We are thrilled to present the following article by the esteemed Judge Bernice Donald and Ronald Hedges.
Judge Bernice B. Donald is a United States Circuit Judge of the United States Court of Appeals for the Sixth Circuit. She was appointed by President Barack Obama and confirmed by the Senate in 2011. She previously served for 15 years as a United States District Judge of the United States District Court for the Western District of Tennessee.
Ronald J. Hedges, J.D. is a Senior Counsel with Dentons US LLP. He served as a United States magistrate judge in the District of New Jersey for 21 years.
Acknowledgements: We would also like to extend a special thanks to Michael Brody, Judicial Law Clerk to the Hon. Bernice B. Donald, U.S. Court of Appeals for the Sixth Circuit for his assistance with this article.
Ephemeral Data: Issues, Analysis and Application under the Federal Rules
It’s late 2019. Zoom, Skype, and Microsoft Teams are luxuries of 21st century technology—allowing people from all over the world to connect with one another with an internet connection and a few simple clicks. Fast forward to today, and those platforms—in addition to many others—have become essential for business and professional services, with the bulk of the American professional business services workforce operating from home.
The implications of these accelerated workplace changes are wide-ranging, and businesses are quickly learning that taking advantage of these new technologies creates a great deal of responsibility with maintaining electronic information.
Virtual Meetings and Their Possible Content
Virtual meetings allow businesses to continue with “business as usual” to the extent that employees can still have regular consultations regarding business missions, assignments, and announcements. The main difference for employees now is that they can engage in these meetings from the comfort of their own home (so long as children at home aren’t running around driving them crazy), or anywhere else for that matter.
But with the increased flexibility that comes with these meetings come potential costs arising from privacy, security, and discoverability issues. While business records from in-person meetings may only consist of some scribbled notes, or, at best, a typed version of the minutes of the meeting, now those meetings can be recorded, archived, and stored away, reproduceable with just a few clicks.
Bigger organizations also must grapple with the added complications of “Shadow IT,” which—although it might have multiple definitions—seems to always include the management of multiple decentralized information systems operating simultaneously.
Not only can the businesses themselves record and archive these meetings, but individual employees may have the ability to record the meetings on their own personal devices. For example, Zoom allows virtual meeting participants to upload both audio and video records to file storage services like Dropbox or streaming services like YouTube. See, e.g., Zoom.
An individual employee’s power to harvest and control the data from these meetings—when in the past they would be limited to their own notes—presents myriad concerns that employers never dealt with in the past.
What is “Ephemeral” Information? How is it Different?
“Electronically stored information” (“ESI”) is discoverable and encompasses a broad range of potential electronic data. However, the Federal Rules of Civil Procedure (“Federal Rules” or “Rules”) do not define ESI precisely. In fact, the Rules acknowledge as much, with the Rules committee specifically stating that, “[t]he wide variety of computer systems currently in use, and the rapidity of technological change, counsel against a limiting or precise definition of electronically stored information.” See Rule 34 Advisory Committee Notes (2015).
The Rules do contemplate, however, that ESI includes data that is “stored in any medium from which information can be obtained either directly or, if necessary, after translation by the responding party into a reasonably usable form[.]” Rule 34(a)(1)(A) (emphasis added). Such information could include “writings, drawings, graphs, charts, photographs, sound recordings, images, and other data or data compilations[.]” Id.
Despite the amorphous definition, we know, by definition, that ESI must be “stored” somewhere.
It remains shrouded in mystery where “ephemeral” data fits within that definition. When we think of something as ephemeral, we think of something that is fleeting, short-lived, passing, or transitory. While an ephemeral event might be “stored” in our memory in the sense that we experienced it in a literal sense, the word itself begs more metaphorical and poetic thinking. For example, we might think of the “ephemeral” nature of a life-changing experience or the “ephemeral” quality of a rare waterfall at the bottom of a mountain range.
In the legal context, “ephemeral” data is likely to apply to various forms of modern communications, such as images and videos on Snapchat—which disappear within twenty-four hours of creation—or maybe talk-to-type audio recordings that quickly disappear after being sent via text message.
With the proliferation of electronic data, courts began using the “ephemeral” label to describe transitory data, meaning data that exists and is stored only briefly. Although the application of the Federal Rules to such data is scant at best at this point, we are likely only months, if not weeks away, from seeing our first round of discovery disputes pertaining to data stored during virtual meetings over the course of the pandemic.
The exact scope of whether ephemeral data is ESI and, hence, discoverable remains a work in progress. In one of the first decisions to address this issue, the U.S. District Court for the Central District of California held that random access memory (RAM) was considered ESI. In Columbia Pictures Indus. v. Bunnell, No. CV 06-1093FMCJCX, 2007 WL 2080419, at *5 (C.D. Cal. May 29, 2007), motion for rev. denied, (245 F.R.D. 443, 447-48), motion picture and television rights holders sued the operators of a website that facilitated the illegal online distribution of movies and videos.
The plaintiffs filed a motion to compel the production of the defendants’ server log data, which would provide the plaintiffs with data concerning the IP addresses of users who visited the website and what those users requested. The defendants argued that the server log did not constitute ESI under Rule 34 because the data within the server log was never stored on their website nor in any other tangible form from which it could be retrieved. Id. at *5.
Rather, because the server log data was stored on a third-party website, they argued that they did not control the data and that compelled production of the data would effectively require them to create a new record where it would have otherwise not existed.
The plaintiffs, on the other hand, argued that the log did constitute ESI because the data was copied to RAM. Id. The court relied on prior Ninth Circuit precedent—and other federal district courts—to conclude that “data in RAM constitutes electronically stored information under Rule 34.” It followed that because the log data was “transmitted through and temporarily stored in RAM[,]” it constituted ESI. Id. Further, the court explained that the data was ESI “because the Server Log Data already exist[ed], is temporarily stored in RAM, and is controlled by [the] defendants.” Id. at *6.
The key takeaway from Bunnell is that data sought in a discovery request must already be in existence. In other words, the question a court must ask in determining whether “ephemeral” data is discoverable is whether the party at the receiving end of the discovery request is being asked to create new data for purposes of creating a discoverable record.
If that is the only manner in which the party can obtain the relevant data sought after in the discovery request, then a motion to compel production might very well be denied. See, e.g., Colgan v. Dep’t of Justice, No. 14-CV-740 (TSC), 2020 WL 2043828, at *10 (D.D.C. Apr. 28, 2020) (denying motion to compel FBI records as part of FOIA request where doing so would require FBI to “open the software and create a screenshot, which would not otherwise exist from the last time the agency opened the software to search screen.”).
Preservation and Collection of Ephemeral Data
If content from a virtual meeting is to be ESI, that would trigger the content owner’s—in this case, a business using the new technology—duty to preserve the data.
Some basic background rules are necessary for any business to know before it runs wild with virtual meetings.
- Fed R. Civ. P. 26(b)(1) provides, in pertinent part, that “[p]arties may obtain discovery regarding any nonprivileged matter that is relevant to any party’s claim or defense and proportional to the needs of the case…” (emphasis added).
- Rule 34(a)(1) provides that a party can submit a discovery request to any other party in the case “to produce and permit the requesting party or its representative to inspect, copy, test, or sample” documents, ESI, or tangible items “in the responding party’s possession, custody, or control.”
- Rule 37(e) permits courts to issue sanctions “[if] electronically stored information that should have been preserved in the anticipation or conduct of litigation is lost because a party failed to take reasonable steps to preserve it, and it cannot be restored or replaced through additional discovery[.]”
Put together, these rules place potentially onerous restrictions on businesses who seek to avoid production of contents from virtual meetings.
Whether a duty to preserve arises is a fact-intensive inquiry, usually requiring some clear indicator that a lawsuit, or at minimum, legal dispute is imminent. There is no “require[ment] to preserve all evidence of  wrongdoing indefinitely.” John Wiley & Sons, Inc. v. Book Dog Books, LLC, 2015 WL 5769943, at *7 (S.D.N.Y. Oct. 2, 2015).
While events like 1) a litigation hold, 2) the filing of a complaint, or 3) a cease-and-desist order make for a rather clear triggering of the duty to preserve, the existence of the duty often turn on the use of “magic” words in which litigation must be “reasonably foreseeable.” See, e.g., Metrokan, Inc. v. Built NY, Inc., 2008 WL 4185865, at *5 (S.D.N.Y. Sept. 3, 2008) (email exchange between bag designer and principal of defendant that bags were “confusingly similar” created anticipation of trademark suit); Surowiec v. Capital Title Agency, Inc., 790 F. Supp. 2d 997, 1005-06 (D. Ariz. 2011) (letter from third party stating that plaintiff might sue created reasonable apprehension of suit); but compare John Wiley, 2015 WL 5769943 at *7 (no duty to preserve counterfeit books that were subject of lawsuit that was resolved, where it was not “reasonably foreseeable” that books would be subject of subsequent litigation) and Price v. Peerson, No. 13-3390, 2014 WL 12558253, at *8 (C.D. Cal. Apr. 23, 2014) (“That [nearly two year] delay, paired with the nebulous nature of Plaintiff’s letters of administrative complaint, deracinates Plaintiff’s contention that Defendant, the Department of Justice, or the USMS should have anticipated litigation as early as September 2011 ….”).
Ephemeral Data and Production – 34(b)
When a party receives a discovery request for documents or ESI, the Federal Rules impose certain obligations on the receiving party, requiring:
- that party to “produce documents as they are kept in the usual course of business or must organize and label them to correspond to the categories in the request.” Rule 34(b)(1)(E)(i).
- “If a request does not specify a form for producing electronically stored information, a party must produce it in a form or forms in which it is ordinarily maintained or in a reasonably usable form or forms.” Rule 34(b)(1)(E)(ii).
- “A party need not produce the same electronically stored information in more than one form.” Rule 34(b)(1)(E)(iii).
The shift to videoconferencing through virtual meetings will require businesses to set new internal policies for the organization of data, in the event that the meeting content becomes the subject of a discovery dispute.
Factors that businesses should consider include, but are not limited to, 1) how and where files are saved; 2) whether recordings are stored comprehensively or if individual audio/video/chat features are separated; 3) when files are deleted, if ever; 4) whether only managerial-level employees should have access to such files; and 5) what instructions, if any, has the business provided to employees who might be unaware that their personal devices contain discoverable content.
Businesses must also decide whether virtual meeting recordings will be saved—and thus accessible—through cloud computing. Zoom’s new end-to-end encryption feature might help businesses to self-regulate in this regard, because the added security of that feature—which is designed to prevent uninvited guests from intruding on a call—automatically prevents cloud recording, live transcriptions, and private chat. See link (last accessed October 28, 2020).
Even if the data sought from the recording is deemed “ephemeral” and potentially non-discoverable, a business might inadvertently transform the data into something discoverable by storing it on a third-party site.
Ephemeral Data and Spoliation – 37(e)
A monetary sanction is one of many possible sanctions that a federal court can impose for the spoliation of ESI. Rule 37(e) provides that a court, “upon finding prejudice to another party from loss of the information, may order measures no greater than necessary to cure the prejudice.”
If a court concludes “that the party acted with the intent to deprive another party of the information’s use in the litigation,” then the court may “presume that the lost information was unfavorable to the party, instruct the jury that it may or must presume the information was unfavorable to the party, or dismiss the action or enter a default judgment.” Rule 37(e).
Courts are reluctant to impose severe spoliation sanctions for the failure to preserve ESI unless there is some active effort on the part of the spoliating party to avoid production of the records. See Convolve, Inc. v. Compaq Computer Corp., 223 F.R.D. 152, 176-77 (S.D.N.Y. 2004) (denying sanctions for alleged spoliation of wave forms during a general litigation hold, explaining that, unlike e-mails, which have a “semi-permanent existence” and “are recoverable as active data until deleted,” and “ephemeral” data, which “exist[s] only until the tuning engineer makes the next adjustment.”); Healthcare Advocates, Inc. v. Harding, Earley, Follmer & Frailey, 497 F.Supp.2d 627, 641-42 (E.D. Pa. 2007) (denying sanctions even though party failed to preserve temporary cache files, explaining that cache files may have been emptied dozens of times before discovery request was issued); compare with Arista Records LLC v. Usenet.com, Inc., 608 F.Supp.2d 409, 438-39 (S.D.N.Y. 2009) (issuing sanctions for spoliation where defendant “took affirmative steps” to destroying potentially harmful data by removing incriminating webpages and ESI after commencement of litigation).
A very recent decision also suggests that a company’s transition from email to an ephemeral messaging platform can itself be sanctionable conduct. In WeRide Corp. v. Huang, 2020 WL 1967209, at *9 (N.D. Cal. Apr. 24, 2020), a case involving trade secrets, the plaintiff sought discovery sanctions against the defendants for failing to retain communications made using an ephemeral messaging platform DingTalk, which allows for messages that automatically delete after they have been sent and read.
After the plaintiff moved for a preliminary injunction, one of the defendants (a corporation) deleted some of its employee’s email accounts and instructed employees to begin communicating with DingTalk’s messaging feature. The court held:
AllRide’s conduct demonstrates both willfulness and bad faith. When the preliminary injunction issued, AllRide had received the original complaint, the Second Amended Complaint, and WeRide’s briefing in support of its preliminary injunction. These documents laid out WeRide’s initial theory of the case and indicated the relevance of AllRide’s internal emails and of the computers of AllRide’s employees. Despite this, AllRide left in place the autodelete setting on its email server, began using DingTalk’s ephemeral messaging feature, and maintained a policy of deleting the email accounts and wiping the computers of former employees. This practice of destroying potentially discoverable material shows both willfulness and bad faith.
The takeaway from WeRide Corp. should be that companies may not assume that ephemeral messaging apps provide a workaround to the production of otherwise discoverable ESI.
Prior to COVID-19, technology had already been rapidly changing the manner in which businesses operate. Those changes are now occurring at light-speed, making it all the more important for businesses to have consistent data retention protocols.
The quicker that a business can produce a cohesive and coherent set of internal rules that govern the organization of virtual meeting content, the more likely it is that the business can avoid having to produce compromising virtual meeting content in a discovery dispute, much less be sanctioned for not being able to produce such content.