The Cloud

Federal Judge Sanctions Corporate Defendant and Its Counsel for Gross Negligence, Bad Faith, and Failure to Comply With Discovery Requests and Court Order

In Brown v. Tellermate Holdings Ltd., Tellermate Holdings, the defendant company, terminated two employees for allegedly failing to meet sales targets over several years.  The employees, feeling that they were wrongfully terminated due to their age, filed an employment discrimination action against the company as well as other entities and individuals associated with Tellermate. Throughout pre-trial proceedings, the case was plagued with numerous discovery mishaps.  The plaintiffs requested from the defendant company data stored and maintained by Salesforce.com,[1] which would, in theory, evidence plaintiffs’ sales records over the last few years in addition to allowing the plaintiffs to compare their sales figures with other (younger) employees.  However, even though numerous discovery conferences were held, numerous discovery motions filed with the court, and several discovery orders issued by the court, the defendant corporation failed to produce the requested data and documents.  Ultimately, the plaintiffs filed for judgment and sanctions under Federal Rule 37(b)(2); the court held a three-day evidentiary hearing on the matter. The presiding judge, United States Magistrate Judge Terence P. Kemp, identified three areas in which the defendant company or its counsel failed in its obligations to the plaintiffs and the court in relation to production of documents and data: Defendant’s counsel failed to understand how Tellermate’s data stored with Salesforce.com could be obtained and produced to plaintiffs, which resulted in counsel making false statements to the plaintiffs’ counsel and the court; By failing to understand how the defendant’s data was stored and maintained, defendant’s counsel took no steps to preserve the integrity of the information in Tellermate’s database located with Salesforce.com; Defendant’s counsel failed to learn of the existence of documents relating to a prior age discrimination charge until almost a year after plaintiffs requested the documents; Defendant’s counsel produced a “document dump” resulting from counsel’s use of an overly-broad keyword search that yielded around 50,000 irrelevant documents, which plaintiffs’ counsel could not review within the time period ordered by the court. The Salesforce.com Data Judge Kemp found that Tellermate’s failure to preserve and produce the data logged on Salesforce.com’s website irreparably deprived the plaintiffs of reliable information necessary in supporting their claims.  Although defendant’s counsel initially stated that Tellermate “does not maintain salesforce.com information in hard copy format,” “cannot print out accurate historical records from salesforce.com,” and that “discovery of salesforce.com information should be directed at salesforce.com, not Tellermate,” the court found such statements to be on their face false.  In fact, Tellermate did have access to the information sought by the plaintiffs as one, and sometimes two, of Tellermate's employees enjoyed the highest level of access to the Salesforce.com information.  The court determined that the information eventually produced by the defendants could not be trusted as “even a forensic computer expert has no way to detect hat changes, deletions[,] or additions were made to the database on an historical basis.”  Because of Tellermate’s failure to preserve the Salesforce.com data, Judge Kamp precluded Tellermate from providing evidence showing that the plaintiff-employees were terminated for their alleged underperformance. Counsel’s Obligations With Respect to ESI The court found that the defense’s counsel fell short of their well-established obligations[2] to critically examine the documents and data Tellermate provided to them.  Tellermate made false representations to its counsel about the data’s availability and therefore caused undue delay in document production as well as false and misleading arguments to be made to plaintiffs’ counsel and to the court.  Subsequently, the plaintiffs were forced to file discovery motions before the court to address these discovery issues which produced the Salesforce.com data that was never properly preserved albeit its significance to the plaintiffs’ case. Judge Kemp ultimately determined that counsel for the defendant conducted an inadequate investigation of Tellermate’s electronic data while simultaneously failing to understand the most basic concepts of cloud computing and cloud storage, which led to counsel’s failing to preserve key electronic data. Control of Data Stored in the Cloud As mentioned above, Tellermate and its counsel repeatedly represented to the plaintiffs and to the court that it did not possess and could not produce any of the Salesforce.com data requested by plaintiffs.  Additionally, the defendants asserted that in light of those facts, the defendants could not preserve the data stored on Salesforce.com’s databases at any point prior to litigation. Judge Kemp dismissed these claims.  The court concluded that, without any factual basis whatsoever, no substantive argument could be made that Tellermate was prohibited from accessing the information stored on the Salesforce.com databases or that Salesforce.com was responsible for preserving Tellermate’s information and data as it was the entity that maintained possession and control of the data. In reality, Tellermate was the custodian of the data stored on the Salesforce.com databases.  While information can be stored in locations outside the immediate control of the corporate entity by third party providers, it can still be under the legal control of the owner of the data and therefore must be produced by the owner under Federal Rule 34(a)(1)(A).  Additionally, had Tellermate’s counsel critically examined the agreement between Tellermate and Salesforce.com, it would have realized that Tellermate was the owner of all data created by its employees and that Tellermate could, at any time, download the data stored on the Salesforce.com databases for preservation and production purposes. Limitations on Document Production to Avoid “Document Dumps” Tellermate produced to the plaintiffs 50,000 pages of irrelevant documents, classified by Judge Kemp as a “document dump.”  Tellermate’s counsel refused to disclose which search terms it used in deciding which documents to produce to the plaintiffs, claiming that the search terms were privileged.  In actuality, the court discovered, Tellermate’s counsel only used the full names and nicknames of employees as its search terms, which obviously yielded irrelevant documents.  Without reviewing the returned documents, and because the court’s deadline for producing relevant documents was rapidly approaching, Tellermate’s counsel produced to the plaintiffs the documents as “Attorney’s Eyes Only.” The court recognized that a protective order was permitted only when counsel held a good faith belief that such information constituted a “trade secret or other confidential research, development, or proprietary business information, and that such material was entitled to a higher level of protection than otherwise provided in the protective order.”  Tellermate could not demonstrate entitlement to this level of protection with respect to the search terms used in procuring documentation for discovery: The alleged burden imposed by a high volume production does not provide the producing party or its counsel free reign to choose a given designation and ignore the Court’s order pertaining to that designation. First, the court looked to whether competitive harm would result from the disclosure of the types of documents produced by Tellermate to a competitor; however, Tellermate’s memorandum on the issue did not contain any evidence about the harm which might result if the plaintiffs were permitted to review any particular document that was labeled “Attorney’s Eyes Only.” Second, Tellermate’s argument as to the harm it would experience was entirely conclusory and was not supported by evidence: Apart from the general concept that disclosure of some types of sensitive information to a competitor may result in harm, it contains no particularized argument which is specific to [the plaintiff], the way in which he was competing with Tellermate, and how the disclosure of any one of the 50,000 pages marked as attorneys-eyes-only would harm Tellermate’s interests. The court was astounded that Tellermate continually failed to meet the burden required to designate the documents as “Attorney’s Eyes Only” and, up until the hearing date, made no effort the redesignate a single page of the 50,000 produced in order to permit the plaintiffs from viewing the documents. Sanctions The court had absolutely no qualms with an award of attorneys’ fees for all motion practice connected to the preservation and production of the Salesforce.com data.  “Had Tellermate and its counsel simply fulfilled their basic discovery obligations, neither of these matters would have come before the Court, or at least not in the posture they did.”  The court took great concern to the extraordinary lengths the plaintiffs had to go to in order to obtain the documents maintained by the defendant and, even after several rounds of motions, were not able to obtain all of them.  The “Attorney’s Eyes Only” designation on the 50,000 documents produced was also unfounded, the court held, and unduly precluded plaintiffs from necessary evidence that supported their case, which warranted fees under Federal Rule 37(a)(5)(A). Conclusion Tellermate provides a warning to all attorneys that the realm of technology in which their clients are constantly interact with is always changing.  Therefore, so does the practice of electronic discovery.  Counsel must always meet its duties with respect to ESI by engaging in discussions with its clients and opposing counsel about ESI; being aware, and perhaps even knowledgeable, of new and emerging technologies; and investigating and assessing with its clients the sources and status of potentially relevant ESI.  By forgoing these practices, counsel opens itself and its clients to easily avoided and costly sanctions. Daniel is the Editor-in-Chief of eLessions Learned and a third-year law student at Duquesne University.  To read more about him, click here. [1]       Salesforce.com is a cloud-based customer relationship management system with more than 100,000 corporate customers around the world.  Tellermate and its employees used Salesforce.com to track their sales and other interaction with customers.  The court recognized that each sales person using the Salesforce.com management system could add, remove, or otherwise change data on their sales account. [2]       See Zubulake v. UBS Warburg LLC, 382 F.Supp.2d 536 (S.D.N.Y. 2005) (counsel had an affirmative duty to monitor preservation an d ensure all sources of discovery information were identified).

Clouds and Roots and Viruses…Oh my! Understanding the Nexus Between Speed and Safety in Cloud Computing and What it Means for E-discovery

According to other technology bloggers, there has been significant development in cloud security…which is sure to have an impact on e-discovery.  What’s cloud security?  To understand where you’re going, you have to know where you’ve been. Anyone who uses computers for their home or business is connected to a server.  A server is a software program (or a computer that runs the program) which provides a specific service to the computer(s) connected to it.  Each server has a finite amount of power, so (1) it will run slower as the number of networked computers connected to it increase; (2) it will run slower as the size of the jobs requested by the network increase; or (3) both.  You’ve probably experienced this at work: you and fifty of your coworkers are trying to print huge .pdf files simultaneously and it’s taking F-O-R-E-V-E-R. Lucky for us office-types, IT specialists have discovered that the efficiency of the server-network interaction can be increased by using groups of servers instead of just one.  A group of servers sharing tasks requested by a network is called a “cloud.”  Chuck Hollis, who wrote the article on which this post is based, provides this definition: By "cloud", I mean any next-generation IT environment that's (1) built differently -- dynamic pools of virtualized resources, (2) operated differently -- purpose-built zero-touch or low-touch operational models, and (3) consumed conveniently -- use of resource includes pay-for-use models, or other forms of convenient consumption. A pay-for-use model just means that you pay, for example, fifteen cents per gigabyte of information exchanged.  Pricing may also be determined by the time it takes for the cloud to complete a specified task. Why Clouds Deserve Special Treatment When there are parts of projects from multiple networks going to clouds of servers, tracking information and protecting it from hackers can become difficult.  Enter: Cloud Security Takes a Big Leap Forward.  This article presents solutions to cloud-security problems.

Continue Reading