Skip to content

E-Discovery

Failure to Obtain Access to an Employee Device Falls Short of Spoliation

OL Private Counsel, LLC v. Olson, (D. Utah May 3, 2024)

Why This Case Is Important

While the courts have explored the issue of parties’ control over ESI stored on former employees’ devices (in this case a smartphone), this ruling makes it clear that failure to obtain password access to a phone does not constitute spoliation of data.

Overview

In this case, the plaintiff alleged that a former employee, the defendant, took and shared confidential client information with a third party, Timothy Akarapanich, through the Telegram messaging app. Defendant requested discovery of Akarapanich’s smartphone, but the Plaintiff did not have its password and therefore could not access ESI stored on the phone.

Defendant filed a motion for sanctions against the plaintiff, requesting dismissal of the case, on the basis that the plaintiff had taken possession of the phone (albeit without its password) and “willfully facilitated the loss of key data from Mr. Akarapanich’s telephone and cloud storage,” including personal data that Akarapanich told the plaintiff he wanted to delete from the phone.

Plaintiff argued that it had not anticipated litigation around Akarapanich’s receipt of confidential information, and did not have a duty to preserve either cloud storage data or a password, because both were in Akarapanich’s control when the data was deleted. An ESI vendor was unable to perform a complete collection of ESI from the phone because it did not have the password.

Ruling

  • Definition of Spoliation. The court’s ruling defined the nature of spoliation as the “destruction or significant alteration of evidence, or the failure to preserve property for another’s use as evidence in pending or reasonably foreseeable litigation.” Absent a duty to preserve ESI, spoliation cannot occur. Additionally, the courts “may order measures no greater than necessary to cure the prejudice,” and dismissal as a result of spoliation demands a finding of intent to deprive.
  • Plaintiff’s Duty to Preserve. The court rejected the plaintiff’s assertion that it did not anticipate litigation, and found that the plaintiff had a duty to preserve the phone and associated cloud data. Once the plaintiff took “sole possession of Mr. Akarapanich’s phone… gaining sole and complete control over the phone,” the duty to preserve—including the password—came into effect, because plaintiff “knew litigation was likely and the phone’s data was relevant to it.” 
  • Dismissal Rejected, but Further Production Required. Part of the decision to impose a severe sanction like dismissal is an evaluation of “whether the ESI which [Plaintiff] should have preserved can be restored or replaced through additional discovery.” The key, in this case, is the recovery of the phone’s password. The court found “no question” that this obligation fell on plaintiff, and that plaintiff may have “the ability to influence or request Mr. Akarapanich to provide the phone’s password.” The order required plaintiff to produce the phone, the password, and the full data copy of the phone to the ESI vendor. 

When a party (here, plaintiff) obtains the cellphone of a former employee at the time it reasonably anticipates litigation, it also has a duty to obtain and preserve the phone’s password. And although the court only refers to the password for the phone, I suggest it also should obtain the password for applications on the phone. But the court denies sanctions, without prejudice, and requires plaintiff to try to obtain the password for the phone.

Hon. Andrew Peck (ret.), Senior Counsel, DLA Piper

Case Law Tip

Unsure about the Uniform Spoliation Standard? Exterro has produced an infographic that can help you determine if sanctions might apply. Download it today!

Ready to Get Started?

Get an Exterro data risk management platform demo today.

Get a Demo