Case Law

#CaseoftheWeek Episode 63: Loss of Metadata on a Personal Device

Episode 63 of #CaseoftheWeek is an analysis of the decision by United States District Judge Lorna G. Schofield on the matter of Medidata Sols., Inc. v. Veeva Sys., Inc.

During the episode, CEO Kelly Twigger analyzes and discusses whether the loss of metadata maintained on a personal device by an unnamed custodian was sufficient to warrant an adverse inference instruction under Rule 37(e).


Good morning, and welcome to episode 63 of our #CaseoftheWeek series, published in partnership with the Association of Certified eDiscovery Specialists or ACEDS. My name is Kelly Twigger. Thank you so much for joining me today. I am the principal at ESI Attorneys and the CEO and founder of eDiscovery
Assistant, which is an online platform providing practical resources and knowledge for lawyers and legal
professionals in the eDiscovery space.

As you know, if you’ve joined us previously on the #CaseoftheWeek, we choose a recent decision each
week in eDiscovery that highlights key issues for litigators and those who are involved in the process and talk about the practical implications of that decision for you, for your practice, and for your clients.
Hopefully we’ll bring some great tips for you today.

This week’s decision comes to us from a case called Medidata versus Veeva Systems. This is a theft of
trade secrets case. This is a decision from last September 22nd of 2021, written by United States District Judge Lorna Schofield. Judge Schofield has many eDiscovery decisions out there, 31 decisions in our database in eDiscovery Assistant.

As you know, we tag each of our decisions in the database with issue tags to make them easier to search for. The issues that are covered by this week’s case include adverse inference, scope of preservation, search terms, legal hold, metadata, exfoliation, and forensic examination.

What are the facts before us on this particular decision? We are in front of the Court here on a
motion for sanctions in which the plaintiff is seeking an adverse inference instruction for spoliation of file
metadata from a custodian named Anthony Tsai that allegedly embodied Plaintiff’s trade secrets. Both of the parties here—the plaintiff and the defendant—sell software for clinical trial use. The plaintiff’s software is on the market prior to the defendant’s software and the allegations here are that the defendants—through former employees—stole many of plaintiff’s trade secrets and developed their own software to compete against Plaintiff in the marketplace.

In January of 2017, the plaintiffs filed this action alleging misappropriation of trade secrets related to the
two software products, as well as business planning, marketing, and sale of the products, so not just
product design and features and functionality, but the actual implementation into the market of the
product. The allegations are specifically that five former employees used trade secrets stolen from the
Plaintiff to develop those competing products.

Now, the custodian really at issue here is Anthony Tsai. Anthony was a sales engineer who worked for
the plaintiffs and was then deeply involved in developing competing products for the defendant. We’re looking at this decision from September of 2021. As we always discuss on the #CaseoftheWeek,
looking at the timeline associated with the case is key, and looking at Mr. Tsai’s history with the parties is
also key.

Mr. Tsai worked for the plaintiff, but left the plaintiff’s employment in April of 2011, five years and eight
months before the plaintiffs brought this case. He is not one of the five employees whose activities are the focus of the plaintiff’s second amended complaint. Instead, he is mentioned in a footnote as one of eleven “lower level” employees of plaintiff’s that were hired by the defendant. Plaintiff’s entire complaint is based on the actions of five former employees. Mr. Tsai is not one of those five.

Now let’s talk a little bit about the legal hold that the defendant put in place upon learning of the action. Company wide legal hold was issued for various electronic document management systems that included employee email accounts, computers, share drives, and corporate databases. Mr. Tsai, who had left the company at this point almost six years prior to the legal hold being put in place, was subject to that company wide hold.

In its discovery responses to Plaintiff’s request for documents and information, the defendant stated that it had not searched for items within the personal possession, custody, or control of its employees.
That’s really important, and it’s a point we’re going to come back to. The plaintiffs did not object or move to compel the production of documentation from personal devices, including with respect to Mr. Tsai, but instead declined to produce information in its employees’ personal possession as well. Essentially, the parties agreed that they would not search personal devices of custodians in this case.

If you’ve handled theft of trade secrets before, you know that that’s a big no-no, because most of
the information you find to document the theft of information from one party to be used by another is
through custodians personal devices when they leave the company.

Next, sort of point. The plaintiffs did not include Tsai as a key custodian of ESI under the Court’s
individual rules when it provided that information to the Court. Tsai, not listed as one of the five former
employees who really provided the bulk of trade secrets stolen from the plaintiff, but listed as a lower level employee, was included on the legal hold, had left the company six years prior and was not listed as a key custodian by the plaintiffs in information submitted to the Court. That’s where we are factually now.

July 2019, fast forward to two years after the filing of the complaint. Eight years after Tsai had left the
plaintiff’s employment, the defendant finally questioned Tsai and learned that he had retained hundreds of thousands of plaintiff’s documents referred to in the decision as the retained files on a personal network storage drive maintained on his home computer network. That drive is referred to as the D-Link drive in the decision.

The defendant, after learning about these documents, immediately directed Mr. Tsai to hold the
documents and to copy the drive. The copied drive was delivered to an eDiscovery service provider
that was retained by the parties.

One month later, after the drive had been delivered to the service provider, the defendant learned that Mr. Tsai had also copied the files from the drive to another drive on his home network, called the Q and P drive. Mr. Tsai had moved files from that drive to a SanDisk USB drive for transmission to electronic
discovery vendor, and then he reset the operating system of his personal iMac—one of three computers
that he had used to access files on the QnP drive, with the other two being work laptops. By virtue of resetting that operating system, that’s where we’re going to find loss of metadata being preserved on the drives themselves.

Then what happened with forensic analysis of the drive that was transmitted to the ediscovery service
provider? That analysis indicated that Mr. Tsai copied files onto the D-Link drive in the three weeks before his departure from the plaintiff. Two, that Mr. Tsai used the defendant’s laptops to access the retained files on the QnP drive from 2005 to 2017, the period in which defendants products were under development. Third, that the file metadata for the folders and files on the QnP drive were lost when Tsai transferred those files to the USB drive. Fourth, when Tsai reset the iMac file metadata on the iMac showing what files he had created, accessed, or modified on the QnP drive via the iMac were lost, along with file metadata showing the dates and times of access. It’s that metadata that was lost in this reset of the operating system that is the issue for spoliation on this sanctions motion.

Now, when Mr. Tsai was finally deposed in November of 2019, he testified to three different points. First, that he had kept the retained documents after leaving the company in 2011, so no dispute there. That he copied the retained documents from the QnP drive to the USB drive in order to provide that information to the party’s ediscovery vendor. Third, that he subsequently deleted the retained documents from the QnP drive without any instruction from either party.

Following that deposition, after the close of discovery, the plaintiff moved for sanctions for failure to preserve the metadata from Mr. Tsai’s personal devices.

We’ve talked already about the facts here. I’m sure you’re chomping at the bit because you know
already where the issues lie for the plaintiffs on this motion.

What’s the Court’s analysis? We’re talking about a failure to preserve. The Court begins with an analysis of Federal Rules of Civil Procedure 37(e), which provides for sanctions for failure to preserve ESI.

It does feel a bit like on our Case of the Week that we cover Rule 37(e) weekly. I think, in large part, that’s because that seems to be the de facto provision for seeking sanctions under the Federal Rules for
most parties, whether it fits or not. Here it is the correct section to be under, but we’re going to find that
the standard of intent to deprive and prejudice are too high for the plaintiffs to be able to meet.

As we know under Rule 37(e), if the Court finds that electronically stored information should have been
preserved in anticipation or conduct of litigation, or it’s lost because a party failed to take reasonable steps to preserve it, it cannot be restored or replaced through additional discovery, the Court can, upon
finding of prejudice to another party, can order measures to cure the prejudice, or only upon a finding that the party acted with the intent to deprive another party of the information used in litigation may presume that the information lost was unfavorable to the party, instruct the jury that it may or must presume the information was unfavorable to the party, (i.e. an adverse inference instruction), or finally dismiss the action or enter a default judgment.

That’s what Section E and Rule 37 lays out for us. Those are the elements that the plaintiffs need to meet in order to be successful in their motion for sanctions.

In looking at that section of the rule, the Court also cites some additional authority that I think is useful for us here. The Court looks specifically at the advisory committee notes and issues this quote:

The Advisory Committee notes on Section (e)(2) of the new rule makes clear that the new rule rejects cases that authorize the giving of adverse inference instructions on a finding of mere negligence.

The Court also notes that litigants in the Second Circuit who are seeking sanctions under Rule 37(e)(2) now have the burden of proving that intent to deprive rather than ordinary or gross negligence, and that the burden is on the party seeking sanctions to prove the elements of a spoliation claim by a preponderance of the evidence.

Those are all key points in a follow up when you’re writing your motions for sanctions that you want to
include all of those aspects as well for the Court to be considering. That really just tells you the height of
the bar with regard to intent to deprive. We’re not talking about mere negligence. We’re not talking about gross negligence, even, which is the highest standard when it comes to negligence. No negligence is going to meet the intent to deprive standard. As we’ve talked about on Case of the Week, typically to meet that intent to deprive, you need physical actions taken to destroy data, knowing that it will be keeping it from the other side.

The Court then looks at the elements of Rule 37(e) and holds pretty perfunctorily, I’ll say, that the plaintiff really fails to show the intent to deprive by the preponderance of the evidence that’s required to justify an adverse inference sanction here. The Court really looks at three points that support its assessment.

First, it talks about the fact that Mr. Tsai was very involved in the development of defendant’s products
and that he used certain retained documents allegedly embodying unspecified trade secrets during that
period. Second, that Tsai deleted plaintiff’s files from the QnP drive after transferring them to the USB
drive. Third, that Tsai reset his personal iMac, thus preventing recovery of the file metadata on that device and preventing the plaintiffs from knowing the true extent to which he had accessed those retained files.

The Court found that even with those elements present, the inference of intent was really not supported
by the facts, and that there was no ability to infer that the defendant instructed Tsai to delete the
metadata, which is what the Court believes would have been required for the intent to deprive. Along those lines, the Court found that the plaintiffs really ignore that the defendant took multiple steps,
including company wide and personal legal holds, to preserve documents and metadata. Also, that the
spoliation took place after the defendant had learned of the retained documents on Tsai’s personal devices, and the defendant had then instructed Tsai to preserve and immediately notified plaintiffs.

Really, the issue comes down to, should someone have supervised Tsai with regard to the actions that he took on the data. I think that’s something we’ll discuss in the takeaways.

The Court also noted that there was no evidence that the actions that were taken by Mr. Tsai were at the
instruction of the defendant. Instead, Mr. Tsai testified that he transferred and deleted the files on his own initiative, without direction from either party. The Court really comes to this conclusion:

Plaintiff’s evidence is too tenuous to find that it more likely than not that defendant took any action with respect to the file metadata other than preservation, much less that defendant acted with the intent to deprive plaintiffs of that information. An adverse inference is unwarranted.

The Court was also unswayed by the plaintiff’s argument that the defendant should have identified Mr.
Tsai as a potential custodian at the outset of the matter and inventory his personal devices. The Court
found that that argument was unconvincing because the defendant did issue a legal hold for Mr. Tsai and that all other defense employees at the outset of the case, nobody had any inkling of the retained
documents, and both parties agreed that they would not search personal devices for discoverable
information.

I think that this is a key quote for purposes of those of you defending sanctions motions with similar
conduct from the defense here and this one’s from the Court:

Viewed without the benefit of hindsight, defendant’s actions are consistent with the normal discovery process and complex civil litigation in which general document and holds are imposed on party employees, and then a huge number of attorney hours are expended, reviewing millions of documents from dozens of custodians. Defendant’s conduct was reasonable and consistent with its discovery obligations and does not show negligence, much less any intent to deprive plaintiffs of discoverable information.

That’s really a standard to take away in terms of drafting your motions, to use the language from this
decision and other persuasive decisions from your jurisdiction with that similar sort of step by step
analysis under Rule 37(e).

Finally, the Court rejected plaintiff’s last argument, which was a position that they were entitled to
information retained on Mr. Tsai’s personal drives and iMac as, “Courts have repeatedly found that
employers have control over their employees and can be required to produce documents in their
employees possession.” The Court acknowledged that that statement is true, and that’s one that becomes a big sticking point with a lot of chief legal officers is that they believe they don’t have control over their plantiff’s personal information and that is not correct.

The Court acknowledged that while its statement is true, the parties really obviated that position by
agreeing not to ask their employees to search their personal devices for ESI in the ordinary course. When plantiffs failed to object to that practice or move to compel production of that information during discovery, they shot themselves in the foot with regard to that argument before the Court.

What are our takeaways? Well, we’ve got a few here, because this is a theft of trade secrets case,
and those of us who get into eDiscovery on a regular basis know that the very first element of finding
information to support a theft of trade secrets claim is looking at the personal devices of former
employees who may have taken information. That does not necessarily have to start with the actual
personal devices of those employees.

The network at the plaintiff here would have shown the activity that was engaged in by these former employees to be able to download information. Usually a date range search around an employee’s departure and activity on audit and content logs for various applications will show you that information, and that will give you a sufficient basis to seek to compel a review of a personal device.

In this instance, Mr. Tsai still had all of that information eight years later, so it would have been pretty
much a no brainer. The real breakdown here became that no one supervised Mr. Tsai in the actual
process of what he should do to transfer that data and what actions or inactions as is the case here,
should have been taken on the data once he made that copy.

We’ve got kind of a double edged sword in terms of breakdown. The plaintiffs needed to be more
forthright in thinking here about identifying information from personal devices, and the defendants could have supervised this process for Mr. Tsai better, or the plaintiffs could have provided a written step by step process for Mr. Tsai to follow. That’s also something that we’ve seen in litigation numerous times in theft trade secret cases.

You need to instruct the witnesses on exactly what steps are to be taken with dealing with data.
Obviously, Mr. Tsai is a custodian who seems pretty technologically proficient and was able to take the
steps that were needed. But he took additional steps that caused the destruction of information that
should have been preserved.

Now, decisions like this to avoid personal devices are very dangerous, specifically in theft of trade
secret cases or in IP cases. In more and more cases, we are finding that personal devices are
implicated, whether that’s just cell phones, whether it’s iPads, whether it’s other mobile devices because of the transfer of information and the use of apps to access information, we’re finding that a lot of times information does need to be collected from personal devices.

Take that in hand. There are ways to instruct your employees on communication for corporate purposes
that would not implicate their personal devices in the situation of litigation, but it requires thoughtful
planning and practice.

Rule 37(e) on failure to preserve, continues to be a high bar to meet for crippling sanctions because of that intent to deprive standard, know that going in. It really feels like in this particular case that there’s more the plaintiffs could have done to set up the sanctions motion, and that’s going to take us back to one of our other tenants here on #CaseoftheWeek, which is plan, plan, plan. You’ve got to get that discovery in early. You’ve got to understand the decisions that are being made by the other side, and you’ve got to think thoughtfully about what those decisions are and the impact that they’re going to have on your case going forward. The potential for getting caught up in the hamster wheel of discovery and moving things forward and we don’t learn a lot of these things until we sit down to try and prepare for a deposition and realize we don’t have all the data that we need. You’ve got to be more proactive, got to think constructively about what you’re going to do going forward and get a team in place that allows you to handle the data that you need quickly and efficiently so that you can be prepared not only to handle the depositions and discovery going forward in the case, but to be able to respond to the decisions being made by producing parties.

All right, that’s our #CaseoftheWeek for this week. Thank you so much for joining me.

We’ll be back again next week with another decision from our eDiscovery Assistant database. If you are an ACEDS member and interested in using the eDiscovery Assistant platform to study for your ACEDS exam, there is a trial available for you. You can access through the ACEDS portal. If you are not an ACEDS user but interested in trying out eDiscovery Assistant, you can reach out to us at support@eDiscoveryAssistant.com if you’re looking at exploring a platform for your organization on a wider basis.

Thanks so much. Talk to you soon. Bye.


Watch Next Episode Live

#CaseoftheWeek streams live on the ACEDS YouTubeFacebookTwitter, and LinkedIn company pages. Subscribe to the ACEDS social channels to be notified when we go live.

Catch the Replay

You’ll be able to read episode summaries and watch the recorded show right here on the eDiscovery Assistant blog or access the recorded versions on our Vimeo channel.

Privacy Settings
We use cookies to enhance your experience while using our website. If you are using our Services via a browser you can restrict, block or remove cookies through your web browser settings. We also use content and scripts from third parties that may use tracking technologies. You can selectively provide your consent below to allow such third party embeds. For complete information about the cookies we use, data we collect and how we process them, please check our Privacy Policy
Youtube
Consent to display content from Youtube
Vimeo
Consent to display content from Vimeo
Google Maps
Consent to display content from Google
Spotify
Consent to display content from Spotify
Sound Cloud
Consent to display content from Sound