In a business divorce, the Plaintiffs received a litigation hold notice from the Defendants. The Plaintiffs then secretly copied computer files from the Defendants’ data center in Oakland, California through their virtual private network (VPN) connection to the data center. Joseph Oat Holdings, Inc. v. RCM Digesters, Inc., 665 F. Supp. 2d 448, 452 (D.N.J. 2009).
Here is a quick take away: This was a bad idea. Don’t play spy as your litigation hold strategy.
Even though the Plaintiffs dodged some violations, secretly copying data from a party as a preservation procedure is riddled with risk.
The Plaintiffs’ actions erupted with in-depth analysis on whether the California Computer Data Access and Fraud Act was violated by this “litigation hold” tactic. Joseph Oat Holdings, Inc., at *451.
While there are other points of law at issue in this detailed opinion shortly addressing conversion, Federal and New Jersey law, this article will focus on the California Computer Data Access and Fraud Act analysis.
The Facts & Procedural History: A Litigation Hold Too Far
Two business partners in the biological sciences industry decided to end their business relationship after 18 “stormy” months. Joseph Oat Holdings, Inc. at *451.
Many of the files were created after the parties ended their joint venture. Id.
The data was accessed after the Plaintiffs had a right to do so, because the property rights had reverted to the Defendants. Joseph Oat Holdings, Inc. at *455.
There was evidence the Plaintiffs also deleted files and changed administrative passwords. Joseph Oat Holdings, Inc. at *455.
The Plaintiffs named their data acquisition project the “Information Copy Project.” Joseph Oat Holdings, Inc. at *454. They were able to keep the project secret for a year. Id.
The Plaintiffs’ computers had desktop shortcuts to the “Information Copy Project” files, allowing quick access to the electronically stored information. Joseph Oat Holdings, Inc. at *454-455.
The Plaintiffs claimed they were just preserving electronically stored information and had permission to do so because the Defendants sent a “litigation hold.” As such, they did not violate the California Computer Data Access and Fraud Act (or other laws) for their “preservation” actions. Joseph Oat Holdings, Inc. at *455.
And with that, the “litigation hold” defense to secretly accessing and copying a data center was born.
The Defendants referred to the Plaintiffs’ preservation actions as an “after-the-fact concoction to justify their illegal actions.” Joseph Oat Holdings, Inc. at *452.
The Magistrate Judge found that the Plaintiffs’ secretive conduct in discovery was “troubling,” however, found that the data was copied to seek a business advantage, not a litigation advantage. Joseph Oat Holdings, Inc. at *453. As such, the proper remedy was for the Plaintiffs to pay the Defendants’ costs, but not attorneys’ fees. Id.
Dueling Summary Judgments
The District Court addressed the data acquisition issues in the parties’ dueling motions for partial summary judgment.
The Defendants went on the offensive in their partial summary judgment motion, arguing the Plaintiffs violated the California Computer Data Access and Fraud Act. The key issue was whether the Plaintiffs “knowingly and without permission accessed, and/or copied, and/or deleted defendants’ computer files.” Joseph Oat Holdings, Inc. at *454.
The California Computer Data Access and Fraud Act (California Penal Code § 502), states in relevant part:
[A]ny person who commits any of the following acts is guilty of a public offense:
(1) Knowingly accesses and without permission alters, damages, deletes, destroys, or otherwise uses any data, computer, computer system, or computer network in order to either (A) devise or execute any scheme or artifice to defraud, deceive, or extort, or (B) wrongfully control or obtain money, property, or data.
(2) Knowingly accesses and without permission takes, copies, or makes use of any data from a computer, computer system, or computer network, or takes or copies any supporting documentation, whether existing or residing internal or external to a computer, computer system, or computer network. ..
(4) Knowingly accesses and without permission adds, alters, damages, deletes, or destroys any data, computer software, or computer programs which reside or exist internal or external to a computer, computer system, or computer network. . . .
(6) Knowingly and without permission provides or assists in providing a means of accessing a computer, computer system, or computer network in violation of this section.
(7) Knowingly and without permission accesses or causes to be accessed any computer, computer system, or computer network.
Joseph Oat Holdings, Inc. at *454.
The Plaintiffs’ key defense was that they had “permission” to access the data because of the litigation hold letter from the Defendants to preserve “…all recorded information…” Joseph Oat Holdings, Inc. at *455.
The Plaintiffs further argued they were motivated to preserve the electronically stored information out of fear the Defendants would “recklessly destroy electronic information by attempting to unilaterally sever the joint system,” thus they “began to make a backup copy of the data that was on the joint server in Oakland.” Joseph Oat Holdings, Inc. at *455.
The Plaintiffs mounted a “should have expected” argument, claiming that since the Defendants’ attorneys knew there was an active VPN connect, the defense attorneys “should have expected” the Plaintiffs to copy the data. Id.
No “Litigation Hold” Shield
There is no “litigation hold” defense shield for secretively copying data. The Plaintiffs’ arguments were rejected twice by the Magistrate Judge and by the District Court. Joseph Oat Holdings, Inc. at *455.
The Court noted that the Plaintiffs maintained desktop shortcuts to the files, which severely undercut any notion of preservation. Joseph Oat Holdings, Inc. at *455-456. Preserving data requires it is being saved and unaltered for litigation. The very fact there were desktop shortcuts on the Plaintiffs’ computers highlighted the data could be accessed and used by a party. That is simply not preservation for litigation.
As the Court explained:
The duty to preserve evidence for litigation is just that–for preservation of documents as they existed at the commencement of litigation. Further, that duty is to preserve one’s own documents. It is not to serve as a method by which to create an accessible database of an adversary’s proprietary information.
Joseph Oat Holdings, Inc. at *456.
The Court further stated that a preservation letter from an opposing party does not give “a party carte blanche authority to secretively copy computer files located on the adversary’s computer server.” Joseph Oat Holdings, Inc. at *456.
The Court went on to explain that if there truly was a fear of the destruction of evidence, the Plaintiffs should have sought relief from the Court, most logically in the form of a preservation order on a expedited basis. Joseph Oat Holdings, Inc. at *456. Since the lawsuit was already underway and the offending party was the Plaintiff, they had the means and ability to seek judicial relief from the Court. Id.
No Litigation Privilege Protection
The Plaintiffs claimed their conduct in copying the data in secret was protected by the litigation privilege. Joseph Oat Holdings, Inc. at *456.
The Litigation Privilege protects attorneys and litigations with an “absolute privilege to statements or communications made…in the course of judicial and quasi-judicial proceedings.” Joseph Oat Holdings, Inc. at *456, FN 5.
The Plaintiffs argued that Litigation Privilege protected them for their secretive data copying, because, “[c]ommon sense and fairness dictate that a litigant should be permitted to discharge their e-discovery duties without the fear of being subjected to additional causes of action.” Joseph Oat Holdings, Inc. at *456.
The short answer is “NO” to this argument. As the Plaintiffs’ actions were found not to be done for litigation purposes, the litigation privilege was not applicable. Joseph Oat Holdings, Inc. at *457.
One probably can argue data preservation is not a communication made in the course of a judicial proceeding and would further be inapplicable on those grounds.
The California Computer Data Access and Fraud Act
The Court held the Plaintiffs violated the California Computer Data Access and Fraud Act. Joseph Oat Holdings, Inc. at *457.
The Court held that the “unauthorized copying of a competitor’s proprietary information was ‘wrongful’ as defined by the statute and the California legislature,” pursuant to subsection (1) of the Computer Data Access and Fraud Act. Joseph Oat Holdings, Inc. at *458.
The Court found that after the end of the joint venture that “no rational factfinder could conclude that plaintiffs had permission to copy the files of a completely separate and unrelated entity, and particularly a competitor,” pursuant to subsection (2) of the statute. Joseph Oat Holdings, Inc. at *458.
The Defendants’ Relief for Violation of the California Computer Data Access and Fraud Act
The Court ordered the Plaintiffs to return all copies of the data after the ending of their joint venture. The Plaintiffs were also barred from using the data “in any manner.” Joseph Oat Holdings, Inc. at *460. However, there was no injunction issued for the “pre-divorce” data. Id. This data had been produced in discovery by the Defendants to the Plaintiffs. Id.
Bow Tie Thoughts
When it comes to the preservation of evidence, here are some basic actions:
- Send a written litigation hold to your client once litigation is reasonably anticipated.
- Discuss with your client possible data storage locations that can be subject to the law suit.
- Send a preservation letter to your opponent.
- Discuss at a meet and confer the preservation of electronically stored information, including custodians and data locations.
- If at any point there is a real threat that the opposing party’s data will be lost, seek the Court’s assistance for a preservation order or a temporary restraining order to cease the actions threatening the loss of electronically stored information. Due to the transitory nature of some data, an expedited order might be necessary.
The temptation to play spy and secretly copy your adversary’s data is fraught with risk. There are different Federal and State laws that prohibit the unauthorized access of computer systems. There is no “litigation hold” exception to these laws and it is doubtful that a colorable argument can be made with the “litigation privilege” to usurp these data protection laws. More importantly, a lawyer has an ethical duty not to advise a client on how to commit a crime.
The moral of the story is simple: If there is truly the risk of data destruction, seek the help of the Court.
Josh Gilliland is a California attorney who focuses his practice on eDiscovery. Josh is the co-creator of The Legal Geeks, which has made the ABA Journal Top Blawg 100 Blawg from 2013 to 2016, the Web 100 from 2017 to 2018, and was nominated for Best Podcast for the 2015 Geekie Awards. Josh has presented at legal conferences and comic book conventions across the United States. He also ties a mean bow tie.