Court glances past issue of lost passwords for protected documents

Hands typing in a password on a keyboard with painted nails

Equal Emp’t Opportunity Comm’n v. Performance Food Grp.

No. CCB-13-1712 (D. Md. Mar. 6, 2019)

In this employment discrimination case, the court denied the plaintiff’s motions for sanctions involving both paper records and ESI. It found that the plaintiff failed to establish that the defendant spoliated any emails and failed to support its argument for preclusion of internal complaint evidence. The plaintiff also raised an interesting issue regarding preservation of passwords, but it did not fully argue that point.

This case involves an allegation by the Equal Employment Opportunity Commission (“the EEOC”) that defendant Performance Food Group, Inc. (“PFG”) discriminated against employees on the basis of their sex. In 2007, the EEOC notified PFG by letter that it was investigating “potential sex discrimination in hiring, discharge, promotion, and compensation” at all PFG facilities. The EEOC filed this lawsuit in 2013, claiming that PFG had “maintained … a standard operating procedure of discriminating against females” since 2004. The EEOC argued that PFG spoliated two categories of ESI: the emails of 19 custodians and “documents related to internal complaints of gender hostility or discrimination.” As a threshold issue, the court considered which version of Federal Rule of Civil Procedure 37(e) it should apply.

The plaintiff argued that the court should apply the pre-amendment version, since the conduct at issue occurred prior to the 2015 amendments. The defendant argued that it would be “just and practicable” to use the amended version, as the plaintiff’s motion had been filed long after the amendments. The court took a pass on this question, noting that “[u]nder either standard, as a threshold issue, the court must find that there was a destruction of evidence that the party had a duty to preserve.”

Since the court concluded that there had been no spoliation of emails, it did not need to know which sanctions might apply; as to the internal complaint documents, it concluded that the remedy sought would be premature. Regarding the emails, the EEOC claimed that PFG did not implement an “appropriate” legal hold, violating its duty to preserve relevant ESI. It pointed to PFG’s “meager overall email production” as proof that it had not adequately preserved evidence. PFG responded that it had “produced all relevant, responsive, and nonprivileged documents” it found in its search. That search was limited by agreement; the parties’ ESI protocol did not require PFG to search every one of its 3,383 email backup tapes. Rather, PFG restored and searched approximately 25 percent of the tapes, in compliance with the protocol. The court rejected the EEOC’s assertion of spoliation as “mere speculation,” particularly since PFG properly restored only a “sample of its backup tapes.”

The court concluded that the EEOC “failed to meet its burden of establishing that [PFG] failed to preserve relevant emails” and thus denied sanctions for spoliation. The court devoted only one paragraph to the most novel portion of the opinion: the EEOC’s argument that PFG spoliated evidence when it “failed to preserve the passwords to 3,326 password-protected documents” associated with its produced emails. That brevity was due to the EEOC’s lack of argument. The EEOC only “briefly mention[ed]” that “it could not open” the password-protected documents. Unfortunately, it failed “to go into any greater detail regarding these documents,” and thus did not establish either their relevance or the extent of PFG’s duty to preserve the passwords. The court therefore did not consider the issue. Turning to the internal complaint documents, the EEOC again only “briefly” argued that PFG spoliated evidence of internal complaints of gender hostility or discrimination obtained through a third-party reporting hotline. The court noted that PFG was obligated to preserve these documents beginning in 2008, yet it produced only a single hotline summary document from 2012.

The court concluded that PFG failed to preserve the “additional ESI [that] should have existed regarding internal employee complaints.” Yet, again, the court did not have adequate information to determine the impact of that spoliation. The EEOC “largely focuse[d] its arguments on the alleged spoliation of custodian emails [] rather than the missing internal complaint documents.” Nor did the EEOC explain how it was prejudiced by the loss of internal complaint information. Tellingly, the court noted that the hotline served as a reservoir for all types of “anonymous employee complaints,” not just those of gender hostility or discrimination. More importantly, the court found that the EEOC’s proposed sanction of preclusion of evidence was inappropriate. The EEOC did “not provide any legal support for this blanket preclusion of evidence.” The court also found the request premature and inappropriate for resolution by the magistrate prior to trial. The court therefore denied the EEOC’s motions entirely.

Takeaways on Preserving Password-Protected Evidence

While the EEOC failed to fully argue this point, the issue of preserving passwords for encrypted documents is an interesting one. Bear in mind that documents that cannot be accessed due to the loss of their passwords could — if the arguments were made — reasonably be deemed to have been spoliated. When preserving discoverable evidence, give thought to how it can be accessed, particularly for custodians who may no longer be associated with the organization.

Wondering whether you’ve adequately preserved evidence? We’re here to help.

Contact Us