Opinion
Case No. 1:16-cv-01130-DAD-EPG
06-15-2017
KIMBERLY SUE BIRD, Plaintiff, v. WELLS FARGO BANK, Defendant.
ORDER GRANTING MOTION TO COMPEL PRODUCTION OF COMPARITIVE DATA REPORTS DEADLINE FOR DEFENDANT'S PRODUCTION AND REPORT TO COURT SIX WEEKS FROM DATE OF THIS ORDER (ECF No. 30)
A. Background
The Court issued a discovery order on March 31, 2017 ordering defendant Wells Fargo to "immediately design and implement a discovery plan to diligently and in good faith produce documents consistent with this order and schedule its production on a rolling basis to conclude no later than June 1, 2017." (ECF No. 26, p. 12.) The order detailed how discovery in this case had broken down, specifically set out the scope of discovery, and ordered Welles Fargo inter alia to produce eleven sets of documents by June 1. (Id. 12-13.)
Plaintiff has filed a motion to compel and for sanctions contending that Wells Fargo failed to comply with the Court's March 31, 2017 order. (ECF No. 30.) The parties filed a joint statement and declarations in support of/in opposition to the motion on May 27, 2017. (ECF Nos. 35-27.) The Court heard oral argument on the motion on June 1, 2017. (ECF No. 38.) The Court issued several discovery orders on the record during the hearing. (Id.) This order addresses the remaining discovery dispute taken under advisement at the June 1 hearing: information regarding the extent other Wells Fargo employees violated Wells Fargo's security policy.
B. Remaining Discovery Dispute
Discovery regarding other Wells Fargo employees who allegedly violated the Wells Fargo security policy was discussed extensively at the March 30, 2017 discovery conference. Ms. Habib on behalf of Defendant Wells Fargo explained Wells' Fargo scope of discovery as follows:
Moving on to the -- really the final category regarding the compromised incident or data reports and the data in the Policy Works database. So there are two -- as we explained in the last joint statement, there are two types of documents that Mr. Cravens is seeking. One is I guess a - I think we call it a compromised data report. These are reports that are not consistently filled out by Wells Fargo individuals.(ECF No. 29, pp. 27:1-28:4, transcript of discovery conference held March 30, 2017.) In other words, Ms. Habib represented to the Court that "all of the information on [Wells Fargo's] compromised data reports are in the Policy Works database," "the Policy Works database is a searchable database. So that will have all the information of the compromised data reports," and "[Wells Fargo] can search by categories of these reports."
Some employees fill them out on the compromised data team and, you know, if an item has been lost or there's a data breach. Other officers in the compromised data team do not use them at all. They're not retained in any centralized database. They're, you know, stored in a drawer, maybe not even retained at all because all of the information on these compromised data reports are in the Policy Works database which we have represented, and as we said in our joint report, the Policy Works database is a searchable database.
So that will have all the information of the compromised data reports. There's no reason to, you know -- for us to produce those and frankly we can't even do so. I mean they're so scattered across the country there's no database for those reports.
So getting to the Policy Works database, you know, like I said, that is searchable and as we have told plaintiff, we can search for reports that were very similar to Ms. Bird's.
We can search by categories of these reports. So Ms. Bird's report fell into three categories; information taken without authorization is category one, non-electronic is category two, and burglary/robbery is category three.
Additionally, Wells Fargo offered to produce 52 records from the Policy Works database. (ECF No. 29, at p. 27:16-22) ("And so we have agreed to produce these reports on the Policy Works database from 2005 to the present and there are 52 reports including Ms. Bird's and we will produce those in Excel format so we can the reports are quite long, so that's the most easily maneuverable way to produce the reports and they have all the information on the Policy Works database, and we will agree to produce that.").
The dispute at the conference concerned the scope of categories and time period of such data. Wells Fargo took the position that only relevant data was from 2005 to present falling within all three of the following categories: "information taken without authorization is category one, non-electronic is category two, and burglary/robbery is category three." (ECF No. 29, p. 28:2-4.) Mr. Cravens, in contrast, argued that these categories were unfairly narrow, and also that Wells Fargo has not described the potential categories for a meaningful meet and confer.
Following the hearing, the Court issued a discovery order defining the scope of discovery and ordering Wells Fargo produce, among other categories of documents "All Compromised Data Reports regarding employees who failed to comply with Wells Fargo's Information Security Policy from May 6, 2012 until May 6, 2015, along with any explanation of codes or data to understand such reports." (ECF No. 26, p. 12.) The Court explained that "Defendant may not limit the reports to those involving only non-electronic data and/or burglary robbery. Note that Defendant has claimed that Plaintiff was terminated for failing to comply with 'Wells Fargo's Information Security Policy' without such limitations. See Defendant's Response to Special Interrogatory No. 2." (ECF No. 26, p. 12 n. 3) The Court ordered production be completed by June 1, 2017.
As of the deadline, Wells Fargo failed to produce any data in response to this portion of the Court's order. It did not produce the 52 reports it already agreed to produce, any information from the PolicyWorks database, or a single compromised data report. Instead, it explained in its joint statement to the Court that it had interpreted the Court's order to include only the physical Compromised Data Reports, and not that exact same data to the extent reflected in the Policyworks database, despite its representations that "all of the information on these compromised data reports are in the Policy Works database." (ECF No. 36, p. 28 ("The Court's Order makes no mention of Policyworks database reports. . . . Thus, Defendant is not required to produce this data."). Moreover, Defendant explained that it had not produced any Compromised Data Reports based upon its determination that it had not yet located any that were "responsive" because "a CDR may be generated for reasons that have nothing to do with an alleged violation of the ISP." (Id. at 33.) In other words, Defendant interpreted the Court's order to refer only to documents in a physical format, even though the data not only was easily available but had been represented in Court to be available, and then Defendant engaged in a process that ultimately found no responsive data, at least as of the deadline of production.
At the Court's hearing on June 1, 2017, the Court explained at length why Wells Fargo's interpretation of the Court's order was in bad faith. (e.g. ECF No. 42, pp. 26-30.) Discovery applies to the underlying data and a party cannot avoid its discovery obligations by claiming that someone, and especially the Court, failed to specify the format of the data. See Reinsdorf v. Skechers U.S.A., Inc., 296 F.R.D. 604, 615 (C.D. Cal. 2013) (explaining that, while the federal rules do not demand perfection, "parties must impose a reasonable construction on discovery requests and conduct a reasonable search when responding to the requests" and that "the discovery process relies upon the good faith and professional obligations of counsel to reasonably and diligently search for and produce responsive documents." (collecting cases)). Moreover, Wells Fargo's wrong interpretation had resulted in no discoverable information, rendering it facially not a reasonable search for responsive information. At that hearing, Wells Fargo stated that it could not provide the categories of the Policyworks database that would be responsive to the Court's order. The Court ordered that such categories be provided by June 7, 2017.
Where discovery avoidance is found to be purposeful and in bad faith, serious sanctions can be imposed. See, e.g., Connecticut Gen. Life Ins. Co. v. New Images of Beverly Hills, 482 F.3d 1091, 1095 (9th Cir. 2007) (imposing terminating sanctions after finding that party's improper discovery responses "amounted to avoidance, not compliance, with discovery obligations.")
On June 7, 2017, Wells Fargo provided the categories of the Policyworks database, containing data inputted from Compromised Data Reports. Without permission, Wells Fargo also included a lengthy argument why it should nevertheless not have to produce any such data, because the production was burdensome, did not provide any relevant information, contained confidential information that could not be produced even under a protective order. Regarding the time for production of such an excel spreadsheet "it is estimated that this process will take at least 3-5 weeks, not including the time that it will take to review and redact all sensitive information. Further, because the Policyworks database currently has technical issues which render it unable to furnish new data requests, and Defendant is currently unaware of when the problem will be resolved, it may take even longer than 3-5 weeks that [sic] to pull the data." In other words, Wells Fargo once again argued it could not produce any data on any reasonable time period regarding this category of discovery, as ordered by the Court. It also argued that the database it previously said was searchable and contained relevant information was now technically unavailable.
At the June 1 hearing, the Court instructed Wells Fargo to submit the categories and clearly did not invite it to submit argument. (ECF No. 42, p. 38:18-22.)
Instead, Wells Fargo mentioned yet another system, never before discussed, that it now represented contained responsive information. "(1) Defendant is in the process of collecting information from the system of record utilized by Human Resources to record consultations relating the employees who have violated the ISP from May 6, 2012 to May 6, 2015. Within one week of producing the information regarding how many individuals there are, Defendant can provide an estimate as to when it will be able to produce their corresponding Policyworks reports, to the extent they exist; and (2) Defendant submits that the Human Resources system is the appropriate system of record to search for records responsive to Plaintiff's request, and not the Policyworks database."
Wells Fargo's repeated use of narrow definitions to evade any production of relevant information, concealment of locations of responsive information, use of belated and conflicting reasons to fail to produce ordered information, and continued failure to provide any assurances of a reasonable and timely production call into question Wells Fargo's good faith compliance with its discovery obligations and this Court's order. There is already one sanctions motion pending and this conduct provides further support for discovery sanctions. After all, this is a case where Plaintiff claims that Wells Fargo's purported reason for termination, which was an alleged violation of the Wells Fargo Information Security Policy, was a pretext. Yet, Wells Fargo has so far avoided all production related to any other employee for violated that security policy in order to make legally relevant comparisons.
C. Conclusion and Order
Accordingly, the Court ORDERS as follows:
This order supplements and adds to the Court's March 31 order, ECF No. 26.
1. Within six weeks from today, Wells Fargo shall complete the following production. Wells Fargo shall also submit a statement of compliance with the Court, along with an explanation of any failure to comply;
2. Wells Fargo shall produce all data regarding employees who failed to comply with Wells Fargo's Information Security Policy from May 6, 2012 until May 6, 2015 using the method proposed in Wells Fargo's email of June 7, 2017:
3. Wells Fargo shall also produce the 52 records from the Policyworks database, which it already agreed to produce, as discussed in the March 30, 2017 hearing;IT IS SO ORDERED.
4. Wells Fargo shall provide Plaintiff with a sworn statement regarding the total number of records in the Policyworks database falling under each category in the Policyworks database, including each category identified under Category Levels 1, 2, and 3 from May 6, 2012 until May 6, 2015. This document should list the name of each category and the corresponding number of entries associated with that category for this time period;
5. After six weeks, Plaintiff has leave to file a renewed motion to compel and/or motion for sanctions regarding data relating to other Wells Fargo employees who violated Wells Fargo's Information Security Policy if it believes that the data remains insufficient to determine its claims, in light of the burden involved in production, or if Wells Fargo fails to comply with this order; and
6. To the extent that a party interprets any ambiguity as to this order, the parties shall promptly contact the Court to arrange an informal discovery conference to resolve any such ambiguity without delay.
This statement of compliance is due separately and in addition to the report certifying completion discovery ordered on June 8, 2017, ECF No. 43.
"Defendant is in the process of collecting information from the system of record utilized by Human Resources to record consultations relating the employees who have violated the ISP from May 6, 2012 to May 6, 2015. Within one week of producing the information regarding how many individuals there are, Defendant can provide an estimate as to when it will be able to produce their corresponding Policyworks reports, to the extent they exist; and (2) Defendant submits that the Human Resources system is the appropriate system of record to search for records responsive to Plaintiff's request, and not the Policyworks database."
The Court is not ordering production of all underlying data at this time. It is ordering the total numbers of entries for each category in a sworn and admissible form. --------
Dated: June 15 , 2017
/s/_________
UNITED STATES MAGISTRATE JUDGE