LITIGATION SUPPORT TIP OF THE NIGHT

On April 2, 2018, Magistrate Judge Robert Lehrburger issued a decision in World Trade Ctrs. Ass'n v. Port Auth. of N.Y. & N.J., 15 Civ. 7411 (LTS)(RWL), 2018 U.S. Dist. LEXIS 56894 (S.D.N.Y.) recommending that the defendant's motion for sanctions be denied. The Port Authority moved for sanctions for the spoliation of ESI and paper documents pursuant to FRCP 37 and on the basis of the court's inherent authority.

The WTC explained the loss of documentation as being the result of a consultant's decision to discard paper records; a change in email service providers; the washing of 25 computer drives; and the loss of data on a shared driver during the migration of data to a new server. The court cited the standard for a motion for sanctions stated in Chin v. Port Authority of New York & New Jersey, 685 F.3d 135, 162 (2d Cir. 2012):

1. The party must have an obligation to preserve data at the time it's destroyed.

2. The party must have a culpable state of mind.

3. A reasonable trier of fact would find that the destroyed evidence was relevant to a claim or defense.

The decision states that the failure of the WTCA to issue a litigation hold until September 2013 (the relevant time period being 2011 - 2014) did not mean that appropriate preservation measures were not implemented, or that sanctions should be imposed.

The court did not find that the consultant acted in bad faith or or discarded any relevant documents. Although she took her action prior to the litigation hold, she did receive instructions related to the trademark material at issue in the case. Although, the instructions to the consultant were oral, not written, Judge Lehrburger found that the WTCA acted negligently, but not in bad faith and was not gross negligent. He also found that the Port Authority's contention that the documents could have been warehoused at a fraction of the cost of the consultant's review was irrelevant.

Declarations submitted by the defendant in support of its contention that relevant documents were destroyed were found to be "conclusory and overly general". [Id. *28]. The declaration did not state the records had information relevant to the case.

Fed. R. Civ. P. 37(e)(2) requires that for sanctions to be imposed a finding must be made that "the party acted with the intent to deprive another party of the information's use in the litigation." The court noted that the Port Authority did not show any reason why a log or documentation would be required for the migration of data between systems, and so the absence of such a record did not indicate that relevant evidence was lost. The vendor that performed the migration also stated that its customers receive a backup of their email.

The mere existence of 'washed' hard drives, absent additional evidence, did not provide evidence of bad faith. "The fact that an entity like WTCA possessed blank or 'wiped' hard drives is not by itself indicative of any foul play." [Id. at 34].

The court also rejected the Port Authority' s contention that the WTCA failed to receive complete email archives from its vendor. "Again, the Port Authority distorts the record. WTCA counsel's letter makes clear that the deficient production was due to an error in the collection process, not because emails were missing or had been destroyed.(Ewing Letter at 1.) MindSHIFT rectified the error and produced all responsive documents on its servers." [Id. at 35].

On March 26, 2018, Judge Martin Reidinger issued a decision in Curry v. Schletter, 1:17-cv-0001-MR-DLH, 2018 U.S. Dist. LEXIS 49442 (W.D.N.C.). This case concerned a suit brought against a business by its former employees. The business required its employees to disclose personal identifying information as a condition of employment. The defendant was the victim of a scam it had notice of - the Business Email Compromise. The employees' 2015 W-2 tax information was sent to an authorized party in a phishing email attack.

Judge Reidinger noted Schletter, Inc.'s failure to provide its employees with training in cyber security and information transfer protocols. It did not follow best practices and industry standards concerning computer security. The plaintiffs were not informed of the data disclosure in a prompt manner or told the extent of the breach.

The court did not grant a motion to dismiss the plaintiffs' negligence and breach of implied contract, finding that both causes of action had been adequately stated. "At the heart of both causes of action is the Plaintiffs' assertion that the Defendant, as their employer, had a duty to safeguard and protect the confidential information provided by their employees. Whether such duty arose from the parties' employment contract or from other source remains to be determined from the facts and evidence to be presented." Id. at 10-11. It also declined to dismiss an invasion of privacy claim. "The Plaintiffs have sufficiently pled allegations to plausibly allege that the Defendant's actions would be highly offensive to the reasonable person, thus constituting an 'intrusion' necessary to sustain a claim for invasion of privacy under North Carolina law." Id. at 12-13.

The plaintiffs' breach of fiduciary claim was dismissed, because under North Carolina law such a duty does not arise in an employer/employee relationship.

The plaintiffs also brought causes of action under The Uniform Deceptive Trade Practice Act and the North Carolina Identity Theft Protection Act which bar the intentional disclosure by a business of social security numbers to the general public. The decision states that, "it is not implausible that the Defendant's actions in responding to this phishing scam effectively made the Plaintiffs' Social Security numbers 'available to the general public.'" Id. at 15-16.

Crucially Judge Reidinger declined to dismiss the UDTPA and NCITPA claims on the basis of the defendant's argument that its actions were not intentional. He drew a distinction between unintentional data breaches, and data disclosures:

"As the Plaintiffs cogently set out in their brief, this was not a case of a data breach, wherein a hacker infiltrated the Defendant's computer systems and stole the Plaintiffs' information, but rather was a case of data disclosure,wherein the Defendant intentionally responded to anemail request with an unencrypted file containing highly sensitive information regarding its current and formeremployees. Based on these allegations, the Plaintiffs have sufficiently alleged that the Defendant acted with the requisite intent in communicating this information." Id. at 16.

On March 23, 2018, in Farrell v. Lease Supervisors, 2018 U.S. Dist. LEXIS 48090 (N.D. Tex.), Judge Sidney Fitzwater denied the defendants motion to transfer a unpaid overtime Fair Labor Standards Act case from the Northern District of Texas to the Western District of Texas. The defendant conducts its business in Odessa, located in the Western District, and its manger resides there.

As part of his decision, Judge Fitzwater considered the plaintiff's argument that the ease of access to electronic data meant that the physical location of the defendant's records should not be considered, but still held that the location of electronic evidence in the Western District could still be a 'slight' factor weighing in favor of transfer. It noted the plaintiff's failure to identify any documentary evidence located in the Northern District. The opinion quotes, Smith's Consumer Prods.,Inc. v. Fortune Prods., Inc., "Although the technological convenience of ediscovery may diminish concerns associated with the location of evidence, it does not negate the significance of or eliminate consideration of this factor in a section 1404(a) transfer analysis." , 2015 WL 1037419, at *2 (N.D. Tex. Mar. 9, 2015) .

However the court found other private interest factors (the availability of compulsory process over witnesses; cost of attendance for witnesses; other practical problems) to not weigh significantly for or against transfer, and other public factors (avoiding a conflict of laws; the forum's familiarity with the law at issue; administrative concerns; local interest in the dispute) to either be negligible or unaddressed by the parties. So while the physical location of electronic data can help support a motion for transfer, it is apparently insufficient to support the motion by itself.