On December 1, 2006, a number of amendments to the Federal Rules of Civil Procedure (the "FRCP Amendments") are expected to become law. One of the more significant amendments creates a new "Safe Harbor" provision which, generally speaking, will preclude a court from imposing sanctions against a party for the destruction of electronically stored information if such destruction occurred pursuant to the "routine" operation of an electronic storage system.
As many commentators have noted, the true force of this provision is watered down to a great extent by many caveats. For one example, this provision applies only to sanctions issued by a court under the Federal Rules of Civil Procedure; it does not restrict a court's ability to issue non rule-based sanctions pursuant to its broad judicial authority. For another example, the provision expressly states that a court may still impose sanctions under "exceptional circumstances" - perhaps even if the responding party did everything right. As a third example, this provision only applies in federal court proceedings; it does not offer any reliable protection to a party who is litigating in state court. While each of these caveats is arguably deserving of its own analysis, none are more significant than the biggest caveat of all: The caveat of good faith. The caveat of good faith states that in order to claim protection under the Safe Harbor provision, the responding party must not only demonstrate that the destruction occurred in connection with the "routine" operation of an electronic information system, but it must also demonstrate that such "operation" occurred in "good faith."
Part I of this article provides a brief history of the FRCP Amendments and Rule 37(f) in particular. Part II of this article suggests a framework to guide courts in determining whether the element of good faith has been met. Finally, Part III provides some practical suggestions on measures corporations should implement in order to establish good faith under the proposed framework.
Part I. History of FRCP Amendments and Rule 37(f)
The FRCP Amendments are "aimed at discovery of electronically stored information."1 In particular, they are intended to address the reality that the discovery of electronically stored information raises "markedly different issues from conventional discovery of paper records" for a number of reasons: , their exponentially greater volume relative to hard-copy documents, the dynamic nature of computer systems, which can change or delete electronically stored information often without that specific knowledge or intent; and the interplay between electronically stored information and the systems on which the information is stored, which may make the former incomprehensible if separated from the latter.2 As recognized by the committee formed to propose the FRCP Amendments (hereinafter referred to as the "Advisory Committee"),3 today's reality of electronically stored information creates a litigation context where "potential access to information is virtually unlimited and in which full discovery could involve burdens far beyond anything justified by the interests of the parties to the litigation."4 Indeed, the costs associated with discovery of electronically stored information often result in settlements driven more by the cost of litigation than the actual merits of the case.5
In the absence of uniform national standards, "disparate local rules" emerged and a body of case law on discovery into electronically stored information developed that was both inconsistent and fact-specific.6 Without national rules, it was feared that a "patchwork of rules and requirements" would develop, leading to differing treatment of similarly situated litigants, and continued uncertainty, expense, delays and burdens with respect to the discovery of electronically stored information.7
In response to these concerns, proposed amendments to the FRCP were developed by the Advisory Committee. Following an extensive review and comment period, which resulted in several revisions to the proposed amendments, the Judicial Conference (the body ultimately charged with developing and recommending the amendments) approved the proposed amendments, and the United States Supreme Court added its endorsement in April 2006.8 Unless Congress takes action to prevent their enactment, which is not expected, the FRCP Amendments will go into effect on December 1, 2006.9
The proposed amendment to add Rule 37(f) "responds to a distinctive and necessary feature of computer systems - the recycling, overwriting, and alteration of electronically stored information that attends normal use."10 Unlike hard copy documents that are not destroyed without an affirmative, conscious effort, electronically stored information may be lost or altered by computer systems as part of routine operations, making the risk of losing such information significantly greater than with paper.11 In developing the proposed amendment, the Advisory Committee was particularly mindful of the need to balance a corporation's need to effectively manage its day-to-day operations against a litigant's right to obtain evidence.12 With these concerns in mind, the Advisory Committee developed a proposed amendment that provides "limited protection" against sanctions under the rules for a party's failure to provide electronically stored information in discovery if such information was lost in the routine, good faith operation of an electronic information system.
Rule 37(f) does not address the issue of when a duty to preserve information is triggered. When that duty arises depends on the substantive law of each jurisdiction. As a general matter, the obligation is triggered when a party becomes aware of facts demonstrating that litigation is "reasonably likely." E.g., Zubulake v. UBS Warburg, 229 F.R.D. 422, 431 (S.D.N.Y 2004) ("Once a party reasonably anticipates litigation, it must suspend its routine document retention/destruction policy and put in place a 'litigation hold' to ensure the preservation of relevant documents.").
In addition, neither the Standing Committee Report nor the Advisory Committee Report explicitly states whether Rule 37(f) is primarily intended to address the destruction of electronic information that occurs prior to a triggering event, or whether the Rule was also designed with the post-triggering event context in mind. Some believe that the impetus behind the rule was to settle the debate as to whether the relatively well developed body of law regarding the destruction of hard copy documents pre-triggering event also applied to electronic information. Those in favor of liberal discovery argued that the justifications for the destruction of hard copy records - namely, the vast costs associated with the indefinite storage of paper documents - did not apply to electronic information. Of course, companies charged with managing (and paying for the management of) this information felt otherwise. Regardless of the impetus behind the creation of the rule, it is clear that the rule is not limited to the pre-triggering event context, although the true impact of the rule in the post-triggering event context will no doubt remain a source of debate for some time.13
While the FRCP Amendments went a long way towards providing uniformity and addressing unanswered questions, they generated a few new questions and provided little guidance on how they should be answered by the courts. One such new question is the meaning of "good faith."14 As noted by the Advisory Committee, this phrase is intended to represent a middle ground between negligence on one end of the spectrum (which many feared would be too demanding of a responding party and thereby effectively eliminating any meaningful protection) and recklessness or intentional misconduct on the other end of the spectrum (which many felt would be too difficult for the requesting party to prove).15 However, neither the Standing Committee nor the Advisory Committee provided any meaningful guidance on what exactly good faith means in the context of Rule 37(f), or what a party must show in order to establish it.16 The farthest that the Advisory Committee went on this topic was to address litigation holds, suggesting that good faith "may" (not "will") require that a party undertake affirmative steps to suspend the operation of the electronic information system in order to prevent the destruction of information subject to a litigation hold, and that the nature of the steps taken will "bear on" (not "determine") good faith.17
Still, despite this non-committal verbiage, it is reasonable to conclude that the crux of the good faith element in the post-triggering event context is taking affirmative steps to preserve information that is subject to a litigation hold.18 The crux of the good faith element in the pre-triggering event context is much less clear. What remains unanswered in either context, however, is the question of what happens if the steps taken end up being insufficient, in that evidence that should have been preserved is, in fact, destroyed. Does the responding party lose the protection of the rule if the responding party acted with the right intent but a reasonable person would have done things differently? Presumably not, as that would constitute a negligence standard, which the Advisory Committee explicitly rejected. Does the court need to find that the responding party acted with the intent to destroy this information? Again, presumably not, as that would constitute an intentional misconduct standard, which the Advisory Committee also explicitly rejected.
So where does that leave litigants? It leaves them in a legal purgatory, or, for the more science fiction oriented, a middle legal earth so-to-speak. Not a good place with so much money potentially on the line.
Part II. A Suggested Framework for Determining Good Faith Under FRCP 37(f)
At least one commentator has suggested that the term good faith, as used in the context of Rule 37(f), bears similarity to the term good faith as used in the context of the business judgment rule as applied to decisions by a corporation's board of directors.19 There is a great deal of validity to that suggestion, and it therefore warrants a closer examination.
The business judgment rule is a case law-derived concept in corporations law whereby a court will refuse to review the actions of a board of directors absent a showing that the board's conduct violated its duty of care, loyalty or good faith.20 It is premised on the notion that "management of the corporation is best left to those whom it has been entrusted, not to the courts."21 A court "will not substitute its own notions of what is or is not sound business judgment" if "the directors of a corporation acted on an informed basis, in good faith and in the honest belief that the action taken was in the best interests of the company."22 The rule effectively creates the rebuttable presumption that the decisions by board members and management in running a corporation are informed, and are made in good faith and in the belief that the action taken is in the corporation's best interests.23
Historically, the business judgment rule had two elements, corresponding to two fiduciary duties owed by directors to the company and its shareholders: the duty of care - which focuses on whether the board made a sufficiently informed decision - and the duty of loyalty - which focuses on director conflicts of interest and self-dealing.24 The issue of whether "good faith" is actually a separate third element of the business judgment rule, or whether it is simply "inseparably and necessarily intertwined with the duties of care and loyalty," does not appear well settled.25
The definition of good faith remains elusive. For all of the judicial references to the term good faith, "neither the functional meaning of good faith nor its potential relationship to other corporate law doctrines has ever been specified."26 Although understood in some general sense, good faith is a "difficult concept to operationalize in law" and its meaning can often vary somewhat based on context.27
The Delaware Court of Chancery has provided some guidance on the meaning of good faith not by defining what it is, but rather by defining what it is not: "[T]he concept of intentional dereliction of duty, a conscious disregard for one's responsibilities, is an appropriate (although not the only) standard for determining whether fiduciaries have acted in good faith."28 In that case, although ordinary negligence (an objective standard) arguably had been shown, that was insufficient to overcome the business judgment rule. Rather, the plaintiffs had the burden of showing that the directors had acted in bad faith, which they failed to do.29 A prior opinion from the court in an earlier stage of the same case referred to this as an "ostrich-like approach" to meeting its duties.30 A prior decision from the same court in a different case suggested a similar standard, using phrases such as "intentional and conscious disregard" for a director's duties or a "knowing and deliberate difference" to such duties.31 These cases would seem to imply a gross negligence type test, i.e. did the director consciously and knowingly fail to exercise his or her duty of care.
Building on the language from these cases, at least one commentator has "articulated an analysis for good faith that focuses on questions of intent, arguing that directors fail to act in good faith 'when they abdicated, subvert or ignore [their] responsibilities, or act with deliberate indifference toward them. . . . Good faith based liability . . . moves the bar from negligent behavior to deliberately indifferent, egregious, subversive or knowing behavior, and thereby raises issues relating to the motives of the actors.'"32
As previously stated, however, neither the Delaware cases nor the academic commentary say what good faith is. Rather, they say what it is not. This approach does not align with the notion that the party seeking to invoke the protection of Rule 37(f) bears the initial burden of establishing that it acted in good faith. That party would necessarily need to establish the affirmative - i.e. that it did act in good faith - not disprove the negative - i.e. that it did not act in bad faith. In order to do this, an affirmative definition of what is good faith is still needed.
One of the few places where an affirmative definition of good faith is codified is in the Uniform Commercial Code, where the Code's general provisions provide that good faith means "honesty in fact in the conduct of the transaction concerned."33 This seems to imply a purely subjective standard that is consistent with the academic commentary described above that refers to the "motives" of the actors.34
But there is danger in adopting a purely subjective test of good faith under Rule 37(f). Under such a test, a responding party could claim protection under the rule if it can establish that it acted honestly and with the right intentions, even if, for example, it undertook glaringly inadequate steps to prevent evidence from destruction. This would undermine the express guidance of the Advisory Committee, which says that the nature of the steps will "bear on the determination of good faith."35
It would seem, therefore, that the best approach is the adoption of a test that focuses principally on a subjective test for good faith and provides more protection than would otherwise be afforded under a negligence standard, but which may be rebutted by a showing of bad faith. The proposed two-step approach is as follows:
Step 1: When invoking the protection of Rule 37(f), the responding party bears the initial burden of establishing good faith. To do so, it must demonstrate that it acted with honest intent. In the pre-triggering event context, honest intent is established by demonstrating a legitimate business reason for destroying the electronic information. In the post-triggering event context, the responding party must, in addition to demonstrating a legitimate business reason, also demonstrate that it undertook some steps to suspend the features of the routine operation to prevent the loss of the applicable information.
Step 2: If the responding party meets its prima facie burden of proving good faith through a showing of honest intent, the requesting party then bears the burden of establishing bad faith through a showing of either improper motive or a conscious disregard for inadequate preservation measures.
- Improper Motive. The requesting party can prove bad faith by demonstrating that, notwithstanding the legitimate business reason for the destruction, the responding party destroyed information at least in part with the improper motive of thwarting potential discovery. This method of proving bad faith would apply in both the pre-triggering event context as well as the post-triggering event context. Recognizing that direct evidence of subjective bad intent (e.g. the "smoking-gun email") is unlikely, the requesting party can still establish improper motive circumstantially. One potential way of proving improper motive circumstantially is by demonstrating that the manner in which the destruction policy was implemented either (i) resulted in the destruction of a vastly higher percentage of high-risk information versus similarly situated but relatively lower-risk information or (ii) was patently inconsistent with the stated legitimate business reason.36
- Example One: The stated legitimate business reason is to reduce long-term storage costs, but the destruction policy actually implemented had the effect of destroying information related solely to clinical tests of its pharmaceuticals while low-risk information that was the same age, format and/or stored on the same type of media was retained.
- Example Two: The stated business reason for destroying the information was to protect against the inadvertent release of personal information of former employees, but in fact the most "personal" of that information (e.g. medical history; religious or political affiliations; bank information) was not among the information destroyed.
- Conscious disregard for improper preservation measures. In the post-triggering event context only, the requesting party can also prove bad faith by demonstrating that the steps undertaken by the responding party to meet its preservation obligations were, in fact, inadequate and unreasonable under the circumstances and the responding party either (i) knew that the steps were likely inadequate and unreasonable or (ii) consciously and deliberately failed to undertake a reasonable investigation in order to determine whether the chosen steps were adequate and reasonable under the circumstances, i.e. it adopted an "ostrich-like" approach to implementing the litigation hold.37
Part III: Practical Suggestions on Establishing Good Faith
Corporations are well advised to implement measures that will allow them to meet both the subjective and objective elements of the proposed good faith test, and to meet both their initial burden of establishing good faith as well as to prevent the requesting party from rebutting this showing. The following suggests a non-comprehensive list of these measures:
- Corporations that wish to implement a policy of destroying information through the routine operation of an electronic information system should:
- Identify and document the legitimate business reasons for the destruction of the information;
- Identify and document the parameters that further these legitimate business reasons, e.g. date ranges, types of media; and
- Implement a process that, in fact, furthers these legitimate business reasons and is consistently applied based on the stated parameters.
- The department(s) in charge of maintaining sources of electronically stored information (typically operations, IT, or a combination of the two) must maintain an update database that shows, in a format easily presentable to a court,:
- All sources of electronically stored information (e.g. on-line repositories, servers, desktops, backup tapes) and their locations;
- "High-level" information regarding the type electronically stored information on those sources (e.g. email, file systems, applications); and
- Ideally, "Low-level" information regarding the parameters of the electronically stored information on those sources (e.g. custodian/mailbox names, file names, date ranges).38
- Corporations should establish and communicate a company-wide litigation hold policy that has, as one important element, clear direction to employees to immediately alert corporate legal counsel if they become aware of facts that are "reasonably likely" to lead to litigation.
- Corporations should designate a single senior management level employee (such as the CFO, COO or Chief Security Officer) (the "Designee") to act as the company's representative for the electronic information system and, in the post-triggering event context, the nature of all litigation hold efforts. This Designee will effectively serve as the company's spokesperson on the issue of "honest intent." Although this individual will be supported throughout this process by legal counsel, this article suggests that the Designee be a non-legal employee in order to allow for his or her testimony to be freely presented to the court without fear of privilege waiver.
- Corporate legal counsel should establish a policy of implementing an immediate litigation hold. This policy would include the following steps:
- Legal counsel should immediately investigate the nature of the potential claim to determine which employees may have relevant information.
- Following this meeting, the Designee should send a litigation hold notice to these employees, instructing them to preserve (and how to preserve) all documents and electronically stored information relating to the subject matter of the potential claim.
- Legal counsel should meet with the appropriate representatives from Operations/IT to discuss and consider which sources of electronically stored information may contain information potentially relevant to the claim, both
Courtesy of Russ Yoshinaka of Zantaz.
1 Judicial Conference of the United States Report of the Judicial Conference Committee on Rules and Practice and Procedure at 22 (2005), http://www.uscourts.gov/rules/Reports/ST09-2005.pdf (hereinafter, the "Standing Committee Report").
2 Id. At 22-23; Committee on Rules of Practice and Procedure of the Judiciary Conference of the United States, Report of the Civil Rules Advisory Committee at 24 (2004), http://www.uscourts.gov/rules/ comment2005/CVAug04.pdf (hereinafter, the "Advisory Committee Report").
3 The official title of the Advisory Committee is the "Civil Rules Advisory Committee of the Standing Committee of the Judicial Conference of the United States." It is a subcommittee of the committee commonly referred to as the "Standing Committee," the official title of which is "The Committee on Rules of Practice and Procedure of the Judicial Conference of the United States." Thomas Y. Allman, The Impact of the Proposed Federal E-Discovery Rules, 12 Rich. J.L. & Tech. 13, [1-2] (2006) (hereinafter, "Allman").
4 Advisory Committee Report at 28.
5 Id. At 25 (citing Subrin, Fishing Expeditions Allowed: The Historical Background of the 1938 Federal Discovery Rules, 39 Boston Coll. L. Rev. 691, 730 (1998)).
6 Standing Committee Report at 22.
7 Id. at 22-23.
8 Allman at 4.
10 Standing Committee Report at 32.
12 Id. at 32-33.
13 Many will argue that the common law "reasonableness" standard for determining whether a party's litigation hold obligations have been properly discharged remains unchanged by the rule. In other words, Rule 37(f) does not shield a party from sanctions if it failed to implement reasonable measures in order to prevent the destruction of potentially relevant evidence. In contrast, this article suggests that, in the limited context of the destruction of electronic information pursuant to a routine electronic information system, the higher good faith standard is appropriate. First, this standard adequately recognizes the proliferation of electronic information, the challenges associated with managing it, and potential for inadvertent destruction of electronic information which does not support the imposition of sanctions - all paramount factors in the Advisory Committee's adoption of the good faith standard. Second, absent the application of the good faith standard, there is a glaring inconsistency in the post- triggering event context between the good faith standard applied under Rule 37(f) and the current common law standard of reasonableness. At the very least, maintaining a reasonableness standard effectively makes the rule meaningless in the post-triggering event context. Were that the intent of the Advisory Committee, it would have been much better served by simply limiting the application of the rule to the pre-triggering event context which, again, it did not.
14 Another question not expressly addressed is who bears the burden on this topic. Does the responding party need to establish good faith in order to afford itself of protection under this rule, or does the requesting party need to establish the lack thereof in order to substantiate a request for sanctions? This article suggests that the responding party will bear this burden, as it is will be the responding party who will be invoking this rule in order to defend against a threat of sanctions brought by the requesting party or by the court of its own volition.
15 Advisory Committee Report at 110-111.
16 To be fair, the Advisory Committee is not alone, as discussed in Part II.
17 Advisory Committee Report at 111. See also Standing Committee Report at 34.
18 The Committee Notes to new Rule 37, for example, warn that "[A] party is not permitted to exploit the routine operation of an information system to thwart discovery obligations by allowing that operation to continue in order to destroy specific stored information that it is required to preserve."
19 Allman at 20 n.100.
20 See Wikpidia.com, available at http://en.wikipedia.org/wiki/Business_judgment_rule.
21 Desaigoudar v. Meyercord, 108 Cal.App.4th at 173, 183 (2003). See generally D. Block, et al., The Business Judgment Rule (5th ed., Vol. 1 1998), p. 15-17 (discussing rationale underlying business judgment rule and noting that "'directors are, in most cases, more qualified to make business decisions than are judges.'") (citations omitted)
22 Id. (quoting Aronson v. Lewis, 473 A.2d 805, 812 (Del. 1984) and Sinclair Oil Corp. v. Levien, 280 A.2d 717, 720 (Del. 1971)). See also Joseph M. McLaughlin, Good Faith: A New Sheriff in Town?, Feb. 9, 2006, available at http://www.stblaw.com/content/publications/pub537.pdf (citing Aronson at 812) (hereinafter, "McLaughlin").
23 Aronson v. Lewis, 473 A.2d 805, 812 (Del. 1984); Katz v. Chevron Corp., 22 Cal.App.4th 1352, 1366 (1994).
24 See Joseph M. McLaughlin, Good Faith: A New Sheriff in Town?, http://www.stblaw.com/content/ publications/pub537.pdf at 6 (Feb. 9, 2006) (hereinafter, "McLaughlin"). See also, Sean J. Griffith, Good Faith Business Judgment: A Theory of Rhetoric in Corporate Law Jurisprudence, 55 Duke L.J. 1, 10 (2005) (hereinafter, "Griffith")
25 McLaughlin at 6 (quoting In re Walt Disney Co. Deriv. Litig., 2005 WL 2056651 (Del. Aug. 9, 2005). See also, Cal. Corp. Code Sec. 309 (identifying "good faith" as a separate requirement for protection under the rule). See also Griffith at 6-7 (suggesting that good faith is really a rhetorical device that allows greater judicial oversight and authority over corporate misdeeds, rather than a substantive standard that should be evaluated separately along side the duties of care and loyalty).
26 Griffith at 12.
27 Id. (citations omitted).
28 Id. at 5 (quoting In re Walt Disney Co. Derivative Litig., 2005 WL 2056651 (Del. Aug. 9, 2005) (emphasis added).
30 In re Walt Disney Co. Deriv. Litig., 825 A.2d 275 (Del. Ch. 2003).
31 Id. (quoting Official Comm. Of Unsecured Creditors of Integrated Health Serv's, Inc. v. Elkins, 2004 WL 1949290 (Del. Ch. Aug. 24, 2004)).
32 Griffith at 29 (quoting analysis from Professor Hillary A. Sale, Delaware's Good Faith, 89 Cornell L. Rev. 456, 486-89 (2004)) (emphasis added).
33 Business Judgment Rule, 28 Cal. L. Revision Comm'n Reports 1 at 41 (1998) (citing U.C.C. Sec. 1201( 19) (hereinafter, "Cal. Business Judgment Rule").
34 The committee that authored the Cal Business Judgment Rule report argued that this definition may not necessarily be subjective, but the argument was strained at best. See Id.
35 See also Cal. Business Judgment Rule at 42 (noting that most courts have added an objective element to the analysis because "serious problems would arise if even an irrational business decision was protected solely because it was made in subjective good faith.)
36 The inclusion of the adjectives "vastly" in subsection (i) and "patently" in subsection (ii) is deliberate, as the bar to establish bad faith through circumstantial evidence requires a relatively clear and convincing showing. Put differently, a mere showing of some circumstantial evidence will not suffice.
37 Admittedly, this test is suggestive of a gross negligence standard and some may argue that gross negligence is tantamount to recklessness, a higher standard than was intended by the Advisory Committee in settling on a culpability standard of good faith. To that, the response is three-fold: First, the burden to be met by the requesting party is never even addressed if the responding party fails to meet its initial burden, which burden does not venture into the arena of gross negligence in any manner. Second, the Advisory Committee left the judiciary - and us - with no other choice but to try and find an interpretation that lay somewhere between negligence on one end of the spectrum and intentional misconduct on the other end of the spectrum. If someone has a better suggestion, no doubt the courts - and this author - would be interested to hear it.
**Editor's Note: FRCP 37 has been amended since the writing of this article. For an updated version of the rule, see the text of FRCP 37.