Obligations When Third Parties Control Data
U.S. District Judge Shira A. Scheindlin's recent decision in Sekisui American v. Hart1 underscores the reality that the destruction of electronic evidence may lead to sanctions even when done without malice. Other case law has held that a litigant may be held responsible for the destruction of data that is outside of its actual possession—including, potentially, data in the possession of its employees, service providers, and other entities with whom the litigant has contracted. To avoid the problems that arise from the destruction of evidence, companies must ask themselves proactively, "Where's my data?" not merely at the outset of a litigation, but in the early stages of any relationships with others who may come to possess materials that companies may later need to preserve, collect and produce.
Malice Not Required for Imposing Sanctions
In Sekisui, Judge Scheindlin held that, when electronic evidence has been destroyed willfully or through gross negligence, no finding of malice is necessary for the imposition of sanctions. The decision raises the stakes for companies' management of their electronic data and other records.
Sekisui involved the acquisition by the plaintiff of a company owned by the defendants. The email data for two people, including one of the defendants, was in the possession of a vendor that provided information technology services to the plaintiff. Prior to receiving a litigation hold, the vendor, acting on the instruction of the plaintiff's employee, deleted the email data. The plaintiff's employee claimed to have ordered the deletion in order to free up space on the company's server. Initially, the magistrate judge declined to impose sanctions because he concluded that the destruction was not willful because there was no showing of "malevolent purpose." Scheindlin reversed, relying on the Second Circuit's decision in Residential Funding v. DeGeorge Financial to hold:
[T]he law does not require a finding a malevolence to constitute willfulness in the context of spoliation…. In the context of an adverse inference analysis, there is no analytical distinction between destroying evidence in bad faith, i.e., with a malevolent purpose, and destroying it willfully.2
The plaintiff's purported good faith explanation for the destruction of the email therefore was unavailing.
Scheindlin further held that when evidence is destroyed willfully or with gross negligence, relevance and prejudice to the innocent party may be presumed.3
Scheindlin also clarified that, separate from the destruction of the email data, the actions of the plaintiff with respect to its document retention practices constituted gross negligence.4 Scheindlin's finding was based on the fact that the plaintiff did not issue a litigation hold until 15 months after sending a notice of claim and did not notify its vendor of the litigation hold until six more months had passed.
The court ordered an adverse inference and monetary sanctions against the plaintiff.
Sekisui points to the importance of thoroughly considering the "Where's my data?" question when litigation is on the horizon. Even a timely litigation hold will fall short if it is not distributed to vendors and others outside the company who may have relevant material. Had the IT vendor in Sekisui received the hold prior to the instruction to destroy data, the vendor may have objected to or at least questioned the instruction from the employee, with the likely result that the litigation hold would have been enforced and the data would have been preserved.
The failure to adequately distribute a litigation hold also means that a litigant has little protection if the vendor deletes the data of its own accord (rather than, as in Sekisui, at the direction of the litigant). If a litigant fails to distribute a litigation hold to its vendor, the litigant may be found grossly negligent in its document retention policies even without having willfully destroyed the data.
Broad Understanding of Party's 'Control'
With high stakes for proper electronic document preservation, it is more important than ever that litigants fully understand what data they are responsible for preserving, including that in the possession of third parties.
Under the Federal Rules of Civil Procedure, a party may request that another party produce documents or electronically-stored information within that party's "possession, custody, or control."5 The same standard applies regardless of where and how the information is stored—on paper in the litigant's office, on the litigant's in-house computer system, or with a data storage service, including when the data is stored in "the cloud."