Utah Court Mines Safe Harbor Rule 37(e) Into Oblivion – Part One

sea minesA new opinion by a Magistrate Judge in Utah on Rule 37(e) FRCP will, unless reversed on appeal to the District Court Judge, endanger litigants for years to come. Phillip M. Adams & Associates, L.L.C., v. Dell, Inc., 2009 WL 910801 (D.Utah March 30, 2009). Two Taiwanese companies (ASUS) in this patent infringement case were sanctioned for spoliation because they did not implement a litigation hold and start preserving email in 1999. What makes this ruling so mind boggling is that the plaintiff did not even determine that it might have a claim against ASUS until 2005, did not send a demand letter until 2006, and did not sue ASUS until 2007. 

The Magistrate Judge’s opinion held that the duty arose in 1999 because there was a known industry “issue” concerning defects in the controllers of “floppy disks.” The facts in Phillip M. Adams somehow justified this strange ruling in the judge’s mind (not mine). The judge figured that ASUS, who were computer board manufacturers, should have assumed they might be embroiled in a floppy controller controversy some day and be sued. For that reason, he held that they should have implemented a litigation hold back in 1999 to prevent employees from destroying their email and other ESI. In other words, ASUS should have anticipated litigation five years before the plaintiff did, and because they failed to do so, they should now face case-terminating spoliation sanctions.

mine-explosionThis vague, hair-trigger standard effectively mines safe harbor Rule 37(e) into oblivion. If not reversed, or worse, if actually followed by other courts, this ruling would chill all companies from ever deleting email anytime there is a controversy in their industry, which is, after all, pretty much continuous in most industries. It is hard to understand why the judge in Phillip M. Adams made such a ruling, but I have a theory that I will explain at the end of this blog.

In Phillip M. Adams, ASUS preserved ESI after the pre-suit demand letter in 2005, but not before. ASUS claimed that their employees’ pre-notice destruction of ESI from 1999 to 2005 was in accord with their routine practices. ASUS thus claimed protection from sanctions for spoliation under Rule 37(e). The Utah District Court disagreed and imposed sanctions, the exact nature of which have yet to be determined, but could include a default or adverse inference instruction.  

The Maxxam Redwood Tree Case

redwoodsPhillip M. Adams contrasts sharply with a recent Qui Tam fraud case involving a company notorious in California for chopping down Redwood trees. U.S. v. Maxxam, Inc., 2009 WL 817264 (N.D.Cal. March 27, 2009). In Maxxam, the California court refused to impose spoliation sanctions for chopping up hundreds of backup tapes and other ESI before suit was filed. Sanctions were denied because it was shown that the destruction of ESI was routine. Tapes were thrown in a dumpster as part of a move in offices because they were no longer needed. Other missing ESI was deleted as part of everyday activities. Id. at *11. This was in accord with their “general practice … to discard material that no longer had a business value.” Id. at *3. Interestingly, although the reasoning of Rule 37(e) was employed, there is no mention of the rule itself.

redwood-forestPlaintiffs’ tried to persuade the court in Maxxam to find that a duty to preserve arose in 1999 or 2002 based on Maxxam’s involvement in other prior litigation. The instant case by the Qui Tam plaintiff Relators for the U.S. was not filed until December 7, 2006. The California court determined that the evidence destroyed was not at issue in the earlier Maxxam litigation and so did not trigger a duty to preserve. The trigger date eventually selected by the court was, however, pre-filing, January 2006. It is also important to note that the duty was triggered by knowledge of Maxxam’s attorneys, not the corporation itself. Id. at *13. That new twist of the trigger could come back to bite another party some day.

The Qui Tam plaintiff Relators for the U.S. failed to satisfy their burden of proof that the destruction of evidence occurred after the trigger date and so the sanction motion was denied. By the way, this case settled for $4,000,000 on April 28, 2009, after two days of a two week jury trail. I dare say the settlement would have been much, much higher had the plaintiffs obtained the adverse inference instruction they sought in the spoliation motion.

Rule 37(e)

Although Rule 37(e) was not mentioned in Maxxam, it should have been, since it was designed to address this kind of situation. It is a new rule enacted in December 2006, intended to provide a safe harbor from sanctions for destruction of ESI when the destruction is done according to usual “routine good faith computer operations.” Here is the exact wording of the rule, which, by the way, was originally numbered 37(f) when enacted, but later renumbered 37(e):

(e) Electronically stored information. Absent exceptional circumstances, a court may not impose sanctions under these rules on a party for failing to provide electronically stored information lost as a result of the routine, good faith operation of an electronic information system.

The rule commentary and prior case law make clear that the “good faith” requirement means that the destruction took place before a duty to preserve has been triggered. The preservation duty is either triggered by service of process or earlier by “notice of a ‘credible threat’ of litigation.” The Sedona Conference Commentary on Legal Holds: The Trigger & The Process (August 2007 Public Comment Version) Guideline One.  When you have such notice, you are obligated to suspend your routine destruction of electronic information. You are supposed to implement a litigation hold. If you do not, then any subsequent destruction is not made in good faith and you lose the protection from sanctions provided by the rule. Disability Rights Council of Greater Wash. v. Wash. Metro. Area Transit Auth., 2007 WL 1585452 (D.D.C. June 1, 2007).  

ship sinkingIn Phillip M. Adams, the court held that in 1999 ASUS should have known that they would be sued someday about the floppy controller controversy and so they should have implemented a litigation hold at that time. They also should have continued to keep the litigation hold in place for eight years until they were finally sued.

According to the Magistrate in Phillip M. Adams, ASUS should have changed their retention policies and required everyone involved with floppy controller software to save all of their email just in case a plaintiff might need that email someday to prove a case against them. ASUS should have implemented a hold in 1999, even though they were not in fact sued until 2007 and not notified until 2005. In fact, the plaintiff did not even know they had a claim against ASUS until 2004. So, apparently the defendants should have known their was a credible threat of being sued by the plaintiff even before the plaintiff knew it might have a claim. This is obviously bad law, and on one level even seems nonsensical. What would cause an otherwise excellent federal magistrate to make such a ruling? 

No Safe Harbor Without Proof of Reasonable Information Management Policies

I have a theory, but before I go there, I have to tell you that the bad law in Phillip M. Adams gets even worse. The Magistrate Judge here also held that ASUS’ information management practices were unreasonable. That is another reason he disallowed protection under Rule 37(e). The retention policies were unreasonable because they allowed every individual ASUS employee to make their own decisions on what email to save and what to delete, excluding only certain types of records that the law required be saved for specified minimum time periods. Here is the judge’s description of their policies: 

ASUS has explained that it has no centralized storage of electronic documents, email or otherwise, and relies on individual employees to archive email (which will be deleted if left on the server) and electronic documents (which reside only on individual workstations). 

Phillip M. Adams & Associates, L.L.C., v. Dell, Inc., supra at *10.

The court found this kind of decentralized records management system to be unreasonable. The judge did so without any expert testimony on the issue. Instead, the Court cited to Guideline One of The Sedona Guidelines: Best Practice Guidelines & Commentary for Managing Information & Records in the Electronic Age (November 2007), which states: An organization should have reasonable policies and procedures for managing its information and records.  The Court did not go on to quote subsection three of Guideline One which states: “Defensible policies need not mandate the retention of all information and documents.” The Court also did not cite, and does not appear to grasp the significance of Guideline Three of these same Sedona Best Practices, which state, in part:

3. An organization need not retain all electronic information ever generated or received.
a. Destruction is an acceptable stage in the information life cycle; an organization may destroy or delete electronic information when there is no continuing value or need to retain it.
b. Systematic deletion of electronic information is not synonymous with evidence spoliation.
c. Absent a legal requirement to the contrary, organizations may adopt programs that routinely delete certain recorded communications, such as electronic mail, instant messaging, text messaging and voice-mail.
d. Absent a legal requirement to the contrary, organizations may recycle or destroy hardware or media that contain data retained for business continuation or disaster recovery purposes.

Also, the main point omitted here is that Sedona nowhere states that records management systems must be adjudicated reasonable before they can qualify for protection under Rule 37(e). 

In my experience, the kind of decentralized system employed by ASUS is quite common. Whether is it wise or a best practice is another question, but it is certainly common. Some experts argue that it is not only common and reasonable, it is the best, most practical solution for many companies, so long as safeguards are implemented to comply with any governing records retention laws, such as the retention times contained in Sarbannes-Oxley. In fact, Sedona has published another important guideline not cited in this opinion,  The Sedona Conference Commentary on Email Management: Guidelines for the Selection of Retention Policy (August 2007).

mac and pc ad

The Sedona Email Commentary edited by Tom Allman includes an Appendix with two opposite email policy statements, kind of like Mac and PC in my favorite commercial.  Policy 1 (Mac)  is based on a “short default retention strategy” where emails are only retained for a short period (e.g., 30-90 days) and thereafter are automatically deleted. The user can only avoid this deletion “by taking explicit, affirmative actions” such as moving the email to a dedicated storage area. This is very much like the individualistic ASUS policy the court held was unreasonable! The other, opposite policy (PC) contained in the Appendix is more to this Court’s personal preference. Its authoritarian, hierarchal based system uses an “indefinite default retention strategy.” In this policy, email is retained on active servers for a time, and then “moved automatically to tiered storage and retained indefinitely” or some other specified period, such as, in Sedona’s words, three to five years. Even this “indefinite default retention strategy” would not survive scrutiny in this Court, where six to eight years is more the norm.

The court’s dubious critique of reasonability effectively imposes a new unwritten requirement for Rule 37(e): a reviewing court must find the deletion practices to be reasonable in order for them to meet the routine, good faith requirements expressly stated in the rule. This new interpretation of the rule creates an even bigger minefield in the safe harbor than the crystal ball prescience mine. This is bad law, perhaps even worse than the hair-trigger law, which you could always try to distinguish on the facts.

Rule 37(e), FRCP, in accordance with the common law, was never intended to police the terms of ESI retention policies, just how they were carried out and how the decision was made as to when to implement a hold. As Sedona puts it, a court should “evaluate the reasonableness of an organizations decision to implement a hold at the time it was made.” The Sedona Conference Commentary on Legal Holds: The Trigger & The Process Guideline 5. This is completely different from evaluating the reasonableness of the retention policy itself, which the litigation hold would interrupt and stay in favor of retention. 

As this opinion demonstrates, reasonability of retention policies is a highly debatable subject in today’s standardless world of electronic record-keeping. If Rule 37(e) had intended to impose an ambiguous reasonability requirement, it could have said so. It does not. It just requires a “routine, good faith operation of an electronic information system,” not a system that the reviewing court decides is reasonable. This judicial construction is unjustified and defeats the purpose of the rule.  

What Makes an Information Management Policy Reasonable?

but wait there's moreBut wait, there’s more! Phillip M. Adams goes on to hold that your retention policy is not reasonable unless it preserves all evidence that might later be used by third parties to sue you. And by later, we mean up to eight years, maybe even longer, especially of there is some sort of industry problem around that might lead to your being sued some day. Sounds like a plaintiff’s dream, but for the pesky notion of statute of limitations and laches. How are you supposed to know what to keep, even if your system is totally Borg-like and centralized? Basically, you would have to keep everything and delete nothing.

This is not only contrary to the law, as will be shown, it makes no sense. It interprets the safe harbor rule to mean that a routine destruction is only protected from sanctions if the information destroyed by the routine practice is not needed by the requesting parties. Since the whole purpose of the rule is to protect against sanctions when the requesting party claims the information destroyed is needed for their case, this interpretation renders the rule meaningless.

Here is the specific language in Phillip M. Adams at *14 that sums up this erroneous holding:

The culpability in this case appears at this time to be founded in ASUS’ questionable information management practices. A court – and more importantly, a litigant – is not required to simply accept whatever information management practices a party may have. A practice may be unreasonable, given responsibilities to third parties. While a party may design its information management practices to suit its business purposes, one of those business purposes must be accountability to third parties.

What? A retention policy is not reasonable unless one of its business purposes is accountability to third parties? I totally disagree with that and, fortunately, so does the Supreme Court. As long as you are complying with all applicable record retention laws, your information management purposes are your own. They are reasonable if they work for you and help you run your organization in an efficient manner and comply with all specific records retention laws. There is no one-size-fits-all solution that claims a monopoly of reasonability in the private sector. You could, I suppose, include accountability to third parties as a criteria for your records management policy, so as to make it easier for anyone, including the Government, to later sue you. Although that might be good policy to a point for some governments under sunshine laws, it is a rather foolish policy for most businesses, and the law certainly does not require it.

Phillip M. Adams is contra to the Supreme Court in Arthur Andersen v. United States, 544 U.S. 696, 704, 708 (2005), which held:

“Document retention policies,” which are created in part to keep certain information from getting into the hands of others, including the Government, are common in business. (citations omitted) It is, of course, not wrongful for a manager to instruct his employees to comply with a valid document retention policy under ordinary circumstances. . . . .

A ”knowingly … corrupt persuader” cannot be someone who persuades others to shred documents under a document retention policy when he does not have in contemplation any particular official proceeding in which those documents might be material.

See Losey, R., Rule 37 and the Supreme Court on Document Destruction (March 31, 2007).

shredderThe Supreme Court got it right. Document retention policies are designed to destroy documents and keep them out of the hands of others. Outside of specific record retention laws, there is no legal duty of accountability to third parties. There is nothing wrong with shredding documents that some third party might want to have unless you have in mind a particular official proceeding in which those documents might be material. Then, when a duty to preserve has been triggered, and only then, do you have a duty of accountability to third parties. Then you must suspend your routine document destruction practices, but not before, no matter how prejudicial that destruction might later prove to be to third parties, including the Government. This is a fundamental point, key to Information Law and Privacy Law, that many people do not seem to get. 

This error in thinking about information and privacy rights is made obvious in the Phillip M. Adams opinion at *15:

ASUS’ practices invite the abuse of rights of others, because the practices tend toward loss of data. The practices place operations-level employees in the position of deciding what information is relevant to the enterprise and its data retention needs. ASUS alone bears responsibility for the absence of evidence it would be expected to possess. While Adams has not shown ASUS mounted a destructive effort aimed at evidence affecting Adams or at evidence of ASUS’ wrongful use of intellectual property, it is clear that ASUS’ lack of a retention policy and irresponsible data retention practices are responsible for the loss of significant data.

The court’s true feelings come out here. The Magistrate Judge David Nuffer, does not like decentralized record keeping, which he calls irresponsible. It is irresponsible here solely because it means there are no emails of what happened eight years earlier. That is not irresponsible, that is their fundamental right. They have a right not to drown in information they no longer need or want. They have a right to control their information and protect the privacy rights of their company, its employees, customers and agents. They also have a right, no some would say a duty, to protect their company from frivolous law suits and expensive unnecessary e-discovery. One way they can do that is by deleting ESI unless employees make a special, individual effort to save it, which is exaclty what ASUS did here.

There is no evidence that this decentralized retention/destruction policy was disruptive to ASUS’ business operations, or that the policies in any way violated any record retention laws. No, Judge Nuffer thought it was irresponsible solely because it resulted in their being little information of value to a law suit filed eight years too late. For that reason, he decided that Rule 37(e) did not apply. He decided to punish ASUS with sanctions, the severity of which has not yet been determined, but could include case termination. He is punishing them because they had almost no ESI remaining in their systems as to events that took place at the turn of the century. That was clear error. See The Sedona Principals that are on the right hand column of my blog, Principal 14, which says:

14. Sanctions, including spoliation findings, should be considered by the court only if it finds that there was a clear duty to preserve, a culpable failure to preserve and produce relevant electronically stored information, and a reasonable probability that the loss of the evidence has materially prejudiced the adverse party.

None of these elements were proven by the plaintiff in Phillip M. Adams, but especially the requirement of a clear duty to preserve arising eight years before the law suit was filed. Again, it is hard to understand how a ruling such as this can happen. Why punish the defendants who were sued eight years too late? Instead, the plaintiff should be punished for delaying too long to file suit. The plaintiff controlled the diligence and timing, not the defendants. This long delay has prejudiced defendants by making it very difficult for them to find information long ago discarded to help the defense. This is a very odd case to be sure, but I have a theory to explain it all.

END OF PART ONE. Stay tuned for Part Two, the exciting conclusion <yeah right> of this story where I will reveal the “metadata” of Phillip M. Adams; namely, what I think is the unspoken reasoning behind this opinion. I will also discuss another part of the Phillip M. Adams opinion that I actually agree with. It concerns interesting evidentiary rulings on the admissibility of ESI.

11 Responses to Utah Court Mines Safe Harbor Rule 37(e) Into Oblivion – Part One

  1. About the only thing good I can say about this decision’s discussion of records retention requirements is that it will be a good attention-grabber at my presentations to Taiwanese businesses.

    It is challenging enough to explain US discovery law and legal hold requirements to clients in countries with inquisitorial civil law (vs. adversarial common law) systems. (“Yes, they can ask you for all that stuff; yes, I know how expensive it will be to identify, collect, review, and translate.”) Cases like this, while helpful for us vendors to wave around as precautionary examples, make it very hard to give any definitive recommendations for records retention and e-discovery readiness policies. (“Um…archive everything centrally forever in any easily accessible and searchable repository….”)

    Here’s to hoping this decision is reversed on appeal.

    Like

  2. Nicely sums up two cases at the opposite extremes of Rule 37. As Paul Easton says, it’s good scare-mongering, but terrible case law. Even as scare-mongering material it’s counter-productive. I can just see the clients I deal with throwing up their hands for lack of a reasonable way to deal with ESI and sticking their hands back in the sand.

    Like

  3. Pete Pepiton says:

    I think the point of this post really boils down to the reasonableness/unreasonableness of the late 90’s trigger date. If we agree that there is a duty to preserve, then most people would agree that the way ASUS managed their information (which wound up not preserving the information in question) would not have been reasonable.

    I completely agree with the notion that, in advance of a duty to preserve, the company has wide latitude in implementing its retention policy. But I think the Court did a poor job in this opinion in distinguishing between retention policy and the preservation exception to that policy.

    I don’t think 37(e) is invoked at all, though I would agree that taking away any predictability about trigger dates winds up eviscerating the Rule. However, IF (a big if) you accept the trigger date, then ASUS did not provide the “good faith” that the Rule calls for.

    I’d like to see 2 key points debated as a result of this decision:

    1) Are we seeing a move away from reliance on end-user preservation?
    2) Does end-user implementation of the corporate retention policy meet the ‘routine’ part of the Rule?

    As for the reasonableness of the trigger date, I think this decision will be added to the heap of decisions that we all use in attempting to give guidance on triggering events.

    Like

  4. Shannon Capone Kirk says:

    It is unfortunate that the Court chose not to follow some well-developed case law on “trigger date” and instead chose to confuse an issue I thought was becoming unconfused. I argued this issue 3 years ago in a Tennessee state court. The opponent argued that my client’s “trigger date” began when negotiations over a contract became “difficult.” Fortunately, the court disagreed–siding with several “trigger date” cases then existing, common sense, and an understanding of US business practice, which is rife with difficulities, disagreements, and “industry problems”, which fall short of any anticipation of litigation. If my opponent had been correct, a company would have to save everything, forever (forgetting laches and statute of limitiations, as you point out, Ralph–nice point). Nice reference to Arthur Andersen and the actual Sedona Principles.

    Like

  5. Craig Ball says:

    Hi Ralph:

    I checked the phone book for “Oblivion,” and it turns out that Rule 37(e) has resided there exclusively since early December 2006 (using an earlier assumed name of 37(f)). Nobody had to mine the Rule into Oblivion, it was born there. 😉

    You know what they say about hard cases making bad law. reading between the lines, ASUS was apparently so arrogant and high-handed in its EDD compliance efforts (and perhaps craven in their software theft), they fairly dared the Court to issue an opinion like this.

    Like

  6. This is a paper discovery case. The fact that the paper was supposed to be printouts of email is what brings it tangentially into the realm of eDiscovery. That the court cited to a 1987 paper-discovery opinion for the proposition that failing to have a coherent retention policy is a factor to consider in a spoliation analysis is the tip-off.

    That yet another corporation and another team of outside counsel has taken this disastrous road at this late date is the true surprise of this case. An example of the combustive mix of ignorance, arrogance and hubris.

    Like

  7. Another great post. This blog has me pumped up to do a podcast today on legal holds at http://www.esibytes.com. I tend to agree though that there had to be some underlying bad facts here that persuaded the court to take such a hard line. Looking forward to the podcast with you Ralph next week on legal ethics. It should be fun. Keep up the good work.

    Karl

    Like

  8. […] (D.Utah March 30, 2009). If you have not already read Part One, skip down to the preceding blog, or click here, and read Part One first. Otherwise, this blog may not make a whole lot of sense (and even then I […]

    Like

  9. […] by how polarizing the discussion was around one recent case in particular.  While many notable commentators have already made this the most talked about cases of the year, Phillip M. Adams & Assoc., LLC […]

    Like

  10. […] dismisses the effects of the safe harbor provision in FRCP 37(e). Ralph Losey claims the court “mines” the rule into oblivion. I think what is in play here is that the court feels that the producing party would use Safe […]

    Like

  11. […] the suit was filed. I found this decision so egregious that I wrote a long, two-part blog about it: Utah Court Mines Safe Harbor Rule 37(e) Into Oblivion – Part One and Part Two: Eight Years of Imminence. I was surprised that some experts, including my friend […]

    Like

%d bloggers like this: