Opinion
20 Civ. 53 (ALC) (GWG)
09-14-2023
MEDCENTER HOLDINGS INC., et al., Plaintiffs, v. WebMD HEALTH CORP., et al., Defendants.
OPINION AND ORDER
GABRIEL W. GORENSTEIN, UNITED STATES MAGISTRATE JUDGE
Plaintiffs Medcenter Holdings Inc. (“Medcenter Holdings”), Medcenter Solutions SA (“Medcenter Argentina”), Med Solutions Mexico, S. de R.L. de C.V., and Medcenter Solutions do Brasil SA, (collectively, “Medcenter”), have brought suit against defendants WebMD Health Corp. (“WebMD”), Medscape, LLC (“Medscape”), and WebMD Global LLC for misappropriation of trade secrets under the Defend Trade Secrets Act, 18 U.S.C. § 1836 et seq. and New York state common law; and against defendant WebMD for breach of contract. See Complaint, filed Jan. 3, 2020 (Docket # 1) (“Comp.”); Amended Complaint, filed June 5, 2020 (Docket # 18) (“Am. Comp.”). Defendants have moved for sanctions against plaintiffs for spoliation of evidence.
See Notice of Motion Pursuant to Fed.R.Civ.P. 37(e) for Sanctions on Account of Spoliation of Evidence, filed Feb. 27, 2023 (Docket # 73) (“Mot.”); Declaration of Jeffrey A. Mitchell, filed Feb. 27, 2023 (Docket # 74) (“Mitchell Decl.”); Memorandum of Law in Support, filed Feb. 27, 2023 (Docket # 75) (“Def. Mem.”); Declaration of Barry Werbin, filed Mar. 31, 2023 (Docket # 78) (“Werbin Decl.”); Declaration of Michael Fitzgerald, filed Mar. 31, 2023 (Docket # 79) (“Fitzgerald Decl.”); Declaration of Daniel Sanmarco, filed Mar. 31, 2023 (Docket # 80) (“Sanmarco Decl.”); Declaration of Carlos Jose Francisco Padilla, filed Mar. 31, 2023 (Docket # 82) (“Padilla Decl.”); Declaration of Federico Testagrossa, filed Apr. 1, 2023 (Docket # 85) (“Testagrossa Decl.”); Memorandum of Law, filed Apr. 1, 2023 (Docket # 86) (“Pl. Opp.”); Reply Memorandum of Law, filed Apr. 12, 2023 (Docket # 88) (“Reply Br.”); Declaration of Jeffrey A. Mitchell, filed Apr. 12, 2023 (Docket # 89) (“Mitchell Reply Decl.”).
For the below reasons, this motion is granted in part and denied in part.
I. BACKGROUND
Medcenter makes the following allegations in its complaint:
Medcenter was a group of companies that collect and provide medical and pharmaceutical information and offer accreditation and continuing education to physicians in Central and South America. See Am. Comp. ¶ 28. To support its business, Medcenter developed and maintained two extensive databases.
The first, the “Physicians Database,” was a “huge and highly detailed proprietary database of physicians (including dentists) and their areas of practice and specialties, as well as medical students, throughout Latin America.” Id. ¶ 31. Medcenter maintained the database “in a Microsoft SQL database structure” and kept it “updated, organized and strictly confidential.” Id. ¶ 33. The database reached its “peak” in early 2016, at which point it had “granular” data on about 420,000 medical professionals, which reflected “enormous value” to Medcenter. Id. ¶ 40. “Medcenter tightly restricted access to the Physicians Database,” id. ¶ 42, only allowing a single database manager named Carlos Padilla to have full access from 2014-2016, id. ¶ 42, and allowing some with the title “senior community manager[ ]” to have “limited access rights,” id. ¶ 44.
The second database, the “Salesforce Database,” see id. ¶ 48, was a database Medcenter used to distribute invitations to medical professionals in the Physicians Database to participate in a program to deliver information about pharmaceutical products that pharmaceutical companies paid Medcenter to advertise, see id. ¶¶ 45-48. Medcenter calls such advertising efforts “Directed Projects.” Id. ¶ 46. After Medcenter disseminated information about a pharmaceutical product for a Directed Project to targeted physicians through the Salesforce Database, the physicians could respond to the marketing messages, which provided “useful data and feedback” to Medcenter. Id. ¶ 54. “All this unique pharmaceutical drug and medical product project performance data was stored in Medcenter's Salesforce Database, which was a secure hosted online platform.” Id. ¶ 55. Only Daniel Sanmarco, who was the CEO of Medcenter Holdings and Medcenter Argentina, id. ¶ 42, and Estefania Aristu, who was the “Salesforce Database administrator for all of Medcenter” since 2003 or 2004, id. ¶ 61, had the “access password ‘keys'” to the Salesforce Database, id. ¶ 60.
Medcenter alleges that the defendants “conspired together to arrange to poach” a Medcenter Argentina executive named Mariel Aristu in June 2016 and that before she left to work for defendants, she stole “extensive amounts” of data from the Physicians Database and the Salesforce Database and provided this data to defendants. Id. ¶¶ 3-5. Mariel Aristu herself did not have access to the Physicians Database, but instead was able to “request information from the Physicians Database on an as-needed basis from other Medcenter senior community managers,” who did have some direct access to the database. Id. ¶ 71. Medcenter also alleges that Sanmarco provided her “the Salesforce Database access ‘key'” in May 2016 before she was due to attend a Miami conference and that she used this to “access, download, retain and steal substantial amounts of confidential Medcenter data on all ongoing Directed Projects that were in process as of June 2016.” Id. ¶¶ 131-33. Medcenter revoked all of Mariel Aristu's “database access credentials” when it became aware of her departure from Medcenter in June 2016. Id. ¶ 152. Medcenter alleges her transfer of information from these databases to defendants constituted a theft of trade secrets that quickly devastated Medcenter's business, id. ¶¶ 6-8, but that Medcenter only began to suspect in fall 2017 that Mariel Aristu had stolen this data and had disclosed it to the defendants as part of a conspiracy between her and the defendants, id. ¶ 9.
As to the effects of the purported conspiracy, Medcenter alleges that it lost clients “[d]uring the first three quarters of 2017,” Id. ¶ 167, and that in October 2017, defendants took over “at least nine Directed Projects, which [Mariel] Aristu personally had been in charge of at Medcenter,” id. ¶ 168. It was not until this point that Medcenter contends it “learn[ed] that any of the WebMD Defendants had in fact misappropriated its trade secrets . . ., when it discovered that all of its pending Directed Projects had in fact been taken over by what it believed to be Medscape.” Id. ¶ 175. Medcenter alleges that “[t]he loss of all pending Directed Projects . . . by late 2017 had the effect of stopping . . . all of Medcenter's business development and anticipated revenues[] and resulted in the eventual financial collapse of Medcenter's entire business.” Id. ¶ 177.
Medcenter also asserts that WebMD breached a 2014 non-disclosure agreement (“NDA”) with Medcenter. See id. ¶ 1. Medcenter alleges the parties entered a contract containing the NDA on March 3, 2014, to facilitate WebMD's due diligence as it considered a potential acquisition of Medcenter. Id. ¶¶ 85-86. The agreement prohibited WebMD from using covered “confidential information . . . for any purpose other than evaluation” of the potential acquisition. Id. ¶ 88 (punctuation omitted). As a result of the contract, WebMD requested and received information about various key employees, including Mariel Aristu and Estefania Aristu. See Id. ¶¶ 93-94. Using “the confidential employment and related information [WebMD] had acquired under the NDA,” id. ¶ 113, Medcenter says defendants WebMD and Medscape “began aggressive attempts to recruit various Medcenter key employees and officers,” id. ¶¶ 108, 217. This information also “motivated and enabled” defendants' “targeting of Estefania and [Mariel] Aristu.” Id. ¶ 120.
On January 3, 2020, more than two years after the “collapse of Medcenter's entire business,” see Id. ¶ 177, Medcenter filed this suit, see Comp. In the instant motion, defendants seek various sanctions for spoliation under Fed.R.Civ.P. 37(e). In the alternative, they seek an order preventing Medcenter from introducing “any evidence at trial concerning or allegedly derived from the databases that comprised the alleged trade secrets at issue” or an order for “an adverse inference jury instruction.” Id.
II. LEGAL STANDARD GOVERNING A MOTION UNDER FED. R. CIV. P. 37(e)
“Spoliation is the destruction or significant alteration of evidence, or failure to preserve property for another's use as evidence in pending or reasonably foreseeable litigation.” In re Terrorist Bombings of U.S. Embassies in E. Afr., 552 F.3d 93, 148 (2d Cir. 2008) (internal quotation marks omitted) (quoting Allstate Ins. Co. v. Hamilton Beach/Proctor Silex, Inc., 473 F.3d 450, 457 (2d Cir. 2007)). A party seeking sanctions for spoliation has the burden of establishing the elements of a spoliation claim. See Residential Funding Corp. v. DeGeorge Fin. Corp., 306 F.3d 99, 107 (2d Cir. 2002) (citation omitted); accord John Wiley & Sons v. Book Dog Books, LLC, 2015 WL 5769943, at *6 (S.D.N.Y. Oct. 2, 2015) (citations omitted). “The party seeking discovery sanctions on the basis of spoliation must show” the elements of such a claim “by a preponderance of the evidence.” Klipsch Grp., Inc. v. ePRO E-Com. Ltd., 880 F.3d 620, 628 (2d Cir. 2018) (quoting Chin v. Port Auth. of N.Y. & N.J., 685 F.3d 135, 162 (2d Cir. 2012)).
While there is case law that addresses the elements of a spoliation claim generally, see, e.g., Residential Funding Corp., 306 F.3d at 107, a special rule governs spoliation of electronically stored information (“ESI”), which includes the electronic databases and emails at issue here. That rule, Fed.R.Civ.P. 37(e) provides:
If [ESI] that should have been preserved in the anticipation or conduct of litigation is lost because a party failed to take reasonable steps to preserve it, and it cannot be restored or replaced through additional discovery, the court:
(1) upon finding prejudice to another party from loss of the information, may order measures no greater than necessary to cure the prejudice; or
(2) only upon finding that the party acted with the intent to deprive another party of the information's use in the litigation may:
(A) presume that the lost information was unfavorable to the party;
(B) instruct the jury that it may or must presume the information was unfavorable to the party; or
(C) dismiss the action or enter a default judgment.
Whether evidence is ESI or not, “spoliation sanctions can be imposed only when the party seeking such sanctions demonstrates that relevant evidence has been lost.” See Leidig v. Buzzfeed, Inc., 2017 WL 6512353, at *7 (S.D.N.Y. Dec. 19, 2017) (citations and internal quotation marks omitted).
While Rule 37(e) does not specifically address the question of the obligation to preserve, the first element of a non-ESI spoliation claim, see Residential Funding Corp., 306 F.3d at 107, courts have recognized that the standard for showing that a party had an obligation to preserve evidence is the same for both ESI and non-ESI. See, e.g., Leidig, 2017 WL 6512353, at *8; accord Greene v. Bryan, 2019 WL 181528, at *4 n.5 (E.D.N.Y. Jan. 14, 2019). To meet this element, defendants must show that plaintiffs “had an obligation to preserve [the evidence] at the time it was destroyed.” Chin, 685 F.3d at 162 (quoting Residential Funding Corp., 306 F.3d at 107). In the usual situation, “[t]he obligation to preserve evidence arises when [a] party has notice that the evidence is relevant to litigation or when a party should have known that the evidence may be relevant to future litigation.” Fujitsu Ltd. v. Fed. Exp. Corp., 247 F.3d 423, 436 (2d Cir. 2001) (citation omitted); accord R.F.M.A.S., Inc. v. So, 271 F.R.D. 13, 23 (S.D.N.Y. 2010); Scalera v. Electrograph Sys., Inc., 262 F.R.D. 162, 171 (E.D.N.Y. 2009); Treppel v. Biovail Corp., 249 F.R.D. 111, 118 (S.D.N.Y. 2008). The duty to preserve evidence arises “most commonly when suit has already been filed, providing the party responsible for the destruction with express notice, but also on occasion in other circumstances, as for example when a party should have known that the evidence may be relevant to future litigation.” Kronisch v. United States, 150 F.3d 112, 126 (2d Cir. 1998) (citations omitted); accord In re 650 Fifth Ave. & Related Props., 830 F.3d 66, 105 (2d Cir. 2016).
A determination of “when the duty to preserve evidence arises may, under certain circumstances, be dependent upon the nature of the evidence.” Arista Records LLC v. Usenet.com, Inc., 608 F.Supp.2d 409, 430 (S.D.N.Y. 2009).
III. DISCUSSION
A. When the Plaintiffs' Duty to Preserve Began
The threshold consideration in a spoliation analysis is determining when Medcenter's duty to preserve evidence arose. See Fujitsu Ltd., 247 F.3d at 436 (articulating duty to preserve inquiry). “The advisory committee's note to the 2015 amendment of Rule 37(e) provides that in evaluating this factor, ‘Courts should consider the extent to which a party was on notice that litigation was likely and that the information would be relevant.'” Leidig, 2017 WL 6512353, at *8 (quoting Fed.R.Civ.P. 37(e) advisory committee's note to 2015 amendment). “The standard is an objective one, asking whether a reasonable party in the same factual circumstances would have reasonably foreseen litigation.” World Trade Ctrs. Ass'n, Inc. v. Port Auth. of N.Y. & N.J., 2018 WL 1989616, at *4 (S.D.N.Y. Apr. 2, 2018) (citations and internal quotation marks omitted), adopted, 2018 WL 1989556 (S.D.N.Y. Apr. 25, 2018).
The parties dispute the point at which this obligation arose. We analyze the possible points in time in chronological order.
1. June to July 2016
According to Medcenter's complaint, Estefania Aristu left Medcenter on April 15, 2016. See Am. Comp. ¶ 118. Mariel Aristu left Medcenter on June 7, 2016. See Fitzgerald Decl. ¶ 6. Relying on a series of emails, defendants argue that Medcenter was aware of its potential trade secrets claims in June and July 2016, following the departure of Mariel and Estefania Aristu. See Def. Mem. at 18-19.
In an email dated June 9, 2016, Sanmarco informed other Medcenter officials that both Mariel and Estefania Aristu “left the company and were hired by WebMD,” see Mitchell Decl. Ex. 26 (Docket # 74-26) (“Sanmarco June 9, 2016 Email”). The email also stated that:
This situation accelerates the financial difficulties we're facing since not only [will they] compete directly but they will take to WebMD all our knowledge, best relations with customers and very likely some of our opportunities.
I haven't received any response from you to my last email so, if you consider that there is a still any chance of legally enforc[ing] our NDA with WebMD, please let me know.
Any potential compensation is extremely required but the company lacks the resources to initiate a legal claim.
In case you didn't consider it possible, I will start to dismiss people and reduce the company to its minimum expression given that as it is, is no longer viable.Id.
The email reference an “NDA.” As noted previously, Medcenter alleges that it entered into contract containing an NDA with WebMD in 2014 to facilitate due diligence for WebMD as it considered a potential acquisition of Medcenter. Am. Comp. ¶¶ 85-86. A June 10, 2016. reply to the email from Michael Fitzgerald (a director at Medcenter Holdings, see Fitzgerald Decl. ¶ 1), said, “It seems to me that now may be the right time to take these guys on.” Sanmarco June 9, 2016 Email.
In an email dated July 4, 2016, Fitzgerald wrote Mariel Aristu “on behalf of the Board of Directors of Medcenter Holdings Inc.,” in which he contended that she “remain[ed] President of the Argentina Affiliate” of Medcenter and warned her that:
As you are well aware, (a) Holdings was in discussions with WEBMD concerning an acquisition of the Medcenter Group, (b) those discussions were subject to express confidentiality provisions which extended to cover information concerning the Medcenter Group, (c) Holdings advised WEBMD that WEBMD was breaching those confidentiality provisions by approaching and seeking to recruit key management within the Medcenter Group, and (d) you agreed with the position taken by Holdings, not least because you advised Daniel that WEBMD had sought to recruit you and you encouraged Holdings to write to [WEBMD] to that effect, which [it] did.
It is clear to Holdings, on the basis of your position at Medscape as described, that you are using information which is confidential to the Medcenter Group and that the use of such information was known and intended by each of you and WEBMD. We consider you and WEBMD to be in breach of (at least) your respective agreements with the Medcenter Group (including, together with WEBMD, the wrongful interference with the business of the Medcenter Group).See Mitchell Decl. Ex. 25 (Docket # 74-25) (“Fitzgerald July 4, 2016 Email”).
Finally, defendants point to messages exchanged between Sanmarco and Mariel Aristu, in which Sanmarco (1) said on July 15, 2016 that “We're going to see if WebMD decides to continue with your contract when it gets served the lawsuit from Mike Fitzgerald,” see Mitchell Decl. Ex. 23 (Docket # 74-23) (“July 15, 2016 Messages”) at ARISTU0007005, and (2) said on August 11, 2015 that “I'm going to file the suit,” id. at ARISTU0007006. For his part, Sanmarco contended that this latter statement refers to a suit for custody of their daughter (Sanmarco and Mariel Aristu are the girl's parents). See Sanmarco Decl. ¶ 33. He provides additional messages from the exchange that include statements unmistakably supporting that contention, including the statement: “I'm going to petition for custody of my daughter.” See id.; Sanmarco Decl. Ex. B (Docket # 80-2) (“Sanmarco-Aristu Messages”).
The translation of this message was provided by defendants. See Def. Mem. at 19. Medcenter disputes one point of their translation, arguing that the word “demanda” in the context of this statement is more properly understood as meaning “demand” or “claim” rather than “lawsuit,” as defendants translated it. See Pl. Opp. at 12; Sanmarco Decl. ¶ 35. It is not necessary to resolve this dispute as the Court would reach the same result with either translation.
This email evidence is not sufficient to allow a finding that any duty preserve arose during this period. The Sanmarco June 9, 2016 Email raises only Mariel Aristu's contractual and fiduciary responsibilities generally and WebMD's confidentiality agreement with Medcenter. The complaint alleges that under the NDA, Medcenter allowed WebMD to interview Medcenter employees, see Id. ¶ 210, and provided information regarding Medcenter's business model, id. ¶ 218. Thus, we cannot find that the parties were referring to the theft of any databases by Mariel Aristu when they had their email exchange of June 9 and 10, 2016. This is borne out by in Fitzgerald's email to Mariel Aristu a month later, which discusses WebMD's agreement and accuses WebMD of “breaching [] confidentiality provisions” that were tied to acquisition talks. See Fitzgerald July 4, 2016 Email. This email addresses only Mariel Aristu's contractual and fiduciary responsibilities and WebMD's confidentiality agreement with Medcenter, not the theft of trade secrets in the form of the Physicians and Salesforce Databases by Mariel Aristu or anyone else.
Although these emails do show the contemplation of litigation against WebMD as to whether it revealed information that had been provided confidentially, they do not evince any understanding of the possibility of the trade secrets claims here - that is, claims that allege that defendants acquired proprietary information through Mariel Aristu that was stolen from Medcenter. Defendants' argument that the unauthorized use of confidential information referred to in these emails is actually related to the theft of the Physicians and Salesforce Databases, see Reply Br. at 12-13, is made without citation to relevant evidence in the record and appears to ignore the difference between the trade secrets claims at issue in this case (which concern the theft of the databases) and other claims, such as claims regarding the violation of a confidentiality agreement between Medcenter and WebMD and claims against Mariel Aristu over various duties she owes to Medcenter (or threats or appeals to her regarding her knowledge of Medcenter's business and employees). There is no evidence that Sanmarco's July 2016 text messages to Mariel Aristu, see July 15, 2016 Messages at ARISTU0007005-ARISTU0007006, reflect any contemplation of trade secrets litigation between Medcenter and any of the defendants. It is clear that Sanmarco's first “lawsuit” message refers to other potential litigation between the parties, not the trade secrets claims here that concern the databases. There is also uncontradicted evidence that Sanmarco's second threat regards a personal dispute between him and Mariel Aristu concerning custody of their daughter, not anything to do with litigation involving Medcenter or the defendants. See Sanmarco Decl. ¶ 33; Sanmarco-Aristu Messages.
The breach of contract claim in this case involves plaintiffs' contention that defendant WebMD has improperly taken advantage of information it accessed under the 2014 NDA and that it was able to poach Medcenter employees and clients, including Mariel Aristu, and that, relatedly, her knowledge and experience helped the defendant do so. See Am. Comp. ¶¶ 1, 93-94, 113. The trade secrets claims, by contrast, involve an alleged scheme by defendants and Mariel Aristu to steal the two databases. See id. ¶¶ 3-5, 167-168. Although there is a similarity to these claims, the basis of each is different, so the notice Medcenter had regarding the duty to preserve evidence relevant to its breach of contract claim is not necessarily notice of the duty to preserve evidence relevant to its trade secrets claims. Defendants have made the instant motion over the spoliation of databases and emails relevant to the trade secrets claims. Thus, the inquiry now is when Medcenter should “have reasonably foreseen litigation” with respect to those trade secret claims, not when it had notice of its breach of contract claims. World Trade Ctrs. Ass'n, Inc., 2018 WL 1989616, at *4 (citation omitted).
We are certainly aware that courts commonly trace the beginning of the duty to preserve to the date a plaintiff “threaten[s] legal action.” Karsch v. Blink Health Ltd., 2019 WL 2708125, at *18 (S.D.N.Y. June 20, 2019). But because the threat of legal action at this stage had nothing to do with the allegedly spoliated evidence, the cases that defendants have relied on do not support their position. Thus, in World Trade Ctrs. Ass'n, Inc., the defendant argued a plaintiff's duty to preserve arose in June 2011 because the plaintiff “was then preparing for litigation against the” defendant. 2018 WL 1989616, at *4-5. The court rejected this argument because the evidence showed this preparation was for a dispute over office space, not a dispute over the trademark claim in the lawsuit. Id. at *5; accord CBF Industria de Gusa S/A v. AMCI Holdings, Inc., 2021 WL 4190628, at *14 (S.D.N.Y. Aug. 18, 2021) (letter warning of a breach of contract did not trigger a duty to preserve evidence related to fraud). We thus find no duty to preserve evidence arose in June to July 2016 with respect to the trade secrets claim.
2. August 31 and September 1, 2016 Meetings
Defendants point to the record of a meeting of Medcenter's Board of Directors on August 31, 2016, and a meeting of its shareholders the following day as another point in time at which the duty to preserve arose. See Def. Mem. at 19-21.
The minutes of the August 31, 2016 Board of Directors meeting reflect discussion of a proposal for “a general meeting [to] be called to address [Mariel Aristu's] removal and the filing of civil and criminal proceedings since she is abusing a privileged position in that, having secret commercial and corporate information at her disposal in her capacity as Vice President, she took advantage of it for her own purposes and/or for the benefit of third parties without any authorization whatsoever and in clear prejudice of Medcenter Solutions SA.” Mitchell Decl. Ex. 30 (Docket # 74-30) (“Aug. 31, 2016 Minutes”), at MEDCTR 0019642-MEDCTR 0019643.
The minutes of the September 1, 2016 Medcenter Argentina Board Meeting contain a statement that Sanmarco submitted on behalf of Fitzgerald and the Board unanimously approved. See Mitchell Decl. Ex. 31 (“Sept. 1, 2016 Minutes”), at MEDCTR0019607-MEDCTR0019609. This statement summarized Mariel Aristu's duties while working for Medcenter as including that she “had coordinated all of the commercial, economic, financial and strategic decisions of the company, and had the client relations IT system (CRM) utilized by the company known as salesforce.com under her direct control and management,” Id. at MEDCTR0019607, and that she “had been appointed as the liaison with those persons responsible for the audit commissioned by WebMD/Medscape in compliance with the confidentiality and stock sale agreement,” id. at MEDCTR0019608. The statement then accused her of taking advantage of “sensitive information handled by this company” to contact Medcenter clients. Id. at MEDCTR0019608. Finally, the statement said “the possession and utilization by her and her new employer of sensitive information protected under commercial and tax secrecy laws in prejudice of Medcenter Solutions SA, in consequence of which it is proposed to remove her from her position and initiate the corresponding proceedings for damages and losses” and for “entrusting the Chairman [of Medcenter Solutions SA] with the task of selecting the attorneys and immediate filing of the aforementioned proceedings.” Id. at MEDCTR0019609.
Defendants argue that these minutes show that Medcenter believed Mariel Aristu provided information from the Salesforce Database to WebMD and that Medcenter contemplated and authorized a lawsuit against her and WebMD over this. See Def. Mem. at 21. Plaintiffs have provided evidence, however, from Sanmarco - who was not only CEO but also a board member, see Sanmarco Decl. ¶ 1 - who gives uncontradicted testimony regarding the meaning of these statements. In brief, he notes that the minutes refer to Mariel Aristu's duties and role with Medcenter Argentina and her formal removal as vice president of that company. Id. ¶¶ 2021. Sanmarco also characterizes the references in the minutes to her having had access to “secret commercial and corporate information” as referring to her “broad knowledge” of Medcenter's business, and he notes that there is no indication in the minutes regarding the use of the Physicians Database or the Salesforce Database by Medcenter. Id. ¶ 21. Looking at the minutes themselves, the reference to “salesforce.com” was part of a description of Mariel Aristu's duties. Sept. 1, 2016 Minutes at MEDCTR0019607. There is no accusation within either set of minutes that Mariel Aristu stole all or part of the either the Physicians or Salesforce Databases and provided them to WebMD. Rather, the minutes reflect an apprehension about Mariel Aristu's exploitation of confidential information she was privy to in her role as a vice president at Medcenter Argentina (including information about clients from the Salesforce Database), WebMD's successful hiring of Medcenter employees, and WebMD's violation of the confidentiality agreement with Medcenter.
In light of this evidence and Medcenter's explanation, we cannot say that defendants have met their burden of proving that Medcenter harbored any belief at this time that Mariel Aristu had shared data from the Salesforce Database (or the Physicians Database) with defendants or that it should have harbored such a belief. Thus, we cannot say that Medcenter should have preserved evidence relating to trade secret claims during this period.
3. September to November 2016
Defendants point to various communications from September to November 2016 to argue the duty to preserve also could have arisen during this period. See Def. Mem. at 21-22.
First is a September 6, 2016 email that Sanmarco forwarded to Mariel Aristu, which states that it is from Fitzgerald “on behalf of the Board of Directors of Medcenter Holdings Inc.” Mitchell Decl. Ex. 32 (Docket # 74-32) (“Sept. 6, 2016 Email”), at WHELAN0000831-WHELAN0000832. This email said Mariel Aristu had recently posted on LinkedIn that she had begun working at Medscape and had communicated this “to all your contacts (including all the people in the Medcenter Group and most, if not all, of our clients).” Id. at WHELAN0000831. The email warned Mariel Aristu about the confidentiality agreement between Medcenter and WebMD and told her that Medcenter considered WebMD in breach of this agreement “by approaching and seeking to recruit key management within the Medcenter Group.” Id. It continued:
It is clear to Holdings, on the basis of your position at Medscape as described, that you are using information which is confidential to the Medcenter Group and that the use of such information was known and intended by each of you and WEBMD. We consider you and WEBMD to be in breach of (at least) your respective agreements with the Medcenter Group. We also consider such actions to be in breach of your confidentiality, fiduciary and other obligations to the Medcenter Group ....
We are instructing counsel in both Argentina and the U.S. to vigorously consider and pursue all claims and remedies as are available to the Medcenter Group against you and WEBMD.Id.
Fitzgerald wrote another email to Mariel Aristu dated November 11, 2016, that read in part:
I would also remind you that you played a central and imperative executive and senior management role in the Holdings Group for very many years. Your position has permitted you to enjoy access to and the use of privileged and
confidential information to all commercially and otherwise sensitive data concerning the pricing, strategies and operations of the Holdings Group and full and intricate knowledge of its relationships with the clients of the Holdings Group. All that data remains covered by the Services Agreement and is STILL confidential to Holdings and the relevant companies comprised in the Holdings Group. Moreover, as you are well aware, you have used such data not merely to secure your new position at WebMD, but to propose and secure on behalf of WebMD, product offerings to clients of the Holdings Group using the leverage gained from that confidential information....
I have no reservation in confidently asserting that both you and WebMD are knowingly in breach of (without limitation) the contractual, tortious and fiduciary duties and responsibilities you each relevantly owe to Holdings and the relevant members of the Holdings Group.Mitchell Decl. Ex. 35 (Docket # 74-35) (“Nov. 11, 2016 Email”), at MEDCTR0001155.
Once again, these emails do not show by a preponderance of the evidence any specific awareness by Medcenter that Mariel Aristu had taken trade secrets in the form of data from the Salesforce and Physicians Databases. Instead, they appear to address the information that was shared in 2014 with WebMD and potential violations of the confidentiality agreement between Medcenter and WebMD as well as the duties Medcenter contended Mariel Aristu owed Medcenter as someone who held various high-ranking roles within the Medcenter companies.
Indeed, the emails refer explicitly to the 2014 confidentiality agreement and concerns about Mariel Aristu and defendants poaching employees and, eventually, clients of Medcenter. See Sept. 6, 2016 Email; Nov. 11, 2016 Email.
4. Early 2017
Defendants argue that Medcenter's preservation duty arose in 2017, when Padilla investigated Mariel Aristu's use of Salesforce. See Def. Mem. 23-25; Reply Br. at 2-3, 6-7.
Padilla, the IT administrator, testified in a deposition that he was asked to generate a report on Salesforce to see who had generated prior reports in the Salesforce Database and that he was asked to do this in the “[b]eginning of 2017.” See Mitchell Decl. Ex. 5 (Docket # 74-5) at 76-77. Asked about running a report “in early 2017 to see which users had run reports to take data from Salesforce,” Padilla replied that he “ran a report to see who had run specific reports at a specific time,” Id. at 80, and he also testified that “a number of reports [ ] were run” that showed “[u]nusual or strange times and also locations from which the Salesforce was accessed or reports were accessed different from the company itself,” id. at 84. The users he searched for included Mariel Aristu, and he ran these reports at Sanmarco's instruction. Id. Ultimately, Padilla testified that “[i]n the case of Mariel Aristu, we noticed that ten to fifteen reports had been run on the same day and at night which was completely unusual.” Id. at 87-88. At this same time, Medcenter was viewing Medscape's website and noting Medscape's entry into pharmaceutical marketing in Latin America, see Sanmarco Decl. ¶ 24, and this apparently included publications by Medscape of programs covering “some of the same drugs and pharmaceutical clients with whom Medcenter had been negotiating at the time [Mariel] Aristu left, including pharmaceutical projects for which [Mariel] Aristu had been responsible prior to her departure for Medcenter,” see Am. Comp. ¶ 166.
This “unusual” activity Padilla uncovered is directly related to the claims in this case - namely that Mariel Aristu was improperly accessing the Salesforce Database, enabling her to view its data and thus to unlawfully steal trade secrets from Medcenter. Although Medcenter states that it was not until October 2017 that it became aware of its trade secrets claims against defendants, see Pl. Opp. at 6-7, Medcenter's narrative fails to sufficiently explain what more information it needed to be on notice of its claims following the revelations about this unusual activity at a point at which Medcenter had begun losing clients to defendants. Accordingly, the reports showing this unusual activity meant Medcenter actually knew or should have known at that time that Mariel had potentially stolen information from Medcenter databases. The combination of the numerous threats of legal action on other issues put Medcenter “on notice that litigation” over the potential theft of data “was likely and that the information” from the databases “would be relevant.'” Leidig, 2017 WL 6512353, at *8 (quoting Fed.R.Civ.P. 37(e) advisory committee's note to 2015 amendment). Accordingly, we find the duty to preserve to begin following the “early 2017” Salesforce investigation.
B. Disclosures on the Physicians and Salesforce Databases
On January 3, 2020, more than two years after the “collapse of Medcenter's entire business,” see Am. Comp. ¶ 177, Medcenter filed this suit, see Comp. In its initial disclosures under Fed.R.Civ.P. 26(a)(1)(A)(ii) dated May 26, 2021, Medcenter indicated that it might use “[d]ocuments concerning or relating to” the Salesforce Database and the Physicians Database. See Plaintiffs' Initial Disclosures, annexed as Ex. 11 to Mitchell Decl. (Docket # 74-11), at 17. With respect to both databases, Medcenter informed defendants that “[a]ll or a substantial portion” of the data was stored in a “Microsoft Azure platform” that was “accessible” to Medcenter. Id. As to the Salesforce Database, the disclosures stated that “Salesforce.com, Inc. and its affiliate . . . hosted and controlled the underlying database software and system through the Salesforce Sales Cloud - Enterprise Edition platform, which is in Salesforce's control.” Id.
A year and a half later, on July 23, 2021, however, Medcenter disclosed that the hosting arrangement for the Physicians Database had been “terminated due to lack of funds,” that “[d]ata was backed up from the Microsoft cloud server before that account was terminated, but some portions of the underlying data were not able to be backed up,” and that Medcenter would produce the backed up data. See Plaintiffs' Reponses and Objections to Defendants' Initial Interrogatories, annexed as Ex. A to Werbin Decl. (Docket 78-1), at 9. Medcenter has not provided a precise date on which it lost the Physicians Database, but Sanmarco stated that due to an inability to pay Microsoft, Medcenter “started to lose access to some of the Azure-hosted databases in mid to late 2017.” Sanmarco Decl. ¶ 8. The Physicians Database was apparently stored across multiple locations, and “once Microsoft terminated” Medcenter's access to certain storage locations, Medcenter “was not able to recover” the data they had stored in this fashion. Id. Medcenter did, however, maintain the storage subscriptions until at least February 2019 for a portion of data that made up what was once the entire Physicians Database: “contact and practice specialty data.” Padilla Decl. ¶¶ 19-21. Padilla backed up this information in February 2019, and this is the only portion of the Physicians Database that Medcenter retained and produced in this case. See id. ¶ 21.
The Salesforce Database as originally used by Medcenter was also not produced. Medcenter says it had to let its subscription to Salesforce lapse by the end of 2018 because “there were no operating funds available to renew the contract and Medcenter was out of business” at which point it lost access to the Salesforce Database. See Sanmarco Decl. ¶ 10. Prior to the lapse of this subscription, in September 2018, Padilla requested and downloaded all of the information Medcenter had stored in Salesforce, which Medcenter received and maintained in the form of spreadsheets of the information that previously made up the Salesforce Database. See Padilla Decl. ¶¶ 3, 4, 6-7. Medcenter provided this download to defendants. See id. ¶ 7; Werbin Decl. ¶ 9. In an effort to obtain “even more information,” Medcenter served a subpoena on Salesforce dated August 3, 2021. See Pl. Opp. at 33-34; Notice of Subpoena to Salesforce.com Inc., annexed as Ex. F. to Werbin Decl. (Docket # 78-6). Medcenter thereafter informed defendants that “we were advised by Salesforce's in-house litigation counsel in early August [2021] that Salesforce has no data or activity logs, and that all records would have been deleted within 90 days of an account being closed, consistent with Salesforce's data retention policy.” See Pl. Opp. at 34; Werbin Decl. Ex. G. (Docket # 78-7), at 2.
C. Request for Sanctions as to the Physicians Database
1. When Spoliation Occurred and Whether Medcenter Took “Reasonable Steps” to Preserve Data
Because the Physicians Database was stored across multiple locations and Medcenter lost access to some of these locations as its business collapsed, Medcenter contends it was only able to save a portion of data that made up what was once the entire Physicians Database: data that it to refers to as “Contact Data,” which consists of “contact and practice specialty data” for the physicians in the database. Padilla Decl. ¶¶ 19-21; Pl. Opp. at 19. The rest of the Physicians Database was not preserved in any form. According to defendants, this lost data includes “granular detail about user engagement with the Medcenter site,” Reply Br. at 4, - that is, information about how physicians listed in the database engaged with the Medcenter site. Defendants quote from a Medcenter salesperson who noted that the Physicians Database included information about the physicians' “preference, the kind of information they would be looking for, the programs they participated in, all the history they had with Medcenter. It had a lot of information, not just the contact data.” Id. at 5; Excerpts from Transcripts of Deposition of Carol Calva, annexed as Ex. 1 to Mitchell Reply Decl. (Docket # 89-1), at 37.
No sanction is issued with respect to the “Contact Data” because that information is still intact. But it is clear that there has been a loss with respect to the remaining information, which we shall refer to as the “Non-Contact Data.”
With respect to the Non-Contact Data, the first element of the spoliation analysis is met: that is, the requirement “that the party having control over the evidence had an obligation to preserve it at the time it was destroyed.” Chin, 685 F.3d at 162 (2d Cir. 2012) (internal quotation marks omitted) (quoting Residential Funding, 306 F.3d at 107). This is evident from the fact that, while Medcenter has not provided a precise date on which it lost the Physicians Database, it is undisputed that it first began to lose access to the Azure-hosted databases - that is, the both the Physicians Database and the Salesforce Database - in “mid to late 2017,” Sanmarco Decl. ¶ 8, after its duty to preserve arose.
The parties also dispute whether Medcenter sold the Physicians Database and Salesforce Database to another entity in October 2017. See Def. Mem. at 16-18; Pl. Opp. at 3031; Reply Br. at 7-12. Because it appears these databases were lost at least in part following the early 2017 date at which the duty to preserve arose, it makes no difference whether Medcenter sold the rights to the databases or not. Either way, Medcenter had relevant information, did not retain it, and there is no evidence showing that it exists, whether the rights to it were sold or not.
Before imposing sanctions, Rule 37(e) requires a showing that the spoliating party “failed to take reasonable steps to preserve” the evidence and that the evidence “cannot be restored or replaced through additional discovery.” Medcenter states that in 2019 it backed up the Contact Data from the Physicians Database, see Pl. Opp. at 22, but as to the Non-Contact Data, it provides no intelligible explanation as to why this data could not have been downloaded. Defendants made this very point, Def. Mem. at 29-30, 33-34, but Medcenter's response merely refers vaguely to the fact that Azure's hosting services “could not be paid for” or that it contained “terabytes” of data that would be “impractical” to back up. Pl. Opp. at 22. As to the payment issue, the issue of paying for hosting is not germane to the Non-Contact Data. Instead, the issue is whether it was downloadable and could be preserved without hosting in the same way the Contact Data was. As to the claim that it was “impractical” to do so, the Court does not accept this explanation as Medcenter does not give any detail or plausible explanation as to why it could not download and store the data even if there were “terabytes” of such data. The only evidence on this point is Sanmarco's conclusory assertion that Medcenter lacked the “human resources” to capture and preserve the “huge, complex system” that made up the Physicians Database. See Sanmarco Decl. ¶ 8. This claim is not sufficiently substantiated and is particularly weak given that Medcenter preserved data from the Salesforce Database. See Padilla Decl. ¶ 3.
For these reasons, we find that Medcenter failed to take reasonable steps to preserve the Non-Contact Data from the Physician's Database.
2. Culpable State of Mind
Having established that the Non-Contact Data from the Physicians Database was spoliated, we now turn to the question of whether Medcenter showed a “culpable state of mind” in failing to preserve. Chin, 685 F.3d at 162. Rule 37(e)(2) requires a finding of “intent to deprive” before the court may “(A) presume that the lost information was unfavorable to the party; (B) instruct the jury that it may or must presume the information was unfavorable to the party; or (C) dismiss the action or enter a default judgment.” Given the severity of these sanctions, courts in this Circuit typically require “clear and convincing evidence” for a showing of “intent to deprive.” In re Keurig Green Mountain Single-Serve Coffee Antitrust Litig., 341 F.R.D. 474, 496 (S.D.N.Y. 2022) (collecting cases); accord Lokai Holdings LLC v. Twin Tiger USA LLC, 2018 WL 1512055, at *8 (S.D.N.Y. Mar. 12, 2018) (“Although Rule 37(e)(2) does not specify the standard by which the ‘intent to deprive' must be established, it is appropriate, given the severity of the sanctions permitted under that provision of the Rule, for the intent finding to be based on clear and convincing evidence.”).
Defendants argue that Medcenter had such “intent to deprive” based on Medcenter's choice to maintain part of the Physicians' Database - namely, the Contact Data - and not maintain the remainder of the database - that is, the Non-Contact Data. Defendants rely on cases that have found that “selective preservation” of evidence provided proof of an intent to destroy the unpreserved evidence. See Def. Mem. at 31-33; Reply Br. At 21.
We agree that in some situations a selective choice to allow the destruction of evidence may provide evidence of an “intent to deprive.” See Mule v. 3-D Bldg. & Constr. Mgmt. Corp., 2021 WL 2788432, at *12 (E.D.N.Y. July 2, 2021). But as was apparently true in Mule, this argument is strongest when the party at issue was specifically aware of an ongoing proceeding for which the data was relevant, which is not the case here. See id. at 11-12. In other cases finding intent based on a selective preservation theory, there was evidence that obviously favorable data was preserved and unfavorable data was deleted. See, e.g., CAT3, LLC v. Black Lineage, Inc., 164 F.Supp.3d 488, 499-501 (S.D.N.Y. 2016). The issue is fact sensitive but defendants have given no reason why plaintiffs would have believed that the Contact Data was more beneficial to preserve that the Non-Contact Data.
Defendants also suggest there was an intent to deprive by disputing Medcenter's assertion that it failed to preserve the Physicians Database because Medcenter could no longer afford to maintain the Microsoft Azure platform that hosted it. See Def. Mem. at 33-34; Reply Br. at 1518. While defendants point to some unusual measures that could have been employed to obtain funds to preserve the databases, such as seeking litigation funding from Medcenter officers or investors, the mere fact that such unusual measures were not resorted to does not suggest that there was an intent to deprive defendants of the Non-Contact Data. We agree that there is much that is unknown about Medcenter's finances and that is has failed to provide specific evidence that would fully explain the financial basis of its decisionmaking with respect to the Non-Contact Data. But we cannot find by clear and convincing the evidence that the absence of this evidence demonstrates that Medcenter harbored an intent to deprive defendant of the Non-Contact Data.
Defendants also appear to argue that the Physicians Database, along with the Salesforce Database, was sold to another company called Mednet Solutions S. de R.L. de C.V. (“Mednet”) in October 2017, see Def. Mem. at 13, 16-18, and that this reflects an intent to deprive, see Reply Br. at 7-12. For its part, Medcenter denies ever effectuating the sale and notes that Medcenter Holding's Board of Directors never approved a sale of Medcenter's assets. See Pl. Opp. at 3031, 40. Sanmarco maintains that Mednet “acted only as an agency for Medcenter for a limited time period, to assist Medcenter in fulfilling its remaining contractual obligations to certain pharma clients in late 2017 and 2018” because “Medcenter had effectively closed its business by the fall of 2017.” Sanmarco Decl. ¶ 25. It is not necessary to resolve this dispute because a sale to another entity does little to show that Medcenter was trying to deprive the defendants here of anything.
Finally, defendants have identified a series of statements in Medcenter's declarations that they say were contradicted by deposition testimony. They argue that these contradictions were so blatant that they are evidence of intent to spoliate. Reply Br. at 25-29. We reject this argument first because these supposed contradictions are not as clear as defendants claim them to be, and thus they are not contradictory to such a degree that we would use them as the basis for a finding an intent to deprive. Moreover, each of the cases cited by defendants in aid of this argument relied on a finding of discrepancies by a spoliating party in conjunction with some other basis to find intent. See, e.g., Hice v. Lemon, 2021 WL 6053812, at *6 (E.D.N.Y. Nov. 17, 2021) (inferring intent to deprive based on contradictory statements and affirmative evidence about attempts to hide unfavorable evidence), adopted, 2021 WL 6052440 (E.D.N.Y. Dec. 21, 2021).
In the end, Medcenter has offered a plausible explanation for why it distinguished between the Contact Data and the Non-Contact Data having to do with the cost and practicality of downloading the data. Even if we have found that its actions were not justifiable based on an objective test, this is not the same as a finding that Medcenter's unjustified actions amounted to an intent to deprive the defendants of relevant evidence. But more to the point, Medcenter had no real motive to preserve one portion of the Physician Database and not the other given that it was contending that all of the database contained its trade secrets.
As one case has noted, where “the presented evidence is capable of more than one interpretation,” a court “will not make a finding of intent to deprive on the basis of suspicion alone.” Lokai Holdings LLC, 2018 WL 1512055, at *16. Ultimately, none of defendants' attempts to argue for a finding of intent to deprive have satisfied us that “the loss cannot be credibly explained as not involving bad faith by the reason proffered by the spoliator.” In re Keurig Green Mountain Single-Serve Coffee Antitrust Litig., 341 F.R.D. at 496 (citation omitted). Defendants have not met their burden by clear and convincing evidence. Therefore, the harshest sanctions provided under Rule 37(e) are unavailable.
3. Prejudice
While we have not found an intent to deprive, which is a prerequisite to the harsh sanctions listed in Rule 37(e)(2), defendants have also moved for relief under Rule 37(e)(1). See Def. Mem. at 34. Rule 37(e)(1) requires a “finding [of] prejudice,” and where prejudice is found, it permits “measures no greater than necessary to cure the prejudice.” Here, it is axiomatic that in a case concerning the theft of particular trade secrets that spoliation of those very trade secrets is prejudicial to defendants. The spoliation deprives defendants of the ability to learn the specific nature of the secrets and to make judgments or hire an expert to opine on what their value might be.
Medcenter asserts that the portions of the Physicians and Salesforce Databases that it did produce “may be more than enough ESI for Plaintiffs to prove their claims or Defendants to defend their case,” but Medcenter does not explain how this is so. See Pl. Opp. at 40-41. Certainly, the relevance of the lost material is not disputed. Medcenter has alleged that the Physicians Database contained “extensive non-public granular data on each physician,” beyond contact information and practice specialty. Am. Comp. ¶ 33. Medcenter specifically acknowledges that part of the lost material includes the activity of medical professionals and their interactions with Medcenter, see Padilla Decl. ¶ 21, and the allegations in the complaint refer to the theft of many parts of the Physicians Database, not just the Contact Data. See Am. Comp. ¶¶ 71-72, 157, 169, 174, 182. As long as Medcenter is pursuing claims that defendants stole this information, it cannot obtain any advantage from the fact that this data has been lost.
To obtain curative sanctions, a party need not establish that some specific piece of vital evidence was in the other side's possession and then destroyed. Karsch, 2019 WL 2708125, at *21. Rather, “[i]t is sufficient if the existing evidence plausibly suggests that the spoliated ESI could support the moving party's case.” Id. (punctuation omitted). Under this framework, the defendants have easily succeeded in making a plausible suggestion. Indeed, it seems inevitable that the absence of the Non-Contact Data is prejudicial to defendants in that defendants cannot use the substance of the data to defend themselves against the charge that this specific trade secret was purportedly stolen.
4. What 37(e)(1) Sanction is Appropriate
Rule 37(e)(1) provides that where spoliation has caused prejudice to the moving party, the Court may impose measures “no greater than necessary to cure the prejudice.” While many of defendants' proposals for sanctions go far beyond what would be necessary to cure the prejudice arising from the loss or involve measures not permitted where there has been no finding of intent to deprive as described in Fed.R.Civ.P. 37(e)(2), defendants have suggested as one measure “[a]n order barring Medcenter from presenting any evidence at trial about the contents of the databases or their value.” Def. Mem. at 34.
We have considered the various possibilities and find that under the facts here, the measure that most directly cures the prejudice is to preclude plaintiffs from presenting evidence as to the nature or value of the Non-Contact Data. Simply put, it would be unfair to defendants to require them to counter evidence regarding the Non-Contact Data if they have been placed in the position of not having any access to that data. This is in accordance with case law that has allowed preclusion of evidence relating to material that was lost by a party even where there has been no intent to deprive. See, e.g., Lokai Holdings LLC, 2018 WL 1512055, at *17 (precluding a spoliating party “from offering testimony at trial as to the content of any unpreserved [materials] . . ., including any testimony suggesting that such [materials] would have supported any elements of their defenses or counterclaims”). Obviously, this ruling does not affect Medcenter's ability to offer evidence as to the Contact Data.
D. Request for Sanctions as to the Salesforce Database
1. Whether Salesforce Database was Lost After the Duty to Preserve Began and Whether Medcenter Took Reasonable Steps to Preserve It
Medcenter lost access to the Salesforce platform by “late 2018,” and the Salesforce company has not retained any of the associated data. See Sanmarco Decl. ¶¶ 10-11. However, the measures under Rule 37(e) only become available if, inter alia, the evidence “is lost because a party failed to take reasonable steps to preserve it.” See Fed.R.Civ.P. 37(e); accord Europe v. Equinox Holdings, Inc., 592 F.Supp.3d 167, 175 (S.D.N.Y. 2022). The party seeking sanctions has the burden of showing that the allegedly spoliating party did not take those steps. Europe, 592 F.Supp.3d at 177 (quoting Moody v. CSX Transportation, Inc., 271 F.Supp.3d 410, 426 (W.D.N.Y. 2017)). Courts have equated the failure to take reasonable steps “to roughly a negligence standard.” See Leidig, 2017 WL 6512353, at *10. Additionally, no sanctions may be imposed under Rule 37(e) if the lost ESI can be “restored or replaced through additional discovery.” Charlestown Cap. Advisors, LLC, 337 F.R.D. at 62 (quoting Fed.R.Civ.P. 37(e)). “Because electronically stored information often exists in multiple locations, loss from one source may often be harmless when substitute information can be found elsewhere.... If the information is restored or replaced, no further measures should be taken.” Fed.R.Civ.P. 37(e) advisory committee's note to 2015 amendment.
Medcenter had a “limited version” of Salesforce as of 2018. See Sanmarco Decl. ¶ 17. Medcenter asserts that it discontinued its Salesforce subscription due to an inability to pay “beyond 2018.” See id. ¶ 8, 10-11, 17. The usual rate for full hosting of the Salesforce Database cost Medcenter more than $30,000 annually, but even for the “limited version” it had as of 2018, Medcenter paid $12,564 for a 12-month subscription. Sanmarco Decl. ¶ 17; see Pl. Opp. at 25 n.5.
Before Medcenter's contract for Salesforce hosting services expired, Padilla downloaded and saved “a backup of all Medcenter data residing in that Salesforce system that Salesforce had made available before Medcenter lost complete access to that system.” Padilla Decl. ¶ 3. Padilla “created that backup for Medcenter and saved it to a hard drive” under his control in September 2018. Id. ¶ 3, 6. “All the backed-up data was exported from the Salesforce system in table file formats, and those table files were provided by [Padilla] to Medcenter's attorneys in this action.” Id. ¶ 4. The data came in table files, mostly in the “.csv” format viewable in software such as Microsoft Excel. Id. ¶ 7. Medcenter has provided examples of resulting documents from the Salesforce backup and explained how to find information within them. See id. ¶¶ 10-12; Exs. F, G, and H annexed to Padilla Decl. (Docket ## 83-6, 83-7, 83-8) (sealed exhibits). For example, Padilla has explained how the backup can be used to show records of “in-person meetings and calls between Medcenter personnel and Medcenter clients and potential clients over an extended number of years,” including for accounts associated with Mariel Aristu and her use of the Salesforce system. Padilla Decl. ¶ 13.
If Medcenter had completely lost access to any Salesforce data whatsoever, we would accept that it had not taken reasonable steps to preserve the data. See, e.g., Charlestown Cap. Advisors, LLC, 337 F.R.D. at 61 (failing to issue litigation hold or “otherwise informally preserve” is not reasonable) (citation omitted); EBIN New York, Inc. v. SIC Enter., Inc., 2022 WL 4451001, at *9 (E.D.N.Y. Sept. 23, 2022 (failing “to save or create copies of [ ] messages” hosted on a platform that does not retain copies longer than six months is unreasonable). But whether or not Medcenter took reasonable steps must be judged based not on a complete loss of the database but rather based on what actually occurred here, which is the preservation of database in a more limited form. The requirement of a party to take reasonable steps “does not call for perfection.” EBIN New York, Inc., 2022 WL 4451001, at *6. Thus, whether Medcenter acted reasonably here must be judged based on what it did in fact preserve.
We accept that it is not necessarily reasonable to require a company that has lost its revenue and is essentially a non-functioning entity, see Sanmarco Decl. ¶¶ 8, 10-13, 17, to pay for a hosting contract for potentially years when the data at issue can be preserved, even if it is in a less convenient form. As the commentary to Rule 37 notes, “[t]he court should be sensitive to party resources; aggressive preservation efforts can be extremely costly, and parties (including governmental parties) may have limited staff and resources to devote to those efforts. A party may act reasonably by choosing a less costly form of information preservation, if it is substantially as effective as more costly forms.” See Fed.R.Civ.P. 37(e) advisory committee's note to 2015 amendment. Here, Medcenter requested all of its information from Salesforce, downloaded all the information, and kept it for production in this case. See Padilla Decl. ¶¶ 3-4, 6-7. While the copy of the Salesforce Database does not retain the functionality it had when it was hosted on the Salesforce platform, the law does not require perfection. “Because the rule calls only for reasonable steps to preserve, it is inapplicable when the loss of information occurs despite the party's reasonable steps to preserve.” See Fed.R.Civ.P. 37(e) advisory committee's note to 2015 amendment.
We recognize there is a dispute between the parties as to whether the data provided to defendants from the Salesforce Database, apparently in the form of spreadsheets, is “substantially as effective” as what would have been available had the database been hosted. Defendants assert that the preservation of the underlying data is not sufficient because it did not capture all of the metadata and information about who searched and/or accessed the Salesforce Database, see Def. Mem. at 7 n.5, 12, 25, and because the spreadsheet files are illegible, see id.; Reply Br. at 3-5.
As to whether metadata and other information are missing from the Salesforce Database, Medcenter has provided evidence that information that is highly relevant to the claims and defenses in this case is in fact available within the files it saved. One critical issue in this case is which employees accessed the Salesforce Database and on what dates. Padilla has explained how reading a column labeled “last modified” in an exhibit from Medcenter's production, along with the associated user ID, shows who accessed a particular Salesforce record and when it was accessed. See Padilla Decl. ¶ 18. Indeed, defendants have already used such evidence to raise a suggestion that Medcenter altered a record after Mariel Aristu's departure. See Def. Mem. at 1314. But the larger issue here is that it is the defendants' burden to prove spoliation. Europe, 592 F.Supp.3d at 177 (citation omitted). Defendants have not proffered competent testimony demonstrating exactly what would have been available on the hosted Salesforce Database platform that they now need and do not have based on the current production.
Defendants also take issue with Medcenter not having records of the investigation undertaken by Padilla in early 2017. See Reply Br. at 3-4. This investigation was what triggered the duty to preserve evidence, however, and thus we do not find that the duty to preserve attached at the very moment the investigation occurred.
As to legibility, it is not clear to us that what Medcenter produced is actually illegible despite defendants' presentation on this point. As rendered by Medcenter, the spreadsheets can be read, sorted, and analyzed, and they do convey information as to the contents and usage of the Salesforce Database. For example, Padilla has provided a spreadsheet based on the produced data that associates given users of the Salesforce with their alphanumeric identification in the database, which allows Medcenter's attorneys “to find the commercial accounts for which” Mariel Aristu was the owner. See Padilla Decl. ¶¶ 10-11; Exs. F and G. annexed to Padilla Decl. (Docket ## 83-6, 83-7) (sealed exhibits). Viewing Exhibits F and G as filed under seal, one can see information as to identity, contact information, and information reflecting a “Last[]Activity” or “Last[]Modifi[cation]” in addition to a multitude of other categories of information. Id. This is far different from defendants' characterization of the “unstructured form” of the database being “virtually worthless from an evidentiary standpoint.” See Def. Mem. at 7 n.5; Reply Br. at 3. In fact, defendants' arguments regarding a portion of one of the Salesforce Database tables, see Reply Br. at 4, assumes without proof that the data cannot be displayed in other formats as is commonly true for database files, such as those accessed in Excel. Without testimony from an expert who has attempted to use the charts for an analysis of information as might actually be needed by defendants, the Court cannot find that the data provided to defendants is in fact insufficient.
Defendants make arguments regarding the personal wealth available to Medcenter's officials, investors, and litigation funders, suggesting that it was unreasonable to not access such resources to pay for continued hosting of the Salesforce Database. See Def. Mem. at 11-14; Reply Br. at 15-18. But these arguments presuppose that these resources were available and attributable to Medcenter itself from the beginning of the contemplation of litigation and that it would have been reasonable to require these individuals or entities to pay Medcenter's Salesforce hosting fees for years rather than simply relying on the copy of the underlying data that had been downloaded. See Def. Mem. at 12-13. Again, in the absence of proof showing that Medcenter should have known that the downloaded version of the data was inadequate for purposes of extracting relevant data, we cannot say that Medcenter had this obligation.
In sum, we find that Medcenter took reasonable steps to preserve data from the Salesforce Database. Thus, no spoliation sanctions are warranted.
E. Mariel Aristu and Estefania Aristu's Emails
Medcenter provides evidence that it deleted Mariel Aristu's and Estefania Aristu's email accounts from its systems for cost reasons in late 2016. See Sanmarco Decl. ¶ 32; Padilla Decl. ¶ 26. Medcenter also says Mariel Aristu's account was essentially empty when it first accessed her account following her departure from Medcenter on June 7, 2016. See Testagrossa Decl. ¶¶ 3-4. Defendants do not dispute the timing of the deletions, though they dispute that the email account was empty when first accessed by Medcenter. See Def. Mem. at 8-9.
As noted, the defendants' motion for sanctions is directed exclusively to evidence regarding the trade secrets claims, see Def. Mem. at 1-5, and the same applies to their efforts to obtain sanctions respect to the emails, see id. at 5; see generally Id. at 30, 33-34; Reply Br. 2124, 29. As discussed in section III.A above, the obligation to preserve evidence with respect to the trade secrets did not arise until 2017. Accordingly, because the destruction of the evidence occurred before the duty to preserve arose, no sanctions under Rule 37(e) are permitted.
F. Fees and Costs
Defendants have moved for an award of their expenses for bringing this motion. See Def. Mem. at 34-35. While Rule 37(e) - unlike other sections of Rule 37 - does not contain a specific subsection addressing the availability of expenses for bringing a motion, the power to award such fees is subsumed in the grant of authority in Rule 37(e)(1), which provides that a court may order appropriate “measures” to cure any prejudice resulting from spoliation. Case law recognizes that expenses in bringing a spoliation can come within such “measures.” See, e.g., Borum v. Brentwood Vill., LLC, 332 F.R.D. 38, 49-50 (D.D.C. 2019). Nonetheless, given that the defendants did not prevail on the bulk of their motion and given that we conclude that the prejudice from the loss of the Non-Contact Data share of the Physicians Database is fully cured by the preclusion of evidence relating to that database, we decline to award any further sanctions in the form of expenses.
Conclusion
For the foregoing reasons, the motion for sanctions (Docket # 73) is granted in part and denied in part. Specifically, the motion is granted to the extent that plaintiffs are precluded from presenting evidence as to the nature or value of the Non-Contact Data as described above.