Court concludes that ‘egregious’ spoliation warrants ‘harshest sanction available’

Folino v. Hines

No. 17-1584 (W.D. Pa. Nov. 14, 2018)

In this computer hacking case, the court concluded that one defendant blatantly and intentionally spoliated critical evidence.

It therefore granted the plaintiff’s motion for spoliation sanctions, ordering default judgment in his favor.

The plaintiff, John Folino, initiated this case under the Computer Fraud and Abuse Act. He alleged that “his personal email account was accessed without his permission.” Folino ultimately identified two named defendants, Michael Hines and Alison Ly. This motion involved only Ly.

Ly unequivocally denied “involvement in or knowledge of any hacking” of Folino’s computers. Folino and Ly “agreed to settle the case…in exchange for the ability to examine [Ly’s] computers” for evidence of third-party activity. The parties executed their settlement agreement on April 27, 2018.

Folino’s expert subsequently examined Ly’s devices. He found that her two iPads had been “wiped of all data” due to a factory reset. Both iPads were reset on April 26, 2018. Likewise, Ly’s computer had also been wiped. Folino’s forensic team could not recover any of the lost data.

Folino’s counsel demanded an explanation, but none was forthcoming. Folino therefore moved for spoliation sanctions.

In her response, Ly “denied wiping the hard drive, resetting the iPads, or committing any spoliation of evidence.” She did, however, admit that the devices had all been in her home.

The court “easily” concluded that the facts satisfied the prerequisites for sanctions under Federal Rule of Civil Procedure 37(e). Ly was obligated to preserve the electronically stored information (ESI) on her devices. Indeed, her settlement agreement was “contingent” on Folino obtaining that data. Yet, while the devices were within her control, the ESI on them was lost. Nor could that evidence be replaced.

The court next found that Ly spoliated the ESI on her devices with the intent to deprive Folino of evidence. The court considered three factors in making that determination.

First, the court found that “Ly had control over the devices,” as they were within her home. She also provided them for forensic examination, demonstrating her possession. Second, the court noted that “only an intentional action could have reset the iPads and wiped the computer.” Finally, the resets occurred when Ly “was acutely aware of [the data’s] importance” in the litigation. The court held that the timing of that spoliation — on the eve of the settlement execution — “evince[d] bad faith.”

In sum, “the egregious nature of [] Ly’s conduct…warrant[ed] the harshest sanction available” under Rule 37(e)(2). Ly’s conduct displayed a high degree of fault, as she “knowingly suppressed” the ESI on her devices. The prejudice to Folino was likewise “very high”; the lost evidence was “critical” to his determination of who hacked his email. In fact, the court noted that “no other evidence…exists [that] can prove liability” in Folino’s claim against Ly. Nor did the court find that lesser sanctions would suffice.

While the court was “cognizant that granting default judgment is a last resort,” it found that penalty appropriate here. The court reiterated that the spoliation equated to the “destruction of [Folino’s] case and a flouting of the law.” Given Ly’s “continued…categorical denials” and failure to offer any explanation, the court concluded that “no such good faith explanation exists.”

Finding that Ly “destroyed the central evidence in this case in bad faith,” the court ordered default judgment for Folino. It set a hearing to determine the damages for that claim. The court also ordered Ly to pay Folino’s costs and fees related to the motion and the “futile” forensic examination.

Shortly after this opinion, Ly filed an interlocutory appeal; the case is now stayed.Read case law

Takeaways on Preserving Data

While this case involves individuals, not corporations, it points out the potential pitfalls in allowing individuals to self-preserve and self-collect data. If you have any reason to suspect that an individual might attempt to spoliate evidence, implement an automatic hold that does not permit data alteration or deletion. Also, while this case reflects intentional conduct, remember that data collection can inadvertently result in spoliation. When faced with challenging data types, consult with your IT team or a forensic specialist to ensure that you don’t run into trouble.

Previous articleICRM Partners with the University of Toronto School of Continuing Studies
Next articleIG GURU obtains registration for icon

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.