This article originally appeared in The Legal Intelligencer.
In the “old” days of civil discovery, documents and files existed in a handful of places—file cabinets, desk drawers, and warehouses filled with bankers boxes. Today, files are almost all entirely electronic (ESI) and exist in multiple environments and applications. Despite the fact that eDiscovery attorneys and professionals have been handling ESI since the mid- to late-90s, the question of whether specific ESI is in the “possession, custody, or control” of a party remains unsettled and subject to debate.
FRCP 26(a)(1)(A)(ii) requires parties to provide “a copy—or a description by category and location—of all documents, electronically stored information, and tangible things that the disclosing party has in its possession, custody, or control and may use to support its claims or defenses, unless the use would be solely for impeachment.”
FRCP 34(a)(1) permits a party to serve on any other party a request “to produce and permit the requesting party or its representative to inspect, copy, test, or sample the following items in the responding party’s possession, custody or control.”
FRCP 45(a)(1)(A)(iii) requires the recipient of a subpoena “to do the following at a specified time and place: attend and testify; produce designated documents, electronically stored information, or tangible things in that person’s possession, custody, or control; or permit the inspection of premises.”
Courts have also held that the concept of possession, custody, and control also implicates Rules 33 (Interrogatories to Parties), 30(b)(6) (notice or subpoena directed to an organization), and 37(e) (failure to preserve electronically stored information).
The analysis of whether a party has “possession” or “custody” of potentially relevant information is typically straightforward. However, whether a party has “control” of documents or information has proven difficult to determine. As a result, courts have developed three basic standards: the legal right standard, the legal right plus notification standard, and the practical ability standard.
The legal right standard has been described by courts as the legal right to control or obtain the documents upon demand. See In re Bankers Trust, 61 F.3d 465, 469 (6th Cir. 1995).
The legal right plus notification standard requires that parties must not only have the legal right to obtain the information but must notify the opposing party about potentially relevant information that is held by third parties. See Lexington Insurance v. Tubbs, 2009 WL 1586862, (W.D. Tenn. June 2, 2009).
The practical ability standard requires a party to preserve, collect, search, and produce documents and ESI irrespective of that party’s legal entitlement or actual physical possession of the documents if a party has the “practical ability.” See 17 Sedona Conf. J. at 488. See also Handi-Craft v. Action Trading, 2003 WL 26098543 at *6 (E.D. Mo. Nov. 25, 2003).
While these tests offer guidance on determining the question of control, these differing tests have led to a lack of clarity for lawyers and litigants that must manage discovery or advise clients regarding the production of documents and ESI in multiple jurisdictions.” See Sedona Conference “Commentary on Rule 34 and Rule 45 ‘Possession, Custody, or Control,” 17 Sedona Conf. J. 467, 482 (2016).
Potentially relevant text messages on mobile devices and messages on third-party apps (e.g., WhatsApp, Facebook Messenger, and Telegram), have created new questions in the possession, custody, and control analysis. Specifically, with the advent of revised BYOD policies that have gained traction and popularity in the work-from-home era, courts have had to determine whether data is under the control of an employer when it is stored on an employee’s personal mobile device. In recent decisions related to the discovery of messages on an employee’s mobile device, courts have analyzed company BYOD policies as well as employer expectations surrounding the use of messaging in the workplace to answer these questions.
In In re Pork Antitrust Litigation, No. 18-CV-1776 (JRT/HB), 2022 WL 972401 (D. Minn. Mar. 31, 2022), the court applied both the legal rights test and the practical ability test to find the employer was not in control of its employee’s text messages. The court found the company’s BYOD policy did not provide the employer with rights or ownership over the messages. First, the company did not require an employee to use a personally owned phone to conduct work. Second, the company’s ability to remotely wipe an employee’s phone did not give the company control over the text messages since the company also did not have the ability to access, inspect, copy, or image text messages. The court reiterated the concept that an “employer does not legally control personal text messages despite a BYOD policy when the policy does not assert employer ownership over the texts and the employer cannot legally demand access to the texts.” See also La Belle v. Barclays Capital, 340 F.R.F. 74, 2022 WL 121065 (S.D.N.Y. Jan. 13 2022) (evaluating the issue of possession against the backdrop of the defendant’s policy that prohibited employees from discussing company business on devices without company approval). And, while the court noted that the company could ask its employees to hand over their phones, they could not demand this action.
In Weisman v. Barnes Jewish Hospital, No. 4:19-CV-00075 JAR, 2022 WL 850772 (E.D. Mo. Mar. 22, 2022), the plaintiffs sought the discovery of text messages from a third-party application called Telegram. In response, the defendants stated they did not require this application’s use and had no control or possession of messages sent and received by residents and physicians through this app. In agreeing with the defendants and citing Rule 34, the court stated the plaintiff had not provided enough information to lead the court to believe the defendants had not produced all relevant documents or information within its possession.
While social media content, be it on Twitter, Facebook, Instagram, or Tik Tok, does not “reside” on individuals’ phones or computers, courts are apt to deem that individuals have possession, custody, and control of social media accounts they maintain, for which they have credentials or to which they have membership or access. See Alex v. KHG Of San Antonio, No. SA-13-CA-728-OLG, 2014 WL 12489735, at *5 (W.D. Tex. Aug. 6, 2014) (finding that, though defendant could obtain a plaintiff’s text messages, emails, or social media posts from third parties, plaintiffs were still required to produce those text messages, emails, and social media posts).
In In re Disposable Contact Lens Antitrust, 329 F.R.D. 336 (M.D. Fla. 2018), the plaintiffs sought a motion seeking sanctions for the alleged destruction of evidence, claiming that the defendants had a duty to preserve and disclose a Facebook group that was created and administered by a third-party paid consultant. The plaintiffs argued that, while the defendants did not create or administer the group, because certain employees of the defendants were members, their access established the “practical ability” to control and preserve the group’s contents. The court disagreed, finding that access attributable to membership in a closed Facebook group would not suffice to confer the defendants a legal entitlement to information posted by nonparty members within the group.
While the concepts of possession, custody, and control have blurred in our electronic world, there are a few emerging trends. A party must consider the extent to which it has the legal right to collect information as well as the practical ability to do so when determining who has control over it. Additionally, the terminology incorporated into company policies, especially those related to device use, can have significant impact on a court’s finding of possession, custody, or control of data. Lastly, while the contents of a social media site may not technically be “housed” on any one individual’s phone or computer, courts will consider an individual’s access to or maintenance of the content when determining possession, custody, and control in discovery disputes.
Joe A. Tate, Jr., Counsel and Managing Director of CODISCOVR, focuses his practice on e-discovery, information governance, and data management issues in the context of litigation and investigations. In his role, Joe is responsible for the day-to-day management of a team of attorneys and technologists that handle all phases of the e-discovery lifecycle. Connect with Joe →
Nicole Gill, Counsel at CODISCOVR, concentrates her practice on electronic discovery in a variety of contexts, manages complex document review workflows, and routinely navigates data and privacy protection laws across many jurisdictions, both domestic and foreign. Nicole also implements quality control procedures to mitigate risk and counsels both clients and colleagues on issues related to e-discovery, information governance and data management. Connect with Nicole →