, and that she was constructively terminated on July 23, 2021, after filing an internal human resources (HR) complaint. Id. at *1. Plaintiff submitted her original harassment report through EthicsPoint, Defendant’s system for facilitating and managing investigations of workplace concerns. Defendant’s senior HR director investigated the report, including by reviewing office surveillance footage that allegedly captured the incident. While the HR director placed his investigative materials into the EthicsPoint drive, Defendant claimed that he could not upload the surveillance footage because of “technical issues involving the size” of the video footage. Defendant had a 90-day video surveillance retention policy.
Defendant’s HR director determined that the evidence of harassment was inconclusive and, on or around July 15, 2021, informed Plaintiff of the decision not to take further action. Plaintiff claimed to have filed a charge of discrimination with the EEOC on August 11, 2021, but her EEOC charging document was signed December 4, 2021. The EEOC issued Plaintiff a “right to sue” letter on July 19, 2022, and she filed her complaint on October 14, 2022. During discovery, Plaintiff learned that Defendant did not retain the surveillance video, and Plaintiff later brought a motion for sanctions for spoliation of the video. Id. at *2.
Chief Magistrate Judge Pham began his analysis by describing the standards under Federal Rule of Civil Procedure 37(e) governing the burden of proof and available sanctions for a party’s failure to preserve relevant information, including ESI. He explained that under this rule, “if electronically stored information that should have been preserved in the anticipation or conduct of litigation is lost because a party failed to take reasonable steps to preserve it, and it cannot be restored or replaced through additional discovery,” a court could, upon finding prejudice to another party from loss of the information, order measures “no greater than necessary to cure the prejudice.” In addition, if the court finds that the spoliating party acted with the intent to deprive another party of the information’s use in the litigation, the court could order sanctions, including to (1) presume that the lost information was unfavorable to the party, (2) instruct the jury that it may or must presume the information was unfavorable to the party, or (3) dismiss the action or enter a default judgment.
Chief Magistrate Judge Pham explained that there are four initial requirements under Rule 37(e) that must be met before the court may consider imposing such sanctions: “(a) the existence of ESI of a type that should have been preserved; (b) ESI is lost; (c) the loss results from a party’s failure to take reasonable steps to preserve it; and (d) it cannot be restored or replaced through additional discovery.” He noted that the parties did not dispute that the video at issue was ESI or that it was lost.
But the parties disputed that Defendant had an obligation to preserve the video when it was lost, with Plaintiff arguing that either her internal HR complaint filed on July 23, 2021, or her EEOC charge allegedly filed on August 11, 2021, should have provided Defendant sufficient notice of relevant future litigation. Id. at *3.
Chief Magistrate Judge Pham explained that Rule 37(e) asks whether the loss was a result of a party’s failing to take reasonable measures to preserve it. The rule “does not create a duty to preserve ESI” but rather “recognizes the common-law duty to preserve relevant information when litigation is reasonably foreseeable.” He noted that the duty arises when a party “has notice that the evidence is relevant to litigation or ... should have known that the evidence may be relevant to future litigation.”
Chief Magistrate Judge Pham further explained that “[v]arious events may put a party on notice of litigation and trigger a duty to preserve,” including demand letters, preservation requests, threats of litigation, or a party’s decision to pursue a claim. But he noted that the duty “is not met by the theoretical possibility of litigation, which arises after almost every employment decision or business transaction.” Instead, it requires a “reason to believe that litigation was ‘probable’ when the evidence was destroyed.” Chief Magistrate Judge Pham noted that “[m]erely making an internal complaint is generally not sufficient to trigger the duty to preserve.”
Chief Magistrate Judge Pham found that Plaintiff’s HR report alone was insufficient to trigger Defendant’s duty to preserve. In particular, he noted that there was no evidence that Plaintiff threatened suit or that an attorney contacted the company on Plaintiff’s behalf at the time of Plaintiff’s HR report, during Defendant’s investigation, or immediately after its decision.
Chief Magistrate Judge Pham held that the duty to preserve attaches when the party receives actual notice of the EEOC charge, potentially as soon as the charge is filed. Here, the only EEOC charging document in the record indicated that Plaintiff signed the charge on December 4, 2021. Chief Magistrate Judge Pham concluded that this was “well beyond [Defendant’s] ninety-day surveillance video retention policy. Therefore, because Defendant was not given notice that the surveillance video was relevant to future litigation in the ninety days following the July 9, 2021 incident, it did not have a duty to preserve it during and up to the end of that time.”
In Pinn v. Consumer Credit Counseling Foundation, Inc., No. 1:23-mc-0974-DII, 2023 WL 7288745 (W.D. Tex. Nov. 3, 2023), U.S. Magistrate Judge Susan Hightower addressed whether Plaintiff could compel a third party to produce metadata for a category of documents to allow Plaintiff to select the documents she would then request the third party to produce.
Plaintiff filed a putative class action alleging that Defendants violated the Telephone Consumer Protection Act, 47 U.S.C. § 227, by calling her home telephone number in April 2022. Id. at *1. Defendants claimed that Plaintiff consented to the calls when she visited the website healthinstantly.org and entered her name and phone number.
During discovery, one Defendant provided Plaintiff with a link from trustedform.com, a website operated by a company called ActiveProspect that installs a proprietary computer script on websites to record a user’s interactions with that website. ActiveProspect claims that these recordings, called certificates, can be preserved and replayed on demand, verifying that a consumer consented to a particular action. The TrustedForm certificates allegedly authenticate the recordings of the consent and allow the certificates to be sold as marketing leads. The link to a certificate produced to Plaintiff during discovery purported to be a recording of Plaintiff visiting healthinstantly.org in February 2022. Plaintiff denied that she consented to the calls and asserted that her alleged consent and the TrustedForm certificate were inauthentic or fraudulent.
Plaintiff served a subpoena on ActiveProspect seeking (1) customer account information for the ActiveProspect accounts that claimed Plaintiff’s TrustedForm certificate and (2) TrustedForm certificates claimed by certain other parties. Id. at *2. Plaintiff also sought to have ActiveProspect produce all metadata from some 590,000 other certificates to allow Plaintiff to sample and select a smaller number of actual certificates for production.
ActiveProspect objected to Plaintiff’s subpoena requests on the grounds that they were irrelevant, disproportionate to the needs of the case, and unduly burdensome. In particular, ActiveProspect stated that it had produced documents regarding Plaintiff’s TrustedForm certificates but that the remaining certificates would comprise roughly a million documents. In response, Plaintiff argued that she was not seeking the actual TrustedForm certificates but only the metadata for the approximately 590,000 certificates, which had already been compiled, so that she could have a “a representative sample” of certificate metadata (and, ultimately, the corresponding certificates) to adequately challenge the authenticity of the certificate produced for Plaintiff.
Magistrate Judge Hightower began her analysis with a brief description of the legal standard under Federal Rules of Civil Procedure 26 and 45. She explained that under Rule 26(b)(1), the scope of permissible discovery is broad, and a party “may obtain discovery regarding any nonprivileged matter that is relevant to any party’s claim or defense and proportional to the needs of the case.” A discovery request is relevant “when the request seeks admissible evidence or is reasonably calculated to lead to the discovery of admissible evidence.” She further explained that under Rule 45(d)(3)(A), a court is required to quash a subpoena if it requires disclosure of privileged or protected information or subjects a person, including a non-party, to an undue burden. Id. at *3.
Applying these standards, Magistrate Judge Hightower denied Plaintiff’s motion to compel. She found that, notwithstanding the broad scope of permissible discovery, information must be relevant to a party’s claim or defense or appear reasonably calculated to lead to discovery of admissible evidence before the court could require production. Magistrate Judge Hightower agreed with ActiveProspect that Plaintiff’s requests were facially overbroad, unduly burdensome, and disproportionate to the underlying litigation because ActiveProspect had already provided documents and declarations relevant to Plaintiff’s own alleged consent certificate. Magistrate Judge Hightower declined to compel ActiveProspect, as a third party to the underlying litigation, to produce metadata for hundreds of thousands of additional documents merely so that Plaintiff could select “a representative sample” of comparator certificates.
In Wegman v. United States Specialty Sports Association, Inc., No. 23-cv-1637-RBD-RMN, 2023 WL 8599972 (M.D. Fla. Dec. 12, 2023), U.S. Magistrate Judge Robert M. Norway addressed a motion regarding the ownership and return of several electronic devices containing information relevant to the litigation in the context of the parties’ respective obligations to preserve evidence on the devices.
Plaintiff, who was on administrative leave from his position as Defendant’s chief executive officer, had retained several electronic devices containing evidence relevant to the litigation when he was placed on leave. Defendant sought an order requiring Plaintiff to return and refrain from copying those devices.
Magistrate Judge Norway first noted a report from Defendant’s counsel that he had sought to confer with counsel for Plaintiff about this dispute several times without success. Id. at *1 n.1. Magistrate Judge Norway reminded the parties that they were required to promptly respond to requests for a meet-and-confer conference from opposing parties and that “a response that occurs more than two business days after a request is not ‘prompt.’” He noted that he would impose sanctions in the future against counsel who do not respond promptly to requests for a conference.
Turning to the merits of the dispute, Magistrate Judge Norway first addressed the issue of ownership. Citing to Defendant’s employee handbook stating that all technology provided by Defendant, “including computer systems, communication networks, Association related work records and other information stored electronically,” was the property of Defendant and not its employees, Magistrate Judge Norway noted that Plaintiff had conceded the devices were Defendant’s property. For this and other reasons, Magistrate Judge Norway had previously denied a motion filed by Plaintiff seeking a court order authorizing him to create forensic copies of the devices before returning them to Defendant.
Magistrate Judge Norway next explained that under Federal Rule of Civil Procedure 37(e), all persons who anticipate or are parties to litigation have a duty to locate, retain, and preserve potentially relevant evidence, including ESI. Both parties acknowledged that they had an obligation to preserve evidence contained on the devices, and Defendant stated that it intended to make forensic copies of the devices once they were returned so it could comply with its preservation obligations. Magistrate Judge Norway found that Plaintiff’s retention of the devices prevented the organization from fulfilling its duty to preserve evidence, thereby prejudicing the Defendant.
Magistrate Judge Norway found that Defendant was also prejudiced by Plaintiff’s failure to return the devices because the devices contained evidence “that the organization needs to determine what [Plaintiff] knows, when he learned about it, what he did about it, and who was involved.” Citing to the Sedona Conference Commentary on Legal Holds, among other sources, Magistrate Judge Norway explained that “[o]rganizations know what their employees know,” and their knowledge is imputed to an organization in the context of the duty to preserve evidence. Because Plaintiff was once Defendant’s chief executive officer but was now on administrative leave, Magistrate Judge Norway found that the devices contained evidence of his knowledge.
Magistrate Judge Norway ultimately found that Plaintiff’s failure to return Defendant’s devices “frustrates the organization’s collection efforts, stymies its investigation into the events that form the basis of Plaintiffs’ claims, and thwarts the preparation of the organization’s defenses.” Id. at *2. Accordingly, Magistrate Judge Norway ordered Plaintiff to return all electronic devices provided to him by Defendant and further ordered that Plaintiff “not access, copy, or otherwise tamper with any [ESI] contained on the devices.” Finally, Magistrate Judge Norway awarded Defendant reasonable expenses and ordered the parties to confer regarding the expenses that Defendant “necessarily incurred prosecuting the motion.”
Sidley Austin LLP provides this information as a service to clients and other friends for educational purposes only. It should not be construed or relied on as legal advice or to create a lawyer-client relationship.
Attorney Advertising - For purposes of compliance with New York State Bar rules, our headquarters are Sidley Austin LLP, 787 Seventh Avenue, New York, NY 10019, 212.839.5300; One South Dearborn, Chicago, IL 60603, 312.853.7000; and 1501 K Street, N.W., Washington, D.C. 20005, 202.736.8000.