A 1L’s Early “Discovery” of What Not To Do
Lessons Learned about Electronic Preservation of Relevant Data for Reasonably Anticipated Litigation
By Frank Gonnello, Jr.
Peskoff v. Faber, 251 F.R.D. 59 (D.D.C. 2008)
Employee Implicated: Owner/Executive
eLesson Learned: Make all reasonable efforts to preserve relevant data for pending or reasonably anticipated litigation, and if you can’t, be prepared to explain why. This includes having a data management protocol in place for managing the routine maintenance and deletion of data, stopping automated maintenance mechanisms and hiring experts to handle the preservation of relevant data at first notice of potential litigation, and performing a thorough search of discoverable data on the first attempt.
I’m only a semester into law school. In fact, I haven’t even received a grade yet. But I can still tell when a client has destroyed all hope of winning his or her case. In the civil action of Peskoff v. Faber, the defendant shot himself in the foot with the starting gun.
Despite only having taken a few classes in the subject of law, while reviewing Peskoff, I felt like a learned attorney that even wise ol’ Professor Sullivan would be proud to call a former pupil. The facts of the case are simple to understand: Partner A (Peskoff) of a venture capital fund sued Partner B (Faber) because he had reason to believe that Partner B was fraudulently siphoning money into B’s own holdings company and, effectively, into B’s pocket. After the complaint was filed on March 31, 2004, and in accordance with the Federal Rules of Civil Procedure and a motion to compel discovery granted by Magistrate Judge John M. Facciola, Partner B was obligated to produce any email records to, from, and relating to Partner A that were in B’s possession and were accessible. In addition, the court told Partner B exactly where to search for the relevant data amongst the collection of data that B had or should have had available:
- Partner A’s Hard Drive (from an archived backup)
- Partner A’s Email Account
- Other Email Accounts
- Slack Space* on A’s Computer
- Back-up Tapes on the Leased Back-up Server
* - Slack space of a computer’s hard drive consists of unwritten parts of partially written sections of the disc. Hard drives record data in predefined-sized sections known as blocks or clusters, and frequently, computer forensic technicians can recover data which has only been partially overwritten in these blocks.
Partner B opted to produce the archived hard drive, without any preliminary search of relevant data, as well as an Outlook archive file of Partner A’s email account form. The problem with this file, however, was that there was an unexplained absence of any emails between mid-2001 to mid-2003. There were, however, emails contained in the archive dated prior to and well after the mysterious gap in communications.
Seem odd, to you? Judge Facciola thought so, too.
Upon request of the court, Partner B submitted an (inadequate) explanation of the inaccessibility of further email records and a denial of inconsistent production. B made no mention of any attempts to recover data from the other three previously suggested sources. Judge Facciola reasoned that electronic forensic investigation was now the only way to obtain the relevant data which Partner A has shown to be “reasonably calculated to lead to the discovery of admissible evidence,” (Federal Rules of Civil Procedure Rule 26(b)(1)) and Partner B’s inaction seemingly affirms.
After a joint bid by the parties as to the lowest cost of a forensic investigation, the parties agreed to a price tag of $33,000, and to no one’s surprise, disagreed on who would foot the bill. Judge Facciola concluded that to impose the costs of the extensive discovery on Partner B would not be undue or offend justice, since the mistakes of Partner B were the very reasons for which an extensive investigation was made necessary.
But to say that Partner B was punished for laziness and inadequacy would be an understatement, and would grossly overlook the lessons to be learned from Peskoff v. Faber. This case will probably never be discussed as a malpractice suit; likewise, its significance does not arise out of the seemingly fraudulent withholding of information by a guilty defendant.
The lessons to learn are applicable to a much wider audience, and they’re of utmost importance to today’s employers and employees:
Make all reasonable efforts to preserve relevant data for pending or reasonably anticipated litigation, and if you can’t, be prepared to explain why.
Employers today have to be prepared for any reasonably anticipated litigation. This usually means keeping information around for a while. As the usage and storage of electronic documents becomes more commonplace, the preservation and future discovery of data becomes much easier. Today, most employers in businesses that rely on data communications and computer software have networking systems, scheduled back-ups and either leased or privately owned back-up servers.
Faber, Partner B, had leased back-up servers from a third party. However, as the data grows over time, so do costs. This leads us to Faber’s first mistake. Faber’s back-up system had an automated maintenance function, which would delete data older than fourteen days. When Faber initially received notice of litigation by Peskoff, he did not disable the automated maintenance. Under Federal Rule 37 (advisory committee’s notes (2006)), parties under a duty to preserve electronic information relevant to reasonably anticipated litigation are obligated to intervene in automated operations of information systems. And more importantly, under Some Rule of Common Sense (2009), a defendant who hopes to prove his or her innocence should make sure not to destroy evidence that favors the defendant’s position.
Another mistake that Faber made, that must not be overlooked, is that only expert technicians should extract and handle the data being preserved, from the very start. To this day, the reasons for incomplete email records in the Outlook archive (as well as previously produced, unreadable files by Faber to Peskoff) are unknown. While some inferences can be made that foul play was the cause, it is just as likely that an inexperienced employee exported the data to an improper format. The burden of hiring a technician to create a collection of relevant data from any available back-up mediums following the anticipation of litigation far outweighs the hefty price of hiring one later to run forensic analysis on the hardware potentially yielding nothing.
Also, just as technology giveth easy storage of electronic documents, technology taketh away. Deletion of electronic data is incredibly easy, whether intentional or not, and the storage mediums themselves can be quite fragile. The spilling of your company IT guy’s Mountain Dew can potentially cause the same destruction as a fire at your company’s headquarters. It is important to back up litigation-relevant data into multiple physical locations and keep them secure. Doing so is the only way to ensure the preservation of data over the course of what can be a very lengthy litigation.
Finally, what I truly believe to be the single most important lesson to extract from Peskoff is that having a well documented data management plan and sticking to it is critical to a smooth and successful litigation process. Had Faber presented to Judge Facciola a well drafted data management plan from 2000 regarding the deletion of old emails, recycling of back-up tapes, and other details explaining the discrepancies and absences in his production, he would have preserved his credibility and may have even avoided being compelled to produce the information he claimed was no longer in existence.
Employers and employees should realize that following a well-documented data management protocol is the best way to back-up credibility when managing electronic data. It also ensures a speedy and convenient trial unit for all parties involved when data needs to be searched and reproduced. Like in Peskoff, such plans can often save a case, or greatly reduce discovery costs.
At the very least, it will prevent first-year law students from making a bad example out of you.
Frank is a Computer Science graduate of Seton Hall University and first-year law student at Seton Hall’s School of Law. His aspirations include a career in corporate law, contracts, and intellectual property.
e-Lessons Learned Disclaimer:
The opinions expressed by bloggers and those providing comments are theirs alone, are provided solely for informational purposes, and do not necessarily reflect the opinions of e-Lessons Learned. We are not responsible for the accuracy of any of the information supplied herein and are not liable for any errors or omissions in this information, or any losses, injuries, or damages arising from its display or use. By using this blog site you understand that there is no attorney client relationship and it should not be used as a substitute for competent legal advice from a licensed professional attorney in your state.
Filed under Case Law, Community, Home Page Latest, Law & Technology, e-Lessons Learned.
January 14th, 2009 at 6:18 am
Well Done observation…you brought out very astute facts…you will be an amazing attorney..keep up the good work.
January 16th, 2009 at 9:59 am
From a fellow 1L, I found this article both insightful and well-done. Faber makes one of the classic mistakes of civil litigation, whether intentional or not, which is not producing the documents the court tells you to produce. If Faber thought he could surreptitiously hide material from the court, it was a poorly played move. However, having a poor data management protocol would cost him just as dearly. Whatever his reason for not providing the requested documents, the author duly points out the consequences: “be ready to explain why.”
January 18th, 2009 at 12:39 pm
Good article Frank. If, as you said in your example, your company’s IT guy were to destroy all of your evidence by spilling his drink on your computer, what can you do legally? Are you just out of luck? That’s a gray area that interests me. I assume that this Faber mistake is more common than not, like you said.
Another thing that interests me — and this question may be more out of ignorance about computers than the law — is how a court can know, with absolute certainty, that e-mail records were not tampered with by the one providing them to the court? In this case, if it were not for Facciola’s suspicion, would it have been left up to the attorneys to blow the whistle on the absence of e-mails from ‘01 to ‘03?
Overall really unique case, and good read.
January 19th, 2009 at 7:39 pm
Nick,
As I indicated in the article, I’m only a 1L, so I’m not 100% sure if my responses are correct (note disclaimer above). Anyway, to the best of my knowledge, if the “company computer guy” spilled a drink on your evidence, you’d have a couple of options.
If it happened before any notice of litigation as a complete accident, you could probably only sue him for the damages of the property. Using the parties from the Peskoff case as an example, when it comes to the trial, Faber would just have to say what happened. He wouldn’t have to produce the data (since it’s no longer possible), but Peskoff could just make a case that everything incriminating is on the data. It would come down to a jury determination; Peskoff would need to show, by a preponderance of the evidence, that he’s telling the truth.
If it happened after notice of litigation, there may be a possibility for Faber to file a separate action against the IT guy for destruction of evidence for pending litigation (known as spoliation). At the trial stage, it would again be a jury determination of whose argument is stronger since the evidence is gone, regardless.
As for your other question about determining the validity of the records produced, Peskoff would have to assert claims that the evidence produced was tampered with through affidavit to the judge (including facts about digital signatures, timestamps and other electronic forensics info), and the judge would make the determination viewing the facts in a light most favorable to the opposing party (Faber). If the judge finds that more accurate data is available, he can compel production. If the data is no longer available in its un-tampered state, Faber could be found to have committed the tort of spoliation and/or sanctions may be issued. If the judge is not convinced that foul-play occurred, the jury decides the truth again.
Hopefully this whitens some of the grey areas for you.
January 22nd, 2009 at 2:45 pm
Frank….great piece! In todays e-world, wouldn’t you say that Partner A was a little naive in not having backup data stored elsewhere? It is hard to believe that anyone who has any knowledge of computers, ever experienced a computer ‘crash’, or uses a computer in their business environment could still be naive enough to think that nothing could ever happen to the data. Hasn’t anyone ever heard of Murphy’s Law? I’m sure Partner A learned a hard lesson from all this.
Thanks for a good article!