As 2017 comes to a close, it’s an opportunity to look back at an eventful year in the law of data discovery, including case law on e-discovery, data privacy, and social media.
US courts have handed down hundreds of data discovery decisions during 2017, and an era of digital technology has made many these matters some of the most closely followed cases in the nation. Whether it’s high-profile litigants such as Taylor Swift or an e-discovery sanctions case making it to the US Supreme Court, data discovery has made it to legal prime time.
Speaking of Taylor Swift, we’ll be reviewing her case and other 2017 cases involving high-profile litigants in a Bloomberg-Relativity webinar this Thursday, December 14: 2017 Data Discovery: Celebrity Lessons on Litigation, Legal Ethics, and e-Discovery. Judge Joy Flowers Conti, David Cohen of Reed Smith, and Michael Kump of Kinsella Weitzman Iser Kump & Aldrisert, will be joining us, and we hope you can as well. You can register here.
On with the 2017 cases:
When is a Friend a Friend?
The use of social media has been an important issue the past few years, and the 2017 decision in Law Offices of Herssein and Herssein, P.A. v. United Servs. Auto. Ass’n, No. 3D17-1421 (Fla. 3d DCA Aug. 23, 2017) addressed the legal and ethical issues of judges and their friends on Facebook. The court refused to disqualify a judge based on her Facebook friendship of a lawyer in her court, observing that Facebook “friends” were not the same as friends in real life.
Proportionality and Privacy
Almost 200 of the year’s data discovery decisions dealt with proportionality in e-discovery, which is not surprising, given that proportionality was one of the biggest issues in the 2015 e-discovery amendments to the Federal Rules of Civil Procedure. Courts have interpreted the new Fed. R. Civ. P. 26(b)(1), applying its six-pronged test for proportionality.
At the same time, data privacy is becoming a more important issue as illustrated by the Second Circuit’s decision in Microsoft v. United States and 2017 district court decisions involving Google and the Stored Communications Act, where courts declined to follow the Second Circuit’s holding in Microsoft.
However, proportionality and privacy didn’t always carry the day.
For instance, in Williams v. Superior Court, No. 227228 (Cal. July 13, 2017), the California Supreme Court declined to prevent statewide discovery of employees’ personally identifiable information on privacy grounds.
In Williams, Michael Williams, a plaintiff seeking to pursue a representative action under California state law, sought the name, address, telephone number, and company employment history of 16,500 non-exempt California employees of Marshalls department stores. In part because Williams agreed to send an opt-out notice to affected employees, the state’s high court allowed the extensive discovery.
Holding that it was not necessary for courts to find a compelling interest to allow the discovery of personal information, the court wrote: “Courts must instead place the burden on the party asserting a privacy interest to establish its extent and the seriousness of the prospective invasion, and against that showing must weigh the countervailing interests the opposing party identifies.”
Privilege and Work Product
The attorney-client privilege and the protections of the work product doctrine have always been big issues in discovery, and 2017 was no exception, with cases examining both waiver of the privilege and the limits of the work product doctrine. The 2017 cases were also significant because they illustrated important differences between privileged communications and work product.
In Peerenboom v Marvel Entertainment, LLC, 148 A.D.3d 531 (N.Y. App. Div. 2017), a New York appellate court held a corporate CEO had waived the attorney-client privilege by communicating with his lawyer on the company email system where the company email policy provided that the company owned all email on the system, reserving the right to inspect them.
Although a lower court in Peerenboom held the CEO had waived both the attorney-client privilege and work product protections, the appellate court held the CEO waived only attorney-privilege. He waived privilege because—given the corporate email policy—he had no reasonable expectation of confidentiality in his communications with his lawyer.
However, the protections of the work product doctrine are often more resistant to waiver. The appellate court held the CEO hadn’t waived work product protection because there was no evidence employer representatives had actually read any of the emails.
On the issue of waiver, in Harleysville Ins. Co. v. Holding Funeral Home, Inc., No. 1:15cv00057 (W.D. Va. Feb. 9, 2017), vacated in part (W.D. Va. Oct. 2, 2017), a US magistrate judge and a US district judge disagreed on whether a litigant waived privilege and work product protection by sending an unsecured email with an unsecured hyperlink to a Box account containing privileged information.
Holding privilege was waived, the magistrate judge wrote that the litigants actions ”were the cyber world equivalent of leaving its claims file on a bench in the public square and telling its counsel where they could find it.”
However, in reversing, the district judge held there was no waiver, adding, “The fact that Harleysville's counsel could access the Box folder via a 32-character, randomly-generated ‘sharing’ link in an email sent by Harleysville did not, and should not have, put Harleysville's counsel on notice that anyone with an Internet connection could do the same.”
Meanwhile, in Graham v. San Antonio Zoological Soc’y., No. 15-CV-1054 (W.D. Tex. Apr. 18, 2017), a litigant zoo inadvertently emailed a report containing 37 years of medical records of an elephant at the center of the litigation. The zoo claimed work product protection, but waiver was not even an issue because the court held the report did not constitute work product.
Although the report was prepared at the request of counsel, the court cited the DC Circuit’s decision in Shapiro v. Dep't of Justice, and held compilations of documents were protected only when the attorney's selection of documents or contents could reveal or provide insights into the attorney’s mental processes in the analysis and preparation of the client's case.
Arguably, the most important e-discovery sanctions case of the year was the US Supreme Court’s Goodyear Tire & Rubber Co. v. Haeger, 137 S. Ct. 1178 (2017), where the high court limited courts’ inherent authority to issue sanctions for bad behavior in e-discovery.
Resolving a circuit split between the Ninth Circuit and the Fourth, Seventh, and Eighth Circuits, the Supreme Court reversed the Ninth Circuit, throwing out a $2.7 million award. The high court held a federal court exercising its inherent authority to sanction bad faith conduct by ordering a litigant to pay the other side’s legal fees is limited to awarding the fees the innocent party incurred solely because of the misconduct.
Of course, courts across the nation addressed e-discovery sanctions in the second year of the amended Fed. R. Civ. P. 37(e) and its “intent to deprive” standard, a requirement for the most severe sanctions.
The new rule proved a high hurdle for some litigants seeking sanctions. For instance, in Mueller v. Swift, No. 15-cv-1974 (D. Colo. July 19, 2017), the singer Taylor Swift sought an adverse inference instruction after the litigant suing her lost audio evidence by spilling coffee on a laptop computer and also had a back-up hard drive malfunction.
Although neither Swift nor the plaintiff cited Rule 37(e) in their arguments, the court used the new rule as a basis for denying Swift’s request for an adverse inference instruction.
However, litigants should know that the most egregious bad behavior in discovery will still bring severe sanction—including the most severe of all: dismissal of the action.
In Organik Kimya, San. ve Tic. A.S. v. ITC, 848 F.3d 994 (Fed. Cir. 2017), a litigant overwrote a laptop's hard drive by copying the Program Files folder at least 108 times. While performing this overwriting, the litigant also backdated the computer's internal clock so that the metadata on the copied files would hide the fact that the overwriting took place only days before a court-ordered forensic inspection. In addition, the litigant ran an application, CCleaner, to delete files. Finally, to ensure its nefarious efforts had been successful, it used an application, WinHex, at least twelve times to see whether it could recover any of the deleted information before the court-ordered forensic investigation took place.
In Organik Kimya, Rule 37(e) didn’t apply. Fed. R. Civ. P. 37(b) applied because the litigant’s laptop imbroglio was in violation of a court order. An administrative law judge ordered a default judgment, writing, “Were there such a thing, I would find Organik Kimya's egregious behavior to be gross bad faith.”
Looking to 2018
Of all the data discovery issues courts addressed in 2017, data privacy may be the biggest in 2018. Not only will the EU General Data Privacy Regulation (GDPR) become effective on May 25, it will also be a big year for US data privacy law.
The US Supreme Court will hand down two data privacy decisions, one in the Dublin warrant dispute in United States v. Microsoft (formerly Microsoft v. United States), and a second in Carpenter v. United States. Both decisions will address data privacy in the digital age, and both will address the antiquated Stored Communications Act (SCA), part of the Electronic Communications Privacy Act of 1986.
Most observers agree Congress should address the SCA, but given the current climate, that seems unlikely. What is likely is that 2018 will be another meaningful year for the law of data discovery.