Header graphic for print
Electronic Discovery Law Blog Legal issues, news, and best practices relating to the discovery of electronically stored information.

Defense Attorneys Sanctioned for Obstructing Forensic Inspection of Defendant’s Computer Servers

Posted in CASE SUMMARIES

Sterle v. Elizabeth Arden, Inc., 2008 WL 961216 (D. Conn. Apr. 9, 2008)

In this wrongful termination case, plaintiff sought the production of certain “DSFG Reports” which summarized information regarding the sales performance of employees in relation to their peers, and other key sales information.  Plaintiff knew about the existence of the DSFG Reports because he had received a facsimile of the June 2004 DSFG Report before he was terminated.  The fax was sent anonymously but the fax number was from defendant’s Stamford, Connecticut office.  The June 2004 DSFG Report revealed that plaintiff was leading his division in sales performance.  After nine months of discovery, defendant had produced only four additional DSFG Reports.  In October 2007, plaintiff moved to compel production of the remaining seven DSFG Reports from the year prior to plaintiff’s termination.

The court held a telephone conference to discuss the motion to compel and the whereabouts of the seven remaining DSFG Reports.  During the conference the attorneys maintained their respective positions on the matter:  plaintiff’s attorney believed that the defense attorneys were hiding or had deleted the DSFG Reports, and defense counsel gave assurances that such reports could not be located.  The court proposed that defendant permit a forensic computer consultant to inspect its computers, to which the attorneys agreed.  The court entered an inspection order, which included the following provisions:

(1) The defendant shall permit its electronic records to be inspected by the plaintiff, through a mutually agreed to forensic computer expert;
(2) The inspection shall be performed by February 29, 2008;
(3) The inspection shall be limited to the search for the existence of the seven Department Stores Fragrance Group (DSFG) Ranking Reports, which the plaintiff claims he is entitled to receive but that the defendant claims it does not possess.  The scope of the inspection for the DSFG reports shall be limited to the twelve month period of time prior to the plaintiffs termination in September, 2004;
(4) In the event that the inspection reveals any of the seven DSFG reports, the defendants shall bear the entire cost of the inspection;
(5) In the event that the inspection does not reveal any of the seven DSFG reports, the plaintiff shall bear the entire cost of the inspection….

The parties thereafter mutually agreed on the consultant who would perform the forensic computer inspection.  In addition, the attorneys stipulated to an agreement to ensure the protection of any confidential communications that the consultant may inadvertently obtain from the defendant’s computers.

However, when the consultant attempted the inspection, he was prevented from taking forensic media images and denied access to many areas of the computer system.  The consultant submitted testimony describing his unsuccessful efforts:

On February 28, 2008, the Consultant traveled to the Defendant’s office in Stamford, arriving at approximately 9:42 a.m..  The Consultant was initially permitted to access the Defendant’s network by using McCarthy’s account.  The Consultant was told that he would not be able to access Naramore and Rand’s laptops since both were in Florida.  The Consultant had questions about the network and was given assurances on at least four different occasions that a technology employee (“IT”) would soon be present to help provide answers.  Despite repeated assurances by McCarthy, the IT employee never appeared.  McCarthy directed the Consultant to a folder entitled “DSFG,” but McCarthy could not provide the Consultant with access to the folder.  The Consultant repeatedly attempted to gain access to the DSFG folder and to other areas of the drive without success.  With each attempt McCarthy would leave the room to speak with one of the Defense Attorneys and would return only to tell the Consultant that his access was restricted.  Such restriction essentially provided the Consultant with no access.  When the Consultant requested access to Sachse’s files, which were still on the system, McCarthy left the room to speak with IT and one of the Defense Attorneys.  Upon returning, McCarthy told the Consultant that he had more access to the server than the Defendant had wanted.  Minutes later the Consultant was logged out of McCarthy’s account and logged into another account that no longer permitted him to access the folders that he previously had been able to access.  Due to the minimal server access and lack of IT support, the Consultant left the Defendant’s offices at 2:30 p.m..  The Consultant told McCarthy that without complete access to the media it was impossible to verify whether the DSFG Reports existed and that the only way to find deleted items is to review the entire media.

Defendant thereafter filed a motion for protective order to prevent or suspend all further inspection of the computer systems, and for attorneys’ fees.  Plaintiff moved for a finding of contempt based on defense counsel’s violation of the inspection order, and moved for sanctions in the form of attorneys’ fees

The court denied defendant’s motion and granted plaintiff’s motion for sanctions.  It found that, although defense counsel may have provided some access to defendant’s servers and networks, the majority of the inspection was thwarted by defense counsel’s “obstructive tactics.”  The court criticized defense counsel’s changing positions:

In summary, over the course of nine months, the Defense Attorneys’ position regarding the DSFG Reports went from:  (1) not being able to produce the documents, to (2) claiming that the documents could not be found, to (3) offering to "recreate" the documents, to (4) claiming that producing the documents would be "overly burdensome," to (5) hypothesizing that the Plaintiff fraudulently produced the June 2004 DSFG Report, to (6) after receiving Sachse’s incriminating email, producing four of the eleven missing DSFG Reports.  The Court, finding this behavior to be erratic, held a telephonic conference on January 9, 2008, to discuss the whereabouts of the seven remaining DSFG Reports.  During the conference the Defense Attorneys gave an express assurance that such reports could not be located and an implied assurance that the erratic behavior displayed over the prior nine months of discovery would end.  As the Consultant’s affidavit reveals, the Defense Attorneys failed to act in good faith during the inspection, so an order requiring the Defense Attorneys to pay the reasonable expenses associated with the Plaintiff Attorney’s efforts to compel discovery is just.

The court further concluded that defendant’s failure to comply with the Inspection Order and to set forth a consistent and fair reason as to the existence of the DSFG Reports was “inexcusable.”

Accordingly, the court granted plaintiff’s motion for sanctions, and ordered the defense attorneys to pay to plaintiff’s counsel the reasonable expenses and fees associated with enforcing the inspection order, drafting the motions for contempt and for sanctions, and rescheduling the inspection of defendant’s electronic records.  Further, the court ordered the defense attorneys to pay the consultant the reasonable expenses and fees incurred for the preparation, travel, and investigative work that was completed on February 28, 2008.  In addition, the court ordered the defense attorneys to permit the defendant’s electronic records to be inspected under the same terms as previously ordered.

The court denied plaintiff’s request for entry of a default judgment as a sanction, but warned defense counsel that, in the event that they did not comply in full with the court’s directives, it would consider striking the defendant’s answer and entering a default judgment against it.