Featured Publications

Intellectual Property and Technology: Alert - March 4, 2010

In its March 2, 2010 Reed Elsevier decision, the Supreme Court determined that the registration requirement for filing lawsuits under the Copyright Act does not present a jurisdictional bar – despite the more than 200 lower court opinions holding that it does. This alert explains the history of the case as well as the Court decision. It suggests that the ruling is, in practical terms, extremely narrow – but that it will most likely affect cases that concern mass-scale infringement claims or class action claims, and it may make courts more sympathetic to hearing claims on works with pending applications for copyright registration.

More

The Supreme Court Decision in Citizens United v. FEC

This alert reviews key aspects of last week's landmark Supreme Court decision in Citizens United v. FEC, in which the Court cleared the way for corporations and labor unions to contribute to political campaigns in a more direct way - and permitted those entities to pay for express advocacy as long as the advocacy is not coordinated with any campaign or political party. It also points to underreported aspects of the ruling, and areas of campaign finance rules that will remain the same.

More

Search Our Library

Search

  • Print Article
  • Email this page to a friend
  • Print Newsletter / Alert
Healthcare & Life Sciences
Alert - May 15, 2009
 
Failure to Have Adequate ESI Records Management Procedures Can Result in Sanctions If Relevant Evidence Is Destroyed as a Result
 
 May 15, 2009
 
Martin J. Jaron- Northern Virginia

Electronically stored information (ESI) – email and other electronic documents – is now the primary focus of discovery in civil cases, criminal cases and government investigations. It is anachronistic to discuss e-discovery as something separate from other forms of discovery, because today almost all routine discovery in litigation is, in fact, e-discovery. The implications of this can be serious, as was shown in a recent patent infringement case.

ESI: The Basics

ESI is literally everywhere, and new technologies – plus the expansion of existing technologies – have led to an incredible explosion of data. Take a look around and you will find you are swimming in an ocean of ESI. Identifying all ESI sources in any company is a difficult undertaking, but an incomplete list of major components will typically include the following:

    • email (Microsoft Outlook, Lotus Notes, third-party hosted email applications, Internet email)
    • Microsoft Office and other office suite applications with spreadsheet, database, presentation and other programs
    • unified messaging that links email, voice, fax and other forms of communication
    • company proprietary accounting and information management systems
    • electronic document tracking and management programs
    • knowledge sharing and management software
    • company created and maintained databases
    • industry-specific accounting programs and data
    • internal security programs, including keystroke and other employee monitoring software
    • backup media of all types
    • outsourced IT functions to third parties
    • social networking sites where employees participate (LinkedIn, MySpace, Facebook, Twitter), blogs, Web 2.0 and Web 3.0
    • home computers used for company business, where permitted

In addition, a vast and growing “information cloud” can result when a company’s ESI is stored in a variety of third-party storage locations. In such cases, users usually don’t even know where their data actually resides.

In the health care industry, medical records add another dimension to the problem, with industry specific software and strict privacy requirements that must be observed.

This complicated ESI storage picture grows even more complex each day. To make life even more complicated, the e-discovery rules of the Federal Rules of Civil Procedure – and now most state e-discovery rules – mandate that the ESI your company creates is subject to discovery, and must be preserved, processed and produced as necessary when it is relevant to a litigation or future dispute.

ESI records and information management is not the most exciting subject, and it is often viewed as a matter of low importance in the context of a company’s overall business operations. Many companies have no formal records management policies, or worse, they have policies and procedures that are poorly designed and not followed, which creates an entirely new set of problems. Furthermore, the turbulent economy and the downsizing that has affected many companies has drawn focus away from records management and toward controlling losses and the development of business survival strategies.

The Adams Decision: Tracking ESI Is Important

Does this matter? What is the worst that can happen if a company fails to have adequate ESI records management practices and relevant data in a litigation is lost as a result? These questions were answered in a recent decision in a patent infringement case, Philip M. Adams & Associates, LLC v. Dell, Inc., 2009 WL 910801 (D. Utah Mar. 30, 2009). In Adams, Magistrate Judge David Nuffer granted, in part, the plaintiff’s motion for sanctions. The court held that a defendant’s failure to have a functioning records management program and practices led to the destruction of relevant evidence, and that such behavior would justify the imposition of sanctions, including the possibility of a default judgment as a terminating sanction. The decision by Magistrate Judge Nuffer is currently under appeal to a U.S. District Court Judge, so the final outcome is not certain. However, whether ultimately sustained or reversed, the analysis set forth in Magistrate Judge Nuffer’s decision shines a spotlight on the importance of having an operating ESI records management and the potential adverse impact of failure to do so.

In Adams, the e-discovery focus was on two defendants in the case, ASUSTEK Computer, Inc. and ASUS Computer International (collectively, ASUS). Adams alleged that ASUS destroyed critical and relevant evidence to Adams’ patent infringement claim. The infringement facts were fairly simple. Adams alleged that ASUS had obtained and used Adams’ proprietary floppy disk controller (FDC) test programs designed to deal with FDC defects that could result in the destruction of data on floppy disks of the type commonly in use in the late 1980s and early 1990s.1 More importantly, Adams alleged that ASUS: (1) destroyed the source code and documents relating to two test programs ASUS allegedly created using Adams’ patented and proprietary technology, and (2) also destroyed the documents that would have conclusively demonstrated ASUS’ piracy.2 In an earlier order, the court had ordered production of these materials, but ASUS produced very little, although some documentation was obtained by the plaintiff from third parties.

ASUS relied on two defenses, both of which were rejected by the court. ASUS claimed that it had in fact produced a large volume of documents, but Adams argued that ASUS had failed to produce the most critical documents, test programs and source code related to its misappropriation, copying and willful behavior. Next, ASUS argued that its email and records management systems were not designed for “archival” purposes, and it brought in an outside expert to describe its email and data storage practices – which, to put it kindly, were not “practices” at all but up to the whim of individual employees. This defense tactic also failed.

Non-Existent Records Management

The facts showed that ASUS had no formal records retention program. In fact, it engaged in practices where little importance was placed on the preservation of relevant ESI or other documents, and this almost guaranteed that relevant ESI would be destroyed.

First, although ASUS’ employees sent and received email via company servers, storage on the email servers was limited and employees were instructed to download emails they deemed important or necessary to perform their job functions from the company servers to their individual company-issued computer. Any email not downloaded by employees was automatically overwritten on ASUS’ email servers to make room for additional email storage.3

Second, during the course of their employment, ASUS employees would routinely turn in their old computers to upgrade to new equipment. When this was done, the hard drives of the returned computers were formatted to erase all ESI stored before they were recycled, reused or given to charity. Although ASUS employees were instructed to transfer important emails saved on their old computer to their newly issued computers, this instruction was not always followed.4

Finally, there was very high employee turnover at ASUS, which further detracted from employee preservation activities and heightened the risk of data destruction. The court concluded that “... ASUS’ current data is at the mercy of individual employees’ backup practices.”5

After sorting out evidentiary objections to documents which Adams obtained from third parties, the court found that ASUS had a duty to preserve electronic evidence dating back to 2000, and that ASUS, by failing to have ESI records management polices and procedures, had breached that duty.6

No Safe Harbor Under Rule 37(e)

The court then turned to ASUS’ argument that it should have a safe harbor from sanctions under Federal Rule of Civil Procedure 37(e), which provides that sanctions may not generally be imposed for “failing to provide electronically stored information” that is lost, if a party can show the loss was “a result of the routine, good-faith operation of an electronic information system.” The court rejected ASUS’ argument that it should be entitled to the Rule 37 safe harbor, finding that ASUS’ expert did not address reasonableness or good faith, and did not show that he was familiar with ASUS’ actual backup practices as described in declarations from ASUS employees.7

Lack of Records Management Policies Is No Excuse

The court found that ASUS had a haphazard information technology system with little structure and few rules, and a lot of turnover among its employees. Importantly, the court tied ASUS’ lack of a coherent records management program directly to the company’s e-discovery obligations:

“ASUS’ system architecture of questionable reliability which has evolved rather than been planned, operates to deny Adams access to evidence. This should not be excused.”8

Again, the court denied safe harbor status under FRCP 37. It indicated that the absence of a coherent document retention policy is a pertinent factor to consider when evaluating sanctions, citing to organizations offering guidance in this area, including ANSI (American National Standards Institute), AIIM (Association for Information and Image Management) and ARMA International (Association of Records Managers and Administrators). The court also referenced ISO (International Organization for Standardization) and its records management standard ISO 15489-2 (Information & Documentation-Records Management).9

The court also cited an older case when paper records were the norm, Kozlowski v. Sears, 73 FRD 73 (D. Mass, 1976), for its holding that:

“[U]tilizing a system of record-keeping which conceals rather than discloses relevant records, or makes is unduly difficulty to identify or locate them, [renders] the production of the documents an excessively burdensome and costly expedition. To allow a defendant whose business generates massive records to frustrate discovery by creating an inadequate filing system, and then claiming undue burden, would defeat the purposes of the discovery rules.”

Key to the court’s reasoning was this description of the linkage between ASUS’ absence of ESI data management practices and procedures and the resulting destruction of relevant data:

“ASUS’ practices invite the abuse of rights of others, because the practices tend toward loss of data. The practices place operations-level employees in the position of deciding what information is relevant to the enterprise and its data retention needs. ASUS alone bears responsibility for the absence of evidence it would be expected to possess. While Adams has not shown ASUS mounted a destructive effort aimed at evidence affecting Adams or at evidence of ASUS’ wrongful use of intellectual property, it is clear that ASUS’ lack of a retention policy and irresponsible data retention practices are responsible for the loss of significant data.”10

Prejudice and Sanctions

The court deferred imposition of sanctions until a later date, but did conclude that, “Prejudice [to Adams] might be considerable.”11 The court discussed terminating sanctions – including a default judgment – that have been imposed against a party because its actions made evidence unavailable, but concluded that because discovery in this case was still open, the degree of prejudice and appropriate sanction could not be determined until the close of discovery.

Conclusion

The Adams decision is potentially very important because it links ESI records management to e-discovery and highlights the potential risk companies face if they fail to have an operating and effective ESI records management system and lose relevant data as a result. Although the actual decision on sanctions to be imposed in Adams was left for a future hearing, and while there are questions to be raised in the appeal to the U.S. District Court judge concerning the merits of the Magistrate Judge’s initial decision (including also determination of when the duty to preserve first arose), Adams highlights the critical importance of ESI records management, its linkage to e-discovery, and the potential adverse consequences to a litigant of failing to have a functioning and operational ESI records and information management system.

A records management program that takes control of your ESI is the foundation for both e-discovery readiness and a successful compliance program. As Adams makes clear, failure to have adequate ESI records management may also be a strong factor in awarding sanctions – including the possibility of terminating sanctions if a court concludes that relevant data has been lost. That raises the stakes considerably, and suggests that establishment of an effective ESI records management program should be at the top of the “to do” list for management in companies that face even a moderate level of litigation risk.

For more information, contact:

Martin J. Jaron, Jr.
703.720.8651
martin.jaron@hklaw.com

toll free: 1.888.688.8500


1 Adams, 2009 WL 910801, at *1-4. Adams also alleged that ASUS attempted to reverse engineer its protection algorithm to prevent data corruption, and that a patent application filed by ASUS was based on Adams’ proprietary patent. Id.

2 Id.

3 Id., at *13-14.

4 ASUS’ data practices were discussed and described at length in the court’s opinion. See Adams, 2009 WL 910801, at *5-6, *11, *13-14.

5 Id., at *13-14.

6 The court’s finding regarding the duty to preserve is expected to be controversial, as it reached back nine years to 2000, five years before ASUS received any formal notice to preserve from Adams in February 2005. ASUS contended that its duty to preserve should only have dated back to February 23, 2005, when it received a preservation letter from plaintiff’s counsel. The court relied on other similar litigation in the industry during the earlier period, and found that ASUS’ duty to preserve actually existed in 2000, when ASUS knew or should have known it had information relevant to imminent or ongoing litigation and that it was likely to be sued. Adams, 2009 WL 910801, at *12-13.

7 Id., at *13-14.

8 Id., at *15.

9 Id.

10 Id.

11 Id., at *15-16.

Related Practices