The Impact of Cloud Computing And Mobile Devices On Litigation Holds

SPECIAL OFFER: Twitter, LinkedIn, Facebook and Google+ followers can get an online subscription to LJN's Legal Tech Newsletter for only $299. Click here, select Digital Only and use promo code LTNOL299 at checkout. This offer is valid for new subscribers only.

'

Lawyers may be tempted to gloss over yet another article about litigation holds and data preservation because they believe they already have the basics down. But the “basics” are a moving target and several developments from the past year merit reconsideration of company hold processes in 2015. Those developments focus on the importance of recognizing and addressing the new and dynamic forms of evidence that must be kept for litigation. As the recent cases of Brown v. Tellermate Holdings, No. 2:11-cv-1122 (S.D. Ohio July 1, 2014) and Small v. University Medical Center of Southern Nevada, 2:13-cv-00298-APG-PAL (D. Nev. Aug. 18, 2014) demonstrate, a company's litigation hold process might not be defensible unless appropriate steps are taken to preserve relevant information stored with cloud computing providers and maintained on mobile devices.

Preserving Data In The Cloud

In Brown, the court addressed the need to preserve and produce relevant information stored in the cloud. The plaintiffs sought various categories of data from their former employer in order to substantiate their age discrimination claims. In particular, the plaintiffs ' who previously worked as sales representatives at the company ' requested that their former employer produce sales records maintained by cloud provider Salesforce.com to establish that they either met or exceeded their sales quotas as compared to younger employees.

The former employer resisted production at every stage before agreeing to turn over the cloud-stored data. The employer first argued that it was contractually prohibited from producing electronically stored information (ESI) stored with Salesforce.com. When an analysis of the Salesforce.com service agreement disproved that claim, the employer argued that it could only access real time data and not the historical data that the plaintiffs sought. This assertion was also rejected since the primary purpose of Salesforce.com is to historically track sales engagements. After proffering several other related yet equally ineffective reasons to justify its position ' all of which the court rejected, the employer finally conceded that it could produce the requested cloud-stored data.

By that time, however, it was too late for the employer to make a production since the requested Salesforce.com records were not properly preserved. While the employer's counsel issued a “general directive” that relevant documents be kept for litigation, neither the employer nor its lawyers took meaningful follow-up steps to ensure that cloud-stored data was preserved. For example, the employer did not export the requested data from Salesforce.com and neglected to back up that information. Nor did the employer maintain the plaintiffs' Salesforce.com account information. Instead, it repurposed the accounts such that other employees could modify or revise the data. Finally, the employer did not ask Salesforce.com for a back-up of the requested account data until after the cloud provider recycled the data pursuant to its own retention schedule. All of which made the requested information that could have established ' or negated ' the plaintiffs' claims compromised and spoliated.

To address the spoliation of evidence, the court imposed an issue preclusion sanction preventing the employer from presenting and relying on any evidence that it terminated the plaintiffs for performance-related reasons. Such a sanction has effectively destroyed the employer's main defense and could very well force an unfavorable resolution of the matter. Moreover, the employer must now cover the plaintiffs' attorney fees and costs from a year's worth of discovery motion practice on the issues.

Keeping Mobile Device Data

In the Small case, a court-appointed special master recently issued a stunning report, recommending case-ending discovery sanctions against a defendant medical provider for its systematic destruction of ESI. The overall nature and scope of that data loss, along with the resulting prejudice to the plaintiffs, led the special master to recommend an order of default judgment (among other sanctions) in favor of over 600 named plaintiffs in that wage and hour class action.

While the defendant's failure to “institute a timely and effective litigation hold” generally resulted in the spoliation of several classes of electronically stored information, the special master was particularly troubled by the defendant's failure to preserve text messages and other mobile device data. The breakdown in the preservation process for mobile devices was twofold: the defendant failed to retain responsive ESI from “company-issued, personally enabled” (COPE) BlackBerry devices and from personal smart phones that employees used under an ad hoc “bring your own device” (BYOD) policy.

COPE Devices

With respect to the COPE devices, the defendant utterly failed to issue any type of litigation hold until it was too late. In response to questioning from the special master and plaintiffs' counsel regarding its mobile device hold efforts, the defendant's IT manager who was “tasked with blackberry preservation” testified as follows:

SPECIAL MASTER: So nobody instructed you at that time [when she was instructed to collect mobile data on January 21, 2014] to preserve all the data?

KISNER: No. But I don't believe we wiped them from that day forward.

SPECIAL MASTER: I got it. I'm just inquiring.

KISNER: Have they all been wiped? Yes. Because we moved them.

GODINO: Were you aware of any efforts by anyone toward the end of 2013 to preserve or collect this type of cell phone data?

KISNER: No.

GODINO: No one ever asked you?

KISNER: No one ever said anything.

Because the defendant failed to issue a litigation hold, the BlackBerry devices for various key custodians were “wiped.” The resulting destruction was staggering: “approximately 26,310 [text] messages were lost or deleted.”

Personal Devices

The failure to preserve responsive data maintained on the defendant's personal smart phones was even more problematic. Not only did the defendant not issue a litigation hold regarding those devices, but several key custodians apparently concealed the use of their personal cell phones for work purposes:

Every one of the custodians were asked the explicit question do they use these devices for personal use ' for work-related use, and they disavowed it, some multiple times. ' [S]everal high priority custodians [later confirmed though] that they used their personal mobile devices for work-related purposes.

Indeed, one of these employees “used a personal phone and ' had no UMC-issued device for 'at least the last two or three years.'” Taken together, the combination of the ad hoc BYOD policy, the failure to issue a litigation hold, and the employees' misrepresentations regarding the use of their personal phones culminated in the destruction of two years' worth responsive text messages and other mobile device ESI.

Lessons for Preserving Cloud-Stored Data

The Brown and Small decisions are instructive regarding the preservation efforts that lawyers should proactively take to safeguard and preserve cloud-stored data, mobile device materials, and other dynamic sources of ESI. As an initial matter, these cases demonstrate the obvious, i.e., that new and dynamic forms of relevant information must be kept for litigation. They further spotlight the need to develop and articulate policies regarding these data sources that protect corporate interests. In particular, these policies should define the nature of the enterprise's right to access and preserve information stored on personal employee devices and on third-party cloud platforms used for work purposes.

Beyond the prophylactic issuance of a litigation hold, Small and Brown teach that counsel should conduct an investigation to determine the repositories where relevant data are stored. When relevant information is stored with cloud providers, on mobile devices, or in other locations that are particularly vulnerable to data loss, counsel should consider working with company IT professionals or engaging service providers to better ensure that data is properly preserved. Getting informed direction from technically savvy partners is essential for maintaining dynamic sources of information since the methods for doing so from previous decades ' creating paper copies, imaging hard drives, or relying on backup tapes ' may be obsolete or simply unworkable. Neglecting to take these steps while stonewalling production could result in the same depressing duo of game-ending sanctions and high legal fees exemplified by Brown and Small.

Philip Favro serves as senior discovery counsel for Recommind, Inc. He is an industry thought leader, a global enterprise consultant, and a legal scholar on issues such as e-discovery, information governance, and data protection. Phil's expertise has been enhanced by his practice experience as a business litigation attorney in which he advised a variety of clients regarding complex discovery issues.

'