e-Discovery, by its very nature, is a challenge to data privacy. The discovery process unearths formerly private communications of many types. Although employees should realize in 2017 America, employers can—and do—read employee email, they continue to conduct personal business on company devices.
That data could end up in an e-discovery production.
With broad US e-discovery exposing communications many thought were private, data privacy is a serious concern for the e-discovery practitioner, and in a recent California Supreme Court case, the Golden State’s high court reversed trial and appellate courts and held class action plaintiffs could get personal information in discovery—despite data privacy concerns. Williams v. Superior Court, No. 227228 (Cal. July 13, 2017).
Depositions for Documents
Michael Williams sued Marshalls of CA, LLC—operator of the Marshalls department stores in California—alleging that, while he was a Marshalls employee, the company failed to pay him for rest and meal breaks as required by California law as a direct result of Marshalls’ understaffing of its stores.
Seeking to pursue a class action, Williams sought information about similarly situated Marshalls employees.
Specifically, Williams sought the name, address, telephone number, and company employment history of each of Marshalls’ 16,500 non-exempt California employees in the period March 2012 through February 2014.
Marshalls objected to the request, arguing it was overbroad because it extended beyond Williams’ store, unduly burdensome, and an invasion of the privacy of third parties in violation of Article I, Section 1 of the California Constitution.
The trial court ruled that Williams could have most of the information, but the court ordered that Williams could only have the information on employees from other stores if he agreed to sit for a deposition to demonstrate the merit of his case.
Williams appealed to an intermediate California state appellate court, but the appellate court rejected his arguments as well. The California Supreme Court granted review to determine the discovery available to litigants under California Labor Code Private Attorneys General Act of 2004 (PAGA).
Discovery Trumps Privacy
The California Supreme Court rejected the privacy argument, and reversed the lower courts. The court cited its decision in White v. Davis, 13 Cal.3d 757 (1975), which held that the state constitutional privacy right does not purport to prohibit all incursion into individual privacy but rather requires that any such intervention must be justified by a compelling interest.
The state’s high court went further in its White analysis by relying on its decision in Hill v. National Collegiate Athletic Assn, 7 Cal.4th 1 (1994).
“Courts must instead place the burden on the party asserting a privacy interest to establish its extent and the seriousness of the prospective invasion, and against that showing must weigh the countervailing interests the opposing party identifies,” the court said.
The court criticized a series of intermediate appellate court decisions that failed to consider all the factors articulated in Hill.
Commenting on the trial court’s requirement that Williams sit for a deposition to show he had a valid case before getting discovery, California Supreme Court Justice Kathryn Werdegar wrote, “To show the merits of one's case has never been a threshold requirement for discovery in individual or class action cases; it is not a threshold requirement here.”
Werdegar conceded that California’s PAGA law had a standing requirement, but that such a standing requirement didn’t justify denying discovery.
“True, PAGA imposes a standing requirement; to bring an action, one must have suffered harm. But the way to raise lack of standing is to plead it as an affirmative defense, and thereafter to bring a motion for summary adjudication or summary judgment, not to resist discovery until a plaintiff proves he or she has standing,” Werdegar wrote.
Why Williams Matters
Look no further than a recent Wells Fargo data breach to see why Williams matters. The Wells Fargo breach was the result of an inadvertent e-discovery production.
Data privacy and data protection are major issues in 2017. Europe’s General Data Protection Regulation (GDPR) goes into effect next May, and highly publicized data breaches, such as Wells Fargo, have made cybersecurity a concern for just about everyone.
Data privacy has always been a challenge in e-discovery, especially in cross-border litigation. Blocking statutes in foreign nations—perhaps most notably, France—have stymied efforts of American litigants to get litigation data.
Historically, US courts have been less than helpful in honoring the data privacy laws of other nations when it comes to electronic discovery in litigation. Despite the test for dealing with conflicting international laws articulated by the US Supreme Court in its 1987 decision, Societe Nationale Industrielle Aerospatiale v. U.S. Dist. Court, courts often simply disregarded international law.
Times have changed.
US courts are giving greater deference to international data privacy norms, and the ability to conduct broad-based, American-style e-discovery overseas has hit choppy waters with the upcoming GDPR. In addition, the Schrems I litigation put an end to the Safe Harbor Framework, and Schrems II is putting the Safe Harbor’s replacement, the Privacy Shield, in jeopardy as well.
In addition to these international data privacy developments, protecting personal privacy has gained traction domestically as well.
Williams, however, bucks the trend.
Broad-based, American-style e-discovery carried the day as the California Supreme Court rejected the privacy objections to turning over the personal information of employees. Plaintiffs will most likely hail the decision as a protection of litigants’ ability to get to the truth and obtain justice.
Privacy advocates will certainly view it differently, and the defense bar is bound to see the court’s decision as a judicial green light for e-discovery fishing expeditions in California.