Opinion
CIVIL ACTION NO. 1:15-cv-04140-AT
01-25-2016
Priority Payment Systems, LLC, Cynergy Data, LLC, and Priority Holdings, LLC, Plaintiffs, v. Signapay, LTD, Signapay, LLC, Andres Ordoñez, Tom Bohan, Intrend Software Solutions, and Gustavo Simone, Defendants.
Barry Goheen, Nicholas Griffin Hill, Stephen Paul Cummings, King & Spalding, Christopher Scott Prince, Priority Payment Systems, for Plaintiffs. Andrew C. Matteson, Joseph C. Peake, III, Stout Kaiser Matteson Peake & Hendrick, LLC, Joel W. Reese, Katie Dolan-Galaviz, Tyler J. Bexley, Reese Gordon Marketos, LLP, for Defendants.
Barry Goheen, Nicholas Griffin Hill, Stephen Paul Cummings, King & Spalding, Christopher Scott Prince, Priority Payment Systems, for Plaintiffs.
Andrew C. Matteson, Joseph C. Peake, III, Stout Kaiser Matteson Peake & Hendrick, LLC, Joel W. Reese, Katie Dolan-Galaviz, Tyler J. Bexley, Reese Gordon Marketos, LLP, for Defendants.
ORDER
Amy Totenberg, United States District Judge
This dispute between business competitors involving the alleged misappropriation of proprietary computer source code is pending before the Court on Plaintiffs' Motion for an Interlocutory Injunction [Doc. 6]. The Court held a hearing on January 19, 2016, and heard arguments from both parties as well as the testimony of two witnesses on behalf of Plaintiffs.
I. BACKGROUND
Plaintiff Priority Payment Systems is a merchant service acquirer company that contracts with merchants to process, for a fee, card transaction payments. According to the Complaint and Motion for Interlocutory Injunction, Priority is the number 20 merchant acquirer in the United States, processing nearly $20 billion annually for more than 135,000 merchants. Priority acquires its merchants through Independent Sales Organizations (“ISOs”), which are responsible for acquiring, signing up, and managing the merchants. Priority operates its business via a merchant management system, known as the Virtual Merchant Application System, or “VIMAS.”
Plaintiffs are Priority Payment Systems, LLC (“PPS”), Priority Holdings, LLC (Priority), and Cynergy Data, LLC (Cynergy). Priority Holding formed out of the 2014 merger of Plaintiffs Cynergy and PPS.
Defendants SignaPay, LTD, and SignaPay, LLC (collectively, “SignaPay”), are ISOs contracting with Priority. Plaintiffs allege that over the past year, SignaPay, has systematically engaged in a concerted effort to misappropriate the proprietary VIMAS system through improper means. According to Plaintiffs' motion and attachments, at least four Priority employees have left Priority and joined SignaPay. Each of these ex-employees, including Defendants Ordoñez and Bohan, was engaged in software development activities while employed by Plaintiffs.
On August 28, 2015, Priority discovered that one of its software programming contractors, Defendant Simone, unsuccessfully attempted to grant “file share” access to a ZIP file that contained a copy of the VIMAS source code to four external e-mail addresses associated with a company called Luma Consultores whose employees currently work as contractors for SignaPay in developing a competing system for SignaPay. On August 28, 2015, Simone also successfully granted file share access to the same ZIP file to his personal Hotmail account. Upon investigating this incident, Priority discovered that Simone had sent e-mails to Ordoñez, Bohan, and other ex-Priority employees who are now working for SignaPay, and that Simone had also been working for SignaPay for many months.
Plaintiffs seek a preliminary injunction (1) enjoining Defendants from restricting the scope of the forensic audit of their computer and e-mail systems for the purpose of determining whether, and to what extent, trade secrets or electronic copies of documents belonging to Plaintiffs remain on Defendants' computer or email systems; (2) prohibiting Defendants from continuing their development of their own merchant management system that is intended to compete with Priority's merchant management systems (SAFYER pronounced sapphire) until, at a minimum, the forensic audit is completed; (3) requiring Defendants to return or delete any and all trade secrets and other property, including documents and electronic copies of documents belonging to Plaintiffs; and (4) prohibiting Ordoñez from further breaching his contract with Plaintiffs.
Defendants object to Plaintiffs' request on the grounds that there is no evidence that Simone acted at SignaPay's direction or authority, and assert that it is more likely that his conduct was the result of a complete lapse in professional judgment. Defendants assert that they have no way of knowing whether SAFYER contains the VIMAS source code because they do not have access to the data in Simone's Zipfile.
Defendants oppose the scope of relief sought. According to Defendants Plaintiffs are attempting to use the preliminary injunction process as a competitive weapon to shut down their business. Halting development of SAFYER will be disruptive to Defendants' business, would create issues with the current functioning capacity of SAFYER used to manage 2,000 merchant accounts, and would require Defendants to fire the 4 software developers working on the project.
Defendants object to using PricewaterhouseCoopers (PwC), hired by Plaintiff, to conduct the requested forensic audit of their computer system. Defendants propose that if the Court permits an audit it should be (1) limited to a search of the SAFYER system for the VIMAS source code (not a search of all of the SignaPay Defendants' computer and electronic devices); and (2) conducted by a neutral party appointed under FRE 706.
In Reply, Plaintiffs assert that Defendants' proposed limitation on the scope of the audit to SAFYER would allow for potentially ridiculous results—(1) SignaPay can delete the VIMAS Source Code from SAFYER until the forensic audit is completed and then replace the code; and (2) SignaPay may not have yet incorporated the VIMAS Source Code, so it can wait to incorporate the VIMAS Source Code until after the forensic audit of SAFYER. Defendants' desire to avoid a search of their e-mails is unreasonable because of the undisputed evidence that Simone used e-mail to misappropriate Priority's VIMAS Source Code and that Simone and SignaPay employees regularly emailed each other as part of their work on SAFYER.
II. LEGAL ANALYSIS
A preliminary injunction is “an extraordinary and drastic remedy.” Siegel v. LePore , 234 F.3d 1163, 1176 (11th Cir.2000). To warrant such extraordinary relief, Plaintiffs must establish that: (1) they have a substantial likelihood of success on the merits, (2) they will suffer irreparable injury if the relief is not granted, (3) the threatened injury outweighs the harm the relief may inflict on the Defendants, and (4) entry of relief would not be adverse to the public interest. Bloedorn v. Grube , 631 F.3d 1218, 1229 (11th Cir.2011) (citing Siegel ). The purpose of a preliminary injunction is to preserve the positions of the parties as best the Court can until a trial on the merits may be held. Bloedorn , 631 F.3d at 1229 (citing Univ. of Tex. v. Camenisch , 451 U.S. 390, 395, 101 S.Ct. 1830, 68 L.Ed.2d 175 (1981) ).
Plaintiffs have met these requirements and shown their entitlement to some form of immediate injunctive relief at least with respect to their claim arising under the Georgia Trade Secrets Act (“GTSA”), O.C.G.A. § 10–1–760 et seq. The Court addresses first, the basis for Plaintiffs' entitlement to preliminary injunctive relief, and second, a reasonable scope of relief to protect Plaintiffs' interests pending a trial on the merits.
Despite removing this case based on the complete preemption doctrine as it applies to the Georgia Computer Systems Protection Act, and subsequent briefing ordered by the Court on the application of the complete preemption doctrine to Plaintiffs' claims, Defendants for the first time in their Response to Plaintiffs' injunction motion assert that Plaintiffs' trade secrets claim is also preempted by the Copyright Act. It is not. See TDS Healthcare Sys. Corp. v. Humana Hosp. Illinois, Inc., 880 F.Supp. 1572, 1581–82 (N.D.Ga.1995) ; CMAX/Cleveland, Inc. v. UCR, Inc. 804 F.Supp. 337 (1992) ; see also Bateman v. Mnemonics , 79 F.3d 1532, 1549 (11th Cir.1996) (noting that “[a]s a general matter, state law trade secret statutes have been deemed not to be preempted because the plaintiff must prove the existence and breach of a confidential relationship in order to prevail. As the court in Altai stated, “[t]he defendant's breach of duty is the gravamen of such trade secret claims, and supplies the ‘extra element’ that qualitatively distinguishes such trade secret causes of action from claims for copyright infringement that are based solely upon copying.”).
A. Substantial Likelihood of Success on the Merits
To succeed on a claim for misappropriation of trade secrets under the Georgia Trade Secrets Act (“GTSA”), O.C.G.A. § 10–1–760 et seq., requires a plaintiff to prove that (1) it possessed a trade secret and (2) the opposing party misappropriated the trade secret. Capital Asset Research Corp. v. Finnegan , 160 F.3d 683, 685 (11th Cir.1998) ; Amedisys Holding, LLC v. Interim Healthcare of Atlanta, Inc. , 793 F.Supp.2d 1302, 1310 (N.D.Ga.2011) ; Diamond Power Int'l, Inc. v. Davidson , 540 F.Supp.2d 1322, 1332 (N.D.Ga.2007).
(1) Definition of trade secret
The GTSA defines trade secrets as confidential, proprietary information such as technical or nontechnical data, formulas, patterns, compilations, programs, devices, methods, techniques, or processes that are not commonly known by the public and that:
(A) Derives economic value, actual or potential, from not being generally known to, and not being readily ascertainable by proper means by, other persons who can obtain economic value from its disclosure or use; and (B) Is the subject of efforts that are reasonable under the circumstances to maintain its secrecy.
O.C.G.A. § 10-1-761 (4). “Thus, computer software programs are trade secrets if the two pronged test is met.” CMAX/Cleveland, Inc. v. UCR, Inc. , 804 F.Supp. 337, 357 (M.D.Ga.1992).
Plaintiffs offered evidence that “Priority's success in the highly competitive merchant acquiring and payment processing business is due in large part to its proprietary merchant management systems, which have unique capabilities [and] competitive functionally]” for serving its customers (Independent Sales Organizations or “ISOs”). (Kiewet Aff. ¶ 20.) These ISOs have access to and use Plaintiffs' merchant management system in order to sign up merchants approved for credit transactions (referred to as merchant boarding) and to manage their merchant portfolios. (Id. ¶¶ 16-18.) Plaintiffs' merchant management system, VIMAS, was developed by their software developers, based on a proprietary computer code (the VIMAS source code), at great expense over several years. (Id. ¶¶ 21, 22, 24.) VIMAS is comprised of multiple modules and has several proprietary features that give it a competitive advantage over other companies' merchant management systems, including an expedited boarding process and the ability to evaluate potential credit risks and approve high-risk merchants, as well as the system's overall functionality that maximizes an ISO's ability to manage all aspects of its merchant portfolios. (Id. ¶¶ 27-30.) The portion of the VIMAS source code that was copied by Defendant Simone also contains a subcomponent called TSYS Express that allows Plaintiffs' system to communicate with TSYS, a third party credit card payment processor. (Id. ¶¶ 19, 56; Horine Aff. ¶¶ 19, 22.)
According to Priority's Chief Technology Officer:
Priority protects the confidentiality of its trade secrets, such as the VIMAS Source Code, in its contracts with ISOs, which use Priority's Merchant Management Systems forms to the ISOs to protect Priority's systems and data. The ISO contracts contain strict confidentiality provisions that specifically prohibit ISOs from obtaining the VIMAS Source Code for the Merchant Management Systems and bar the ISOs from reverse engineering the systems or using the VIMAS Source Code to develop competing systems.
(Id. ¶ 31.) In addition to these confidentiality provisions, Priority has implemented various other security measures to protect its trade secrets and other sensitive data, including requiring its employees to abide by its Employee/Contractor Security Policy and a Data Security Policy. (Horine Aff. ¶¶6-9.) Priority limits its employees' access to pre-approved data determined by their job responsibilities and data confidentiality classifications and prohibits the transmission of “Critical Data” to unapproved persons. (Id. ¶¶ 8-9.) The VIMAS source code is classified as “Critical Data.” (Id. ¶¶ 10-11.) While Priority uses Google for a number of its network functions, including Google Drive for data sharing, Priority's security settings prevents its employees and contractors from sharing files using Google Drive to outside parties. (Id. ¶¶ 12-13.) Priority's software programmers are required to undergo “Web Application Security Risk Training” annually and are required to certify that they “recognize the importance of maintaining the integrity of the systems” and may be subject to discipline or civil or criminal penalties if they fail to abide by Priority's security protocols. (Id. ¶ 16.) In addition, Priority employs external security controls, including the use of network infrastructure that is protected from outside interference or access by sophisticated firewalls. (Id. ¶ 17.) Priority also has “successfully completed its annual Payment Card Industry (PCI) audit which certifies compliance, by way of a PCI council approved Qualified Security Assessor (QSA), with the Payment Card Industry Data Security Standard (PCI-DSS) security compliance framework.” (Id. )
The Court finds that the evidence submitted with Plaintiffs' motion is sufficient to establish Plaintiffs' likelihood of success on the merits that the VIMAS source code constitutes a trade secret. See Amedisys Holding, LLC v. Interim Healthcare of Atlanta, Inc. , 793 F.Supp.2d 1302, 1311 (N.D.Ga.2011) (finding that company's practice of restricting access to documents designated as confidential to certain employees and only allowing transmittal of documents through protected computer and email system showed that company took reasonable efforts to maintain confidentiality of documents); Data Sys. Corp. v. Heinemann , 268 Ga. 755, 493 S.E.2d 132, 136 (1997) (affirming determination of trade secret, in part, because employer's confidentiality agreements and limited access constituted reasonable care); CMAX/Cleveland, Inc. v. UCR, Inc. , 804 F.Supp. at 357–58 (finding that company's protection of computer system, which served as company's main source of income, by use of restrictive license, non-disclosure, and confidentiality agreements, met the GTSA's two-prong trade secret test).
The Court rejects Defendants' assertion that because the VIMAS source code contains components that allow it to respond to public specifications designated by third party TSYS, it cannot constitute a trade secret. Defendants provided no legal or evidentiary support for its assertion and Plaintiff's Chief Technology Officer's testimony at the hearing regarding the proprietary nature of the TSYS Express framework and its various modules refuted Defense counsel's proposition. In addition, both the Georgia Supreme Court and courts in the Eleventh Circuit have rejected similar contentions. In Essex Group, Inc. v. Southwire Co., the Georgia Supreme Court held that the fact that some of the components of a program are within the public domain does not preclude trade secret protection for a unique process, design, operation, or other combination or integration of individual elements that afford the owner a competitive advantage. Essex Group, Inc. v. Southwire Co. , 269 Ga. 553, 501 S.E.2d 501, 503 (1998). Similarly, in Salsbury Laboratories, Inc. v. Merieux Laboratories, Inc., the court held:
“A unique process which is not known in the industry ‘can be a trade secret even if all of its component steps are commonly known.’ In other words, ‘ a trade secret process may be established even if known components are assembled and known techniques are combined to produce a useful process which is not known in the industry.’
735 F.Supp. 1555, 1569 (M.D.Ga.1989), aff'd. 908 F.2d 706 (11th Cir.1990).
(2) Misappropriation of trade secrets
The GTSA defines “misappropriation” of a trade secret to include:
(A) Acquisition of a trade secret ... by a person who knows or has reason to know that the trade secret was acquired by improper means; or
(B) Disclosure or use of a trade secret without ... [the owner's] express or implied consent by a person who:
(i) Used improper means to acquire knowledge of a trade secret;
(ii) At the time of the disclosure or use, knew or had reason to know that knowledge of the trade secret was:
(I) Derived from or through a person who had utilized improper means to acquire it;
(II) Acquired under circumstances giving rise to a duty to maintain its secrecy or limit its use; or
(III) Derived from or through a person who owed a duty to the person seeking relief to maintain its secrecy or limit its use ...
O.C.G.A. § 10–1–761(2). The Act defines “improper means” to include “theft, bribery, misrepresentation, breach or inducement of a breach of a confidential relationship or other duty to maintain secrecy or limit use, or espionage through electronic or other means.” Id. § 10-1-761(1).
“Improper means” does not include “reverse engineering of a trade secret not acquired by misappropriation or independent development.” Id.
Plaintiffs allege that Defendant Simone misappropriated the VIMAS source code while still contracted by Priority to develop a competing merchant management system, SAFYER, for Defendant SignaPay. The evidence at this preliminary stage of these proceedings indicates that Defendant Simone used improper means, breaching his duties of confidentiality and limited use of Plaintiffs' trade secrets, to acquire the VIMAS source code that constitutes the core of Plaintiffs' business as a merchant service acquirer. The evidence indicates that the portion of the VIMAS source code that Defendant Simone downloaded and transferred to his personal email account while he was simultaneously working for Plaintiffs and Defendant SignaPay included Plaintiffs' proprietary source code for the TSYS Express merchant boarding module and the merchant risk assessment module of its VIMAS merchant management system. According to Priority's Chief Technology Officer, the functionality of these modules is unique to VIMAS and gives Priority a significant advantage over its competitors. Defendants have offered no evidence to contradict Priority's evidence on this point. There is no direct evidence at this juncture whether Simone ultimately used the VIMAS source code in developing the software for SignaPay, though the evidence of the transfer and timing suggests this.
Plaintiffs further assert that Defendant SignaPay is also liable for misappropriation under the GTSA as a direct beneficiary of Simone's misappropriation of the VIMAS source code. The evidence indicates that SignaPay is actively developing SAFYER as a merchant management system to directly compete with Plaintiffs' VIMAS system. Plaintiffs believe that SignaPay is using or intends to use the VIMAS source code acquired by Defendant Simone in the development of its SAFYER system. The SignaPay Defendants assert that there is no evidence that they directed Simone or participated in Simone's conduct, and that they cannot be held liable for the conduct of an independent contractor absent such direction or participation.
Defendants are correct that there is no direct evidence in the record at this stage of these proceedings. There is, however, sufficient circumstantial evidence that gives rise to an inference that Defendant Simone was working in tandem with SignaPay executives and employees (formerly employees of the Plaintiff companies) on the development of the SAFYER system and that he had multiple email communications with SignaPay's Chief Technology Officer, Defendant Ordonez, and other SignaPay employees on the same day that he improperly accessed the VIMAS source code. The GTSA, by its express terms, extends liability for misappropriation of trade secrets to third parties who receive or benefit from trade secrets acquired by another by improper means. O.C.G.A. § 10–1–761(2).
The exact nature of Defendants' relationship with Simone is immaterial for purposes of liability under the GTSA, and the fact that Defendant Simone is an independent contractor, and not an employee of SignaPay, does not absolve Defendants from liability if they have knowledge of his conduct and derive a direct economic benefit based on their contractual relationship with him. See O.C.G.A. § 10–1–761(2) ; Salsbury Laboratories, Inc. v. Merieux Laboratories, Inc. , 908 F.2d 706, 712–14 (11th Cir.1990) (concluding that record supported inference that company was liable, along with its employees for the misappropriation of its competitor's trade secrets, where evidence indicated: “[1] Merieux was fully aware of Hildebrand's role in the development, production and licensing of MG-BAC at Salsbury[;] [2] Merieux began development of a competing vaccine only after Hildebrand was hired [;] [and] [3] the relationship between Merieux and Hildebrand ... was such that the company knew of and had an interest in the circumstances surrounding the work of Hildebrand and Berg performed at Salsbury and subsequently at Merieux.”); Amedisys Holding, LLC v. Interim Healthcare of Atlanta, Inc. , 793 F.Supp.2d 1302, 1311 (N.D.Ga.2011) (where employee took employer's referral logs for use at new employment to benefit new employer court granted preliminary injunction as to employee and employer finding “the use by Mack of wrongly appropriated Amedisys information in her work for Interim would be wrongful use within Mack's scope of employment for Interim to further Interim's business); Curtis 1000, Inc. v. Pierce , 905 F.Supp. 898 (D.Kan.1995) (finding evidence sufficient to infer that company intended, through its agreement with independent contractor, to profit from his use and disclosure of alleged trade secret of competitor, such that company could be held liable for misappropriation of trade secrets and that individual's status as an independent contractor rather than an employee would not shield company from the consequences of its own knowledge).
Plaintiffs have presented a pattern of evidence of its former employees and contractors' attempts to take the product of their labors to Defendant SignaPay in a time sequence that is highly concerning. While the limited evidence before the Court is not conclusive as to SignaPay's role in Simone's misappropriation of the VIMAS source code, the evidence is, at very least, strongly suggestive that Simone's role as SignaPay's software developer contractor is potentially sufficient to give rise to liability on the part of SignaPay under the GTSA.
B. Plaintiffs Will Suffer Irreparable Injury in the Absence of Injunctive Relief
Some courts have held that the mere threat of disclosure of a plaintiff's trade secrets constitutes irreparable injury justifying injunctive relief. Specialty Chem. & Servs., Inc. v. Chandler , 1988 WL 618583, *5 (N.D.Ga.1988) (Shoob, J.); but see Amedysis Holding, LLC , 793 F.Supp.2d at 1314 (noting that misappropriation of trade secrets is not per se irreparable harm). Other courts have held that a defendant's unauthorized use of proprietary trade secrets give the defendant an unearned advantage that constitutes irreparable injury to the plaintiff. See Amedysis Holding, LLC , 793 F.Supp.2d at 1314 (“The Court concludes that Amedisys will suffer irreparable harm if Mack is allowed to solicit patients from the same doctors and facilities that were referenced in the misappropriated Referral Logs or if Interim allows Mack to do so. Amedysis invested substantial time and expense to create the Referral Logs that Mack misappropriated. Allowing Mack to continue to solicit business ... will give Mack and Interim an unearned advantage in the marketplace and will likely cause Amedysis to lose patients and referral sources.”).
Accordingly, the Court finds that the evidence suggests that Defendant Simone and Defendant SignaPay may be using, or have used, the VIMAS source code (or some elements thereof) for SignaPay's own merchant management computer program SAFYER. However, Plaintiffs acknowledge that it is possible that SignaPay has not incorporated the VIMAS source code into its own SAFYER system.
Plaintiffs have demonstrated sufficient evidence, based on the apparent subterfuge of Defendant Simone, in conjunction with Defendants Ordonez and Bohan's attempted accessing of confidential Priority files (even if their efforts were unsuccessful or limited) to demonstrate that they are threatened with immediate and irreparable injury. If Defendants are allowed to complete development of a competing merchant management system potentially derived from Plaintiffs' proprietary source code, Plaintiffs' competitive market advantage and customer base from its advanced software system would be diluted. The later award of damages would not provide an adequate remedy at law for the serious harm that would be inflicted on the Plaintiffs' core business operation.
C. Plaintiffs' Threatened Injury Outweighs the Harm to Defendants and Injunctive Relief Will Serve the Public Interest
Plaintiffs' need to protect their proprietary computer source code under the circumstances of this case outweighs the burden on Defendants in delaying further development and use of the portions of their system pending a determination of whether the VIMAS source code or its derivative has been incorporated into SAFYER. “[A] party cannot use another's trade secrets so long as their product is substantially derived from the trade secrets.” Specialty Chem. & Servs. , 1988 WL 618583, at *5. The balance of hardships, thus weighs in Plaintiffs' favor. Equity demands that Defendants be prevented from using a program derived from the source code taken from Plaintiffs. Id. ; see also Amedisys Holding, LLC , 793 F.Supp.2d at 1314 (holding that defendant “cannot suffer compensable harm when enjoined from an unlawful activity”). If Defendants were allowed to unfairly develop a competing system based on Plaintiffs' code, Plaintiffs stand to lose significant revenue and the value of its proprietary system will “erode materially.” See Amedisys Holding, LLC , 793 F.Supp.2d at 1314.
There is a strong public policy for protecting trade secrets from misappropriation and in promoting fair competition. See Amedisys Holding, LLC , 793 F.Supp.2d at 1315 ; Specialty Chem. & Servs. , 1988 WL 618583, at *6 (“[I]t is axiomatic that our laws protect private property and set standards for business competition and that obedience to such laws is in the public interest.”) Plaintiffs have made the requisite showing that the public interest would be served by this Court's entry of a preliminary injunction enjoining Defendants from further abuse of the trade secrets wrongfully obtained by Defendant Simone.
D. Scope of Preliminary Injunctive Relief and Forensic Computer Audit
Plaintiffs have requested an overly broad injunction order based on circumstantial evidence at this early stage of the case. However, some form of injunctive relief and forensic review is warranted. In an effort to curtail the burden and prejudice Defendants may incur, the Court will order a more limited, and if necessary, multi-phased forensic audit of Defendants' computer and email system in order to determine whether the SignaPay Defendants are in possession of the VIMAS source code or otherwise conspired with Defendant Simone (or others) to misappropriate the VIMAS source code. Pending this review, Defendants are ENJOINED from continuing their development of any module of the SAFYER merchant management system that potentially incorporates or is derived from the VIMAS source code for THIRTY (30) DAYS OR UNTIL FURTHER ORDER OF THE COURT .
Defendants' cited authority, in the context of deficient discovery responses, is inapplicable.
--------
In light of Defendants' strenuous objection to the use of PricewaterhouseCoopers (PwC) to conduct the forensic audit, and because of Mr. Stainback's testimony that the scope of PwC's contract with Plaintiffs encompasses PwC working as a consulting and/or testifying expert on behalf of Plaintiffs, the Court will appoint an independent neutral forensic expert to conduct the examination of Defendants' computer system.
Accordingly, the Court APPOINTS K. David Benton of Altep, Inc. (“Altep”) as a neutral computer forensic examiner. Altep shall not be deemed an agent, representative, or expert of any party to this case, except that Altep shall contract directly with the parties regarding the work to be performed pursuant to this Order. Altep's work pursuant to this Order shall not be deemed the work product of either party. Altep shall execute an acknowledgement of a protective order governing confidential information, which shall be entered prior to the collection of any data pursuant to this Order. Altep shall begin its work, under Mr. Benton's supervision, detailed in this Order as soon as practicable and without delay.
Altep shall be permitted to image the SignaPay computer devices located at SignaPay's offices and work email accounts used by Defendant SignaPay, Andres Ordonez, and Tom Bohan for the purpose of conducting its audit. Plaintiffs are also directed to provide Altep a copy of the Zipfile containing the portion of the VIMAS source code allegedly copied by Defendant Simone. The Parties are directed to coordinate with Mr. Benton and Altep to determine an appropriate ESI search protocol, including search terms and the relevant date range for the search of email correspondence. To the extent the parties cannot agree on a date range, the Court orders the search of email back to September 27, 2014, the date on which Defendant Ordonez was discovered to have emailed Priority corporate data and file specifications to his personal Hotmail account. The initial ESI review shall be limited to a search of the work email accounts of Defendants Ordonez and Bohan for emails between Simone, Ordonez, Bohan and Javier Uanini located on SignaPay's computers. Based on the results of this initial search, the Court may order additional review of Defendants' ESI and devices, including the individual Defendants' personal electronic devices, such as telephones, tablets, and laptops, to the extent necessary.
Altep and its principals, directors, officers, employees, representatives, agents, assigns, and successors, will preserve and maintain the confidentiality of all electronically stored information (“ESI”) and will not disclose such ESI to any person or entity except with the prior, written consent of counsel for each Party, or if compelled to do so by a Court of competent jurisdiction. Altep agrees to indemnify Plaintiffs and Defendants against loss or theft of any ESI while in Altep's possession to the extent caused during the acquisition of the acquired data from Plaintiffs' or Defendants' devices except as caused by the party sought to be indemnified.
Altep's standard fees are set forth in its Statement of Work, a copy of which will be provided to the parties under separate cover. Altep shall bill for its work in accordance with those fees. Altep's fees and expenses for services shall be split, initially, equally by the parties. Altep's duties and the process for data review are more specifically detailed in the Statement of Work. Altep shall submit to both parties and the Court its invoices for costs and service performed according to its normal billing cycle. If any party objects to the fees and costs, then it shall file an objection within seven (7) days after receiving the invoice, but only after first attempting to resolve the dispute with Altep in a conference in which all parties are invited to attend, or through written or electronic communication means with a contemporaneous copy being transmitted to all counsel by equivalent means of delivery.
After Altep has been appointed by the Court, all communications between Altep and counsel for either of the parties shall take place either in the presence of opposing counsel (whether in person or by conference call) or through written or electronic communication means with a contemporaneous copy being transmitted to opposing counsel by equivalent means of delivery.
The parties shall provide Altep with access to any documents necessary to perform its duties as outlined in this Order. Altep shall provide the parties with a report listing each source of ESI imaged pursuant to this order which shall include: a detailed description of each device; the name of the manufacturer of the device and its model number and serial number if any; the name of the hard drive manufacturer and its model number and serial number; the name of any network card manufacturer and its model number, serial number, and MAC address wherever possible; and the date the image was made. Altep shall provide status reports to the Court upon request or as needed for direction in any matters for which the parties are unable to reach agreement.
Once the appointment is effective, Altep is directed to proceed with reasonable diligence to expeditiously perform the duties and responsibilities set forth herein in an efficient and cost-effective manner. Altep shall take reasonable steps to avoid generating undue and unreasonable expense and/or delay.
III. CONCLUSION
As set forth above, it is hereby ORDERED that:
(1) Pending completion of the forensic audit as described in this Order, Defendants are ENJOINED from continuing their development of any module of the SAFYER merchant management system that potentially incorporates or is derived from the VIMAS source code, or alternatively is designed to accomplish an expedited “merchant boarding” process and the VIMAS risk assessment capability, for THIRTY (30) DAYS OR UNTIL FURTHER ORDER OF THE COURT .
(2) The Court APPOINTS K. David Benton of Altep, Inc. (“Altep”) as a neutral computer forensic examiner to conduct an audit as set forth herein, and consistent with the forthcoming Statement of Work;
(3) Defendants are PROHIBITED from deleting emails from the personal electronic devices of its employees and are DIRECTED to preserve all such devices;
(4) Within three (3) days of the entry of this Order, Plaintiffs are DIRECTED to provide Altep with a copy of the Zipfile containing the portion of the VIMAS source code allegedly copied by Defendant Simone;
(5) Within three (3) days of the entry of this Order, the Parties are DIRECTED to conduct a telephone conference with Mr. Benton to discuss an ESI protocol and search term development;
(6) Within seven (7) days of the entry of this Order, the Parties are DIRECTED to finalize the ESI protocol to be used by Altep; and
(7) No later than twenty-one (21) days of the entry of this Order, Altep shall submit the results of its forensic analysis of Defendant's work email accounts pursuant to the parties' ESI search protocol, and to recommend to the Court what, if any, further review of Defendants' ESI or devices is necessary.
Alternatively, if the Parties can jointly consent to an expedited schedule for completing the initial phase of the forensic computer audit, they can submit the proposed schedule to the Court for approval.
IT IS SO ORDERED this 25th day of January, 2016.