I. Introduction

*1 Marriott has produced a privilege log identifying the documents that it claims are privileged. Plaintiffs have taken exception to certain entries on the log and insist that the documents are not privileged. Plaintiffs have begun with a sample of twenty of the documents.

I reviewed the parties' submissions and held a hearing on the issues presented on May 26, 2021. Marriott has made available to me the twenty contested documents. The evening before the hearing, Marriott sent me eight additional documents.

I have now created the attached chart that indicates the entry and ID numbers of each of the documents. The entries on the chart that bear the letter “A” are the documents that Marriott made available to me the night before the hearing. Marriott has explained to me that the plaintiffs have not challenged the A documents, which transmitted the documents the plaintiffs do challenge. The A documents reveal who created, sent, or received the attachments. Therefore, the A documents are what Marriott calls “cover emails” to eight of the twenty documents that the plaintiffs do challenge (Email from Lisa Ghannoum to Facciola, May 25, 2021).

I have also designated certain documents as Crowdstrike. In an earlier Report and Recommendation document, I held that the discovery of documents from Crowdstrike sought by the plaintiffs cannot be permitted now (ECF No. 634). Judge Grimm agreed and postponed the discovery of documents from Crowdstrike until Marriott's designation of its expert witnesses. I directed the parties to supplement their initial submissions on this issue at the hearing, and I expect that supplementation to be filed this week. Meanwhile, and in the interests of expedition, I will deal with the remaining documents in this Report and Recommendation.

Finally, the chart also indicates by use of the word “conceded” that Marriott has reconsidered its original claim of privilege and has now withdrawn its claim that these documents are privileged.

II. The Hoffman Declaration

In two earlier Reports and Recommendations, ECF Nos. 634 at 1, and ECF No 707 at 1–2, I described how Craig Hoffman, a partner at BakerHostetler, explained how his firm was retained. Hoffman stated the following:

Hoffman then described how Marriott and his law firm retained Crowdstrike, a cybersecurity firm, to assist his firm and Marriott in this investigation. Hoffman then explained how he worked with a Marriott Global Information Security (GIS) Team, consisting of Marriott employees:

He then stated the following:

III. The Controversy

Documents that clients create and transmit to lawyers for their advice or services are privileged (ECF No. 707, quoting Flo Pac, LLC. v. Nutech, LLC No. WDQ 09-510, 2010 WL 51225447 at * 6 (D. Md. December 9, 2010)(Grimm, J.)). Because Marriott is a corporation, the documents created by its employees for transmittal to the corporation's counsel are equally protected, provided that (1) the communications are made by the corporate employees to counsel who was providing legal services to the corporation at the direction of their employer; (2) the employees knew that they were aiding their employer by communicating with counsel; (3) the communications concerned matters within the scope of the employees' duties; and (4) the employees knew that the communications were confidential and they were thereafter maintained in confidence Upjohn v. United States, 449 U.S. 383, 394–395 (1981).

That communications between Hoffman and Marriott employees are covered by the attorney client privilege is, therefore, a given. Understandably, plaintiffs' counsel conceded that the privilege therefore denied them any communication by Marriott employees to or from Hoffman. They insisted, however, that whatever the employees attached to their communications was not privileged. Under this theory, only what the client's employees said to Hoffman or what Hoffman said to them is protected. The attachments transmitted by the documents are not. Thus, in her email to me on May 27, 2021, plaintiffs' counsel (Joann Militano) stated, “We are only challenging the documents that were attached that we believe existed independently of whether Craig Hoffman asked for them and that they don't automatically become privileged just because they were sent to an attorney” (Email of Joann Militano to Facciola, May 27, 2021).

IV. Analysis and Resolution

As indicated in Militano's email to me and during the hearing, the plaintiffs' theory is that information does not become privileged merely because it is transmitted to a lawyer. I agree. “[D]ocuments do not become privileged merely because they are communicated to an attorney.” (David M. Greenwald, Erin R. Schrantz, and Michele L. Slachetka, Testimonial Privileges, section 1:19 at 76 (2019–2020)). The authors quote the following statement from United States v. Fisher to illustrate their point. The Supreme Court noted, “This Court and the lower courts have ... uniformly held that preexisting documents which could have been obtained by court process from the client when he was in possession may also be obtained from the attorney by similar process following transfer by the client in order to obtain more informed legal advice.” (United States v. Fisher, 425 U.S. 403–404).

*3 By the same token, the notes prepared by an incarcerated client of issues to be discussed with an attorney and later discussed with counsel were protected by the attorney client privilege. Greenwald, Schrantz, and Slachetka, supra, at 76, n. 4, citing United States v. DeFonte, 441 F.3d 92, 96 (2d Cir. 2006). It would follow then that the lawyer could resist the subpoena for those notes correctly if her client gave her the notes for safekeeping because they were privileged. In the DeFonte case, the Second Circuit stated that two other cases had reached this conclusion:

This, therefore, rejects the plaintiffs' claim that whatever the client gave the lawyer that is not a direct communication to her from the client lost its protection because the client did not utter the words in the document to the lawyer. On the contrary, a document transmitted by the client maintains its protection if the client transmits the document intending that the lawyer consider it in providing legal services or legal advice to the client. One court stated the following:

Similarly, another court has stated the following:

Therefore, it follows that the statements that the attachments to the emails sent to or from Hoffman are not protected are incorrect. Documents attached to emails to or from Hoffman do not lose their privileged status because they are attachments to those emails. Nor is their privileged nature forfeited because, as attachments, they are not in the text of the email sent to Hoffman if the authors of the emails intended to bring the information in the attachments to Hoffman's attention or to answer a question he posed. Stated simply, the attorney client privilege protects a “communication.” In this case, the email with its attachment sent to or from Hoffman to or by his client's employees is the privileged “communication.”

*4 I have reviewed each of the emails to or from Hoffman. Each of them meets that criterion—they bring the information to Hoffman's attention or answer one of his questions. They are therefore privileged. I, accordingly, reject the plaintiffs' objections to the following documents identified in my chart:

That leaves four others: 9617, 9620, 9622, and 10135. Unlike the others, Marriott has not provided emails for these to show that they were transmitted to or from Hoffman. Nevertheless, Marriott quotes my Report and Recommendation, ECF No. 718, adopted by Judge Grimm, ECF No 720, for the proposition that the attorney client privilege protects communications between Marriott employees who were part of the Marriott internal investigation team, whether or not they were transmitted to Hoffman. Letter of Gilbert S. Keteltas at 1. I was careful, however, not to say that. Instead, I stated the following:

I therefore conclude that the following documents identified in my chart are not privileged:

I shall review the Crowdstrike documents after the parties file their supplements. Meanwhile, 1 recommend that the court either sustain or overrule the claim of privilege, as indicated in this report and the attached chart.

May 24, 2021

To: The Honorable John M. Facciola, via email at facciolj@georgetown.edu

Re: In re: Marriott, MDL 2879 (D. Md.), Response to Plaintiffs' [date] letter

This letter provides the bases for upholding Marriott's privilege assertions regarding 14 of the 20 documents for which Plaintiffs requested your in-camera review (Marriott withdraws its privilege assertion for six documents). The 20 documents are addressed below in the sequence of Plaintiffs' May 18, 2021 letter.

1. Entry No. 9617 (CDSB_REV_007_00184074). The top of this email chain is a communication from Kristin Harding (Marriott employee who was part of the internal investigation team) providing information to certain Accenture consultants engaged by BakerHostetler under privilege (Catherine Reich and David Colon) for the purposes of rendering legal advice and in anticipation of litigation about security questions related to the 2018 Security Incident. “[T]he [attorney-client] privilege will apply to protect communications with agents of the client who facilitate the transmission and technical interpretation of confidential information flowing between the attorney and the client.” 1/5/21 R&R at 15 (ECF 718, adopted at ECF 720) (quoting David M. Greenwald, Erin R. Schrantz, and Michele L. Slachetka, 1 Testimonial Privileges § 1:36 at 135 [2019-2020 ed]); Flo Pac, LLC v. NuTech, LLC, No. WDQ 09-510, 2010 WL 5125447 at *5 (D. Md. Dec. 9, 2010) (Grimm, J.) (privilege extends “to retained professionals who assist the attorney to better understand the facts in providing competent legal advice to the attorney's client.”). The remainder of the email chain are communications between Jason Khoury (another Marriott employee part of the internal investigation team) and Accenture employees who worked for Marriott as outside contractors (Smitha Shetty and Sagar Krishnappa), copying Brian Pitchford (Marriott employee part of the internal investigation team) and Mr. Colon. Those communication are gathering information at the direction of counsel for the purposes of rendering legal advice and in anticipation of litigation about security questions related to the 2018 Security Incident. See 8/14/20 Declaration of Craig Hoffman at para. 26 (Ex. B to 8/14/20 Letter Brief to Special Master re Plaintiffs' July 17, 2020 letter) (stating regarding the dedicated internal investigation team acting at Mr. Hoffman's direction that “[o]ften this group had to contact Marriott or Accenture employees who were not aware of the investigation to obtain answers or request that investigation-related tasks be carried out, and I provided scenario specific instructions to the Marriott dedicated internal investigation team regarding those communications to preserve the confidentiality of the communications regarding the investigation. In scenarios such as these, the documents reflect Marriott or Accenture communicating or carrying out instructions that originated with me.”). Thus, the document is privileged.

*5 2. Entry No. 9620 (CDSB_REV_007_00185091). This is a subsequent email chain to the one discussed under Log Entry 9617 (bullet point 1 above). The top email is a draft composed by David Colon (Accenture employee engaged by BakerHostetler under privilege). Mr. Colon later sent this email to Catherine Reich and Dan Moor (Accenture employees engaged by BakerHostetler under privilege), which is Log Entry 9622 (bullet point 3 below). In this document, Mr. Colon provides information to Mr. Moor and Ms. Reich, who were acting under the direction of counsel. As with Log Entry 9617 (above), this is a communication to “facilitate the transmission and technical interpretation of confidential information” for the purposes of counsel rendering legal advice and in anticipation of litigation. ECF 718 at 15, supra. Again, the rest of the emails in the chain are communications in which members of the incident response team are gathering information at the direction of counsel for the purposes of rendering legal advice and in anticipation of litigation about security questions related to the 2018 Security Incident. Thus, the document is privileged.

3. Entry No. 9622 (CDSB_REV_007_00185096). This is the as-sent version of the draft email at Log Entry 9620 (bullet point 2 above). Thus, for the same reasons, this document is privileged.

4. Entry No. 10135 (CDSB_REV_015_00950581). This is an email from Ravi Sheshadri (Accenture employee) relaying directions from the incident response team to Accenture employees executing the tasks. The incident response team acted at the direction of in-house counsel and BakerHostetler. See Hoffman Decl. ECF 718-4 at ¶¶ 19-20. The directions in this document parallel ones in the document for which the Special Master upheld Marriott's assertion of privilege in the 1/5/21 R&R (ECF 718, adopted at ECF 720). Thus, the document is privileged.

5. Entry No. 777 (PHENX_L0008_000006504). Upon further review, and without waiving privilege claims regarding other documents in this email chain, Marriott has determined that this document is not privileged and will produce the document.

6. Entry No. 805 (PHENX_L0008_000016488). Upon further review, and without waiving privilege claims regarding other documents in this email chain, Marriott has determined that this document is not privileged and will produce the document.

7. Entry No. 1689 (PHENX_L0441_000010135). This is a status report by CrowdStrike, a consultant engaged by and acting under the direction of BakerHostetler. It reflects in-progress finding and technical analysis regarding Marriott systems for counsel to develop legal strategy and provide legal advice. As the Special Master has explained “the [attorney-client] privilege will apply to protect communications with agents of the client who facilitate the transmission and technical interpretation of confidential information flowing between the attorney and the client.” ECF 718 at 15, supra; Flo Pac, LLC, No. WDQ 09-510, 2010 WL 5125447 at *5, supra. The report was prepared by a professional retained to assist Marriott's outside counsel to interpret Marriott's technical data for the purposes of assisting counsel in providing Marriott legal advice. Specifically, Marriott's outside counsel required assistance in interpreting Marriott's technical data to advise Marriott regarding its contractual and legal compliance obligations and as part of the comprehensive legal advice Marriott's outside counsel was providing Marriott related to the defense of regulatory investigations and lawsuits. See 12/14/20 Declaration of Craig Hoffman ¶¶ 12-15 (ECF 707-1). Thus, the document is privileged.

8. Entry No. 1702 (PHENX_L0433_000031363). This document is another status report by CrowdStrike in the same vein as Entry No. 1689 (bullet point 7 above). Thus, for the same reasons, this document is privileged.

9. Entry No. 9494 (PHENX_L0493_000000015). This is a draft of a report prepared by CrowdStrike, a consultant engaged by and acting under the direction of BakerHostetler, dated March 8, 2019. This report is an initial draft of the work-product that CrowdStrike was engaged and directed counsel to prepare for purposes of assisting counsel in providing legal advice regarding Marriott's systems. As the log description details, the report was prepared at the direction of counsel and distributed to outside counsel and members of Marriott's Legal Department, including William Dempster, Kimberly Shur, John Warren, and Theresa Coetzee. Plaintiffs' assertion that the need for legal advice was not the but-for cause of this report is incorrect. Marriott's outside counsel required assistance in interpreting Marriott's technical data to advise Marriott regarding its contractual and legal compliance obligations and as part of the comprehensive legal advice Marriott's outside counsel was providing Marriott related to the defense of regulatory investigations and lawsuits. See 12/14/20 Declaration of Craig Hoffman ¶¶ 12-15 (ECF 707-1). Thus, the document is privileged.

*6 10. Entry No. 9495 (PHENX_L0493_000000016). This is another draft of a report prepared by CrowdStrike, dated March 29, 2019, in the same vein as Entry No. 9494 (bullet point 9 above). Thus, for the same reasons, this document is privileged.

11. Entry No. 9496 (PHENX_L0493_000000017). This is another draft of a report prepared by CrowdStrike, dated March 28, 2019, in the same vein as Entries Nos. 9494 and 9495 (bullet points 9-10 above). Thus, for the same reasons, this document is privileged.

12. Entry No. 9497 (PHENX_L0493_000000018). This is another draft of a report prepared by CrowdStrike, dated April 30, 2019, in the same vein as Entries Nos. 9494, 9495, and 9496 (bullet points 9-11 above). Thus, for the same reasons, this document is privileged.

13. Entry No. 308 (PHENX_L0001_000545699). Upon further review, and without waiving privilege claims regarding other documents, Marriott has determined that this document is not privileged and will produce the document.

14. Entry No. 320 (PHENX_L0001_000545725). Upon further review, and without waiving privilege claims regarding other documents, Marriott has determined that this document is not privileged and will produce the document.

15. Entry No. 641 (PHENX_L0002_000415710). This document was created by Dan Mayer of CrowdStrike, a consultant engaged by and acting under the direction of BakerHostetler. This document is attached to an email (Log Entry 640; not challenged) from Mr. Mayer to Craig Hoffman, Ted Kobus, and Aleksandra Vold (all of BakerHostetler), as well as CrowdStrike and Marriott employees. Mr. Mayer's email and this attachment were provided to counsel in response to a question from Mr. Hoffman to assist his legal advice to Marriott. As the Special Master has explained “the [attorney-client] privilege will apply to protect communications with agents of the client who facilitate the transmission and technical interpretation of confidential information flowing between the attorney and the client.” ECF 718 at 15, supra; Flo Pac, LLC, No. WDQ 09-510, 2010 WL 5125447 at *5, supra. Thus, the document is privileged.

16. Entry No. 643 (PHENX_L0002_000415742). This is another document created by Dan Mayer of CrowdStrike, a consultant engaged by and acting under the direction of BakerHostetler. This document is attached to an email (Log Entry 642; not challenged) from Mr. Mayer to Craig Hoffman, Ted Kobus, and Aleksandra Vold (all of BakerHostetler), as well as CrowdStrike and Marriott employees. Mr. Mayer's email and this document were provided to counsel in response to the same question from by Mr. Hoffman discussed under Log Entry 641 (above). Thus, for the same reasons, the document is privileged.

17. Entry No. 1503 (PHENX_L0421_000063123). Upon further review, and without waiving privilege claims regarding other documents, Marriott has determined that this document is not privileged and will produce the document.

18. Entry No. 6777 (PHENX_L0002_000415295). This is a spreadsheet created by a member of the incident response team at the direction of BakerHostetler that was attached to an email (Log Entry 6776; not challenged) from Craig Hoffman (BakerHostetler) to Anna Loshkareva, Kristin Harding, and Arno Van der Walt (Marriott employees) requesting information to assist Mr. Hoffman in providing legal advice regarding the 2018 Security Incident. The spreadsheet is a forensic evaluation regarding the 2018 Security Incident made part of a “communication made between privilege persons in confidence for the purpose of seeking, obtaining, or providing legal assistance to the client.” Flo Pac, LLC, No. WDQ 09-510, 2010 WL 5125447 at *4, supra. Thus, the document is privileged.

*7 19. Entry No. 6801 (PHENX_L0002_000418252). This document was created by Craig Hoffman (BakerHostetler) and attached to an email (Log Entry 6800; not challenged) from Mr. Hoffman to Anna Loskareva (Marriott employee), copying Marriott in-house counsel John Warren and Kimberly Shur, as well as Theodore Kobus and Aleksandra Vold (BakerHostetler), and Kristin Harding and Arno van der Walt (Marriott employees). The attached document from Mr. Hoffman contains his legal advice and work-product and was used to ask further question to assist him in providing legal advice. Thus, the document is privileged.

20. Entry No. 6584 (PHENX_L0004_000190901). Upon further review, and without waiving privilege claims regarding other documents, Marriott has determined that this document is not privileged and will produce the document.

Conclusion. The Court should deny plaintiffs' motion to compel.

/s/ Gilbert S. Keteltas

May 18, 2021

The Honorable John M. Facciola (Ret.) <facciolj@georgetown.edu>

Re: In re: Marriott, MDL 2879 (D. Md.), Marriott Privilege Log Entries

Dear Special Master Facciola:

Plaintiffs are asking for your initial in-camera review of 20 entries from Marriott's privilege log at this time. While Plaintiffs have challenged additional documents in their first letter to Marriott, we are focusing on the most critical documents for the upcoming depositions but reserve all rights to raise additional documents at a later date. Moreover, Plaintiffs anticipate sending additional letters to Marriott to meet and confer over other documents on Marriott's log that might also result in additional challenges before Your Honor. We understand that, to facilitate your review, Marriott will provide these to you via a secure link or hard copy.

Attached, for your convenience, are the privilege log entries for the 20 documents described below. Our challenges to the documents fall under several categories: no attorney-client privilege, the documents constitute business advice, the documents contain underlying facts and not privileged communications, or Marriott has already waived any assertion of privilege.

Attorney-Client Privilege

For each of the current documents at issue, Marriott has claimed attorney-client privilege and/or work product protection. Plaintiffs dispute these assertions, however, as none of them were authored by or at the direction of an attorney, and all of the documents relate to a business purpose or address underlying facts.

Attorney-client privilege applies only to communications made between clients and attorneys, and these documents did not involve such communication. See E.I. du Pont de Nemours & Co. v. Forma-Pack, Inc., 351 Md. 396, 415 (1998) (citation omitted); NLRB v. Interbake Foods, LLC, 637 F.3d 492, 502 (4th Cir. 2011). For this reason alone, the privilege does not apply to any of these documents.

Entry No. 9617 (CDSB_REV_007_00184074)

Entry No. 9620 (CDSB_REV_007_00185091)

Entry No. 9622 (CDSB_REV_007_00185096)

Entry No. 10135 (CDSB_REV_015_00950581)

Entry No. 777 (PHENX_L0008_000006504)

Entry No. 805 (PHENX_L0008_000016488)

Entry No. 1689 (PHENX_L0441_000010135)

Entry No. 1702 (PHENX_L0433_000031363)

Business Advice

For attorney-client privilege to apply, the communication must pertain to legal assistance, E.I. du Pont de Nemours, 351 Md. at 415; Interbake, 637 F.3d at 502. Furthermore, the need for legal advice must be a but-for cause of the communication. Neuberger Berman Real Est. Income Fund, Inc. v. Lola Brown Tr. No. 1B, 230 F.R.D. 398, 411 (D. Md. 2005). As such, business advice—such as how Marriott may improve its cybersecurity—is not privileged. E.I. du Pont de Nemours, 351 Md. at 422; Neuberger, 230 F.R.D. at 411; AVX Corp. v. Horry Land Co., No. 4:07-CV-3299-TLW-TER, 2010 WL 4884903, at *9 (D.S.C. Nov. 24, 2010).

*8 Similarly, work-product protection attaches only to documents that “were created ‘in preparation for litigation.’ ” Interbake, 637 F.3d at 502 (citation omitted); see also Fed. R. Civ. P. 26(b)(3)(A). If litigation preparation was not the “driving force” behind a communication or document, then the protection does not apply. In re Dominion Dental Servs. USA, Inc. Data Breach Litig., 429 F. Supp. 3d 190, 192–93 (E.D. Va. 2019). Thus business or cybersecurity advice does not receive work-product protection either.

The following documents appear to only share business advice:

Entry No. 9494 (PHENX_L0493_000000015)

Entry No. 9495 (PHENX_L0493_000000016)

Entry No. 9496 (PHENX_L0493_000000017)

Entry No. 9497 (PHENX_L0493_000000018)[1]

Underlying Facts

“The privilege only protects disclosure of communications; it does not protect disclosure of the underlying facts by those who communicated with the attorney[.]” Upjohn Co. v. United States, 449 U.S. 383, 395 (1981); see also In re N.Y. Renu With Moistureloc Prod. Liab. Litig., No. 766,000/2007, 2009 WL 2842745, at *3 (D.S.C. July 6, 2009). The following documents discuss only underlying facts as to Marriott's cybersecurity or the Starwood breach without revealing any attorney's communications or opinions. As such, they are not privileged:

Entry No. 308 (PHENX_L0001_000545699)

Entry No. 320 (PHENX_L0001_000545725)

Entry No. 641 (PHENX_L0002_000415710)

Entry No. 643 (PHENX_L0002_000415742)

Entry No. 1503 (PHENX_L0421_000063123)

Entry No. 6777 (PHENX_L0002_000415295)

Entry No. 6801 (PHENX_L0002_000418252)

Waiver of Privilege

The following document, in addition to providing business advice, was shared with third parties, waiving any attorney-client privilege or work product protection.

Entry No. 6584 (PHENX_L0004_000190901)[2]

We appreciate Your Honor's consideration of this matter and are happy to provide further information or argument should you find it helpful.

Respectfully,

From: Ghannoum, Lisa M. lghannoum@bakerlaw.com

Subject: RE: In re Marriott: Consumer Plaintiff Privilege Challenges

Date: May 25, 2021 at 11:49 PM

To: John Facciola facciola@me.com

*9 Judge Facciola,

As noted in Marriott's submission to you on Monday, four of the 20 documents being challenged by plaintiffs are attachments to cover emails for which Marriott is also claiming a privilege. Plaintiffs have not challenged the privilege assertion for these cover emails, only whether the attachments are privileged. The cover emails provide context necessary to fully assess Marriott's privilege assertion and I believe they should be provided to you as well. I will send you a separate email containing a link to copies of the 4 cover emails so that you can review them if you think it helpful. The password will follow in another email.

The files containing the cover emails are named by their reference number and as you would expect, are one digit less than the challenged document as noted below. Please let me know if you have any questions.

Item 15 in Marriott's 5/24/21 Submission: Challenged Entry No. 641 (PHENX_L0002_000415710) – Unchallenged Cover Email Entry No. 640 (PHENX_L0002_000415709)

Item 16 in Marriott's 5/24/21 Submission: Challenged Entry No. 643 (PHENX_L0002_000415742) – Unchallenged Cover Email Entry No. 642 (PHENX_L0002_000415741)

Item 18 in Marriott's 5/24/21 Submission: Challenged Entry No. 6777 (PHENX_L0002_000415295) – Unchallenged Cover Email Entry No. 6776 (PHENX_L0002_000415294)

Item 19 in Marriott's 5/24/21 Submission: Challenged Entry No. 6801 (PHENX_L0002_000418252) – Unchallenged Cover Email Entry No. 6800 (PHENX_L0002_000418251)

Thank you,

Lisa

From: Busen, Carey <cbusen@bakerlaw.com>

Sent: Wednesday, May 19, 2021 10:15 AM

To: John Facciola <facciola@me.com>

Cc: Amy Keller <akeller@dicellolevitt.com>; Keteltas, Gilbert S. <gketeltas@bakerlaw.com>; Ghannoum, Lisa M. <lghannoum@bakerlaw.com>; Cutts, Kyle <kcutts@bakerlaw.com>; Warren, Daniel <DWarren@bakerlaw.com>; AFriedman <afriedman@cohenmilstein.com>; JPizzirusso <jpizzirusso@hausfeld.com>; Anderson, Devin S. <devin.anderson@kirkland.com>; Long, Emily Merki <emily.long@kirkland.com>; Ariana Tadler <atadler@tadlerlaw.com>; DRobinson <drobinson@robinsonfirm.com>; Marriott-Government [EXTERNAL] <marriott-government@edelson.com>; Joann Militano <jmilitano@tadlerlaw.com>; snathan <snathan@hausfeld.com>; DMcnamara <DMcNamara@cohenmilstein.com>; Paul Stephan <pstephan@cohenmilstein.com>

Subject: RE: In re Marriott: Consumer Plaintiff Privilege Challenges

Judge Facciola,

You will shortly receive an email from NoReply@bakerlaw.com. This email will contain a link to the 20 documents. I will separately send you the encryption password. Once you have a chance to review, if you would like paper copies of any of the documents, please let me know and we will deliver.

Thank you,

Carey

From: John Facciola <facciola@me.com>

Sent: Wednesday, May 19, 2021 9:46 AM

To: Busen, Carey <cbusen@bakerlaw.com>

Cc: Amy Keller <akeller@dicellolevitt.com>; Keteltas, Gilbert S. <gketeltas@bakerlaw.com>; Ghannoum, Lisa M. <lghannoum@bakerlaw.com>; Cutts, Kyle <kcutts@bakerlaw.com>; Warren, Daniel <DWarren@bakerlaw.com>; AFriedman <afriedman@cohenmilstein.com>; JPizzirusso <jpizzirusso@hausfeld.com>; Anderson, Devin S. <devin.anderson@kirkland.com>; Long, Emily Merki <emily.long@kirkland.com>; Ariana Tadler <atadler@tadlerlaw.com>; DRobinson <drobinson@robinsonfirm.com>; Marriott-Government [EXTERNAL] <marriott-government@edelson.com>; Joann Militano <jmilitano@tadlerlaw.com>; snathan <snathan@hausfeld.com>; DMcnamara <DMcNamara@cohenmilstein.com>; Paul Stephan <pstephan@cohenmilstein.com>

*10 Subject: Re: In re Marriott: Consumer Plaintiff Privilege Challenges

Counsel,

I have received the plaintiffs' letter of May 18 and Marriott's response. Plaintiffs object to Marriott's claims of privilege as to 20 documents which I understand will be provided to me. Plaintiffs represent to me in their email of May 18 that plaintiffs and Marriott have exchanged correspondence about plaintiffs' objections. I find, therefore, that pursuant to paragraph 3(a) of the Order of April 26, 2021, ECF No. 781, the parties' dispute is now ripe.

Paragraph 3(b) of that Order permits the responding party, Marriott, to file a written response. Marriott's counsel, pointing that it would require it to file its submission on Sunday, May 23, 2021, seeks to file it on Monday, May 24, 2021. That is a correct calculation of the appropriate deadline under Fed. R. Civ. 6(a)(1)(A) and Fed. R. Civ. 6(a)(1)(C).

Plaintiffs object to Marriott's filing on Monday and seek to shorten the time within which it must file its submission. ECF No. 781 is a court order and does not contain a provision permitting me to shorten the deadline. In an appropriate case, I may seek Judge Grimm's permission to shorten a deadline, but I see no reason to do so here. Plaintiffs have filed a written submission that cites legal authority and argues the issues presented. Marriott should have the same right. Marriott may therefore file its submission on May 24, 2021.

Paragraph 3(c) of that Order requires me to schedule a hearing within 48 hours. Accordingly, I will hold the conference required by that paragraph on Wednesday, May 2b, 2021, at noon.

I would ask counsel for the parties, particularly Ms. Busen and Ms. Keller, to arrange for a video conference for that hearing. I would appreciate that, if possible, a court reporter be retained to create a transcript of the hearing for Judge Grimm's use.

While Marriott's s submission is due on Monday, I would appreciate it if Ms. Busen would immediately transmit to me the documents in dispute. Ms. Busen can use any form of transmittal to me that she considers secure and appropriate.

John M. Facciola

This email is intended only for the use of the party to which it is addressed and may contain information that is privileged, confidential, or protected by law. If you are not the intended recipient you are hereby notified that any dissemination, copying or distribution of this email or its contents is strictly prohibited. If you have received this message in error, please notify us immediately by replying to the message and deleting it from your computer.

Any tax advice in this email is for information purposes only. The content of this email is limited to the matters specifically addressed herein and may not contain a full description of all relevant facts or a complete analysis of all relevant issues or authorities.

Internet communications are not assured to be secure or clear of inaccuracies as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. Therefore, we do not accept responsibility for any errors or omissions that are present in this email, or any attachment, that have arisen as a result of e-mail transmission.

*13 From: Joann Militano jmilitano@tadlerlaw.com

Subject: Re: In re Marriott: Consumer Plaintiff Privilege Challenges

Date: May 27, 2021 at 11:52 AM

To: John Facciola facciolj@georgetown.edu

Thank you, Your Honor.

Just so it is clear from the record, we are not challenging the cover letters that Ms. Ghannoum sent late Tuesday for the first time and are listed in your chart at 640A, 6776A. Those are the “communications.” We are only challenging the underlying documents that were attached that we believed existed independently of whether Craig Hoffman asked for them and that they don't automatically become privileged just because they were sent to an attorney. They are not “memos” or “communications” or appear to be written by an employee solely at the direction of counsel.

Based on the log description. Entry 641 is a pdf of PMS00255 Decrypted Malware Output. This is a listing of malware used by third party threat actor(s). This is a factual listing of the malware used to infiltrate Starwood systems.

Based on the log description, Entry 6777 is an excel spreadsheet of NDS Guardium Logs. These logs are generated on a daily, weekly or monthly basis in the ordinary course of business.

Thank you, and hope you have an enjoyable holiday weekend.

One Penn Plaza, 36th Fir.

New York, NY 10119

(646) 767-7334

jmilitano@tadlerlaw.com

www.tadlerlaw.com

From: John Facciola <facciolj@georgetown.edu>

Sent: Wednesday, May 26, 2021 1:38 PM

To: Ghannoum, Lisa M. <lghannoum@bakerlaw.com>

Cc: Amy Keller <akeller@dicellolevitt.com>; Keteltas, Gilbert S. <gketeltas@bakerlaw.com>; Cutts, Kyle <kcutts@bakerlaw.com>; Warren, Daniel <DWarren@bakerlaw.com>; A Friedman <afriedman@cohenmilstein.com>; JPizzirusso <jpizzirusso@hausfeld.com>; Anderson, Devin S. <devin.anderson@kirkland.com>; Long, Emily Merki <emily.long@kirkland.com>; Busen, Carey <cbusen@bakerlaw.com>; Hogan, Thomas E. <thogan@bakerlaw.com>; Ariana Tadler <atadler@tadlerlaw.com>; DRobinson <drobinson@robinsonfirm.com>; Marriott-Government [EXTERNAL] <marriott-government@edelson.com>; Joann Militano <jmilitano@tadlerlaw.com>; snathan <snathan@hausfeld.com>; D McNamara <dmcnamara@cohenmilstein.com>; Paul Stephan <pstephan@cohenmilstein.com>

Subject: Re: In re Marriott: Consumer Plaintiff Privilege Challenges

*14 Here is the PDF of the data.

John M. Facciola

On May 26, 2021, at 10:31 AM, Ghannoum, Lisa M. <lghannoum@bakerlaw.com> wrote:

Judge Facciola,

Thank you for sending along the chart. Entry 6800 is referenced at page 4 of Mr. Keteltas's May 24 letter within numbered paragraph 19. Plaintiffs' challenge is to Entry No. 6801, but Marriott's explanation for the privilege references the unchallenged cover email which was Entry No. 6800. It is referenced in the second line of paragraph 19.

Thank you,

Lisa

From: John Facciola <facciola@me.com>

Sent: Wednesday, May 26, 2021 8:17 AM

To: Ghannoum, Lisa M. <lghannoum@bakerlaw.com>

Cc: Amy Keller <akeller@dicellolevitt.com>; Keteltas, Gilbert S. <gketeltas@bakerlaw.com>; Cutts, Kyle <kcutts@bakerlaw.com>; Warren, Daniel <DWarren@bakerlaw.com>; AFriedman <afriedman@cohenmilstein.com>; JPizzirusso <jpizzirusso@hausfeld.com>; Anderson, Devin S. <devin.anderson@kirkland.com>; Long, Emily Merki <emily.long@kirkland.com>; Busen, Carey <cbusen@bakerlaw.com>; Ariana Tadler <atadler@tadlerlaw.com>; DRobinson <drobinson@robinsonfirm.com>; Marriott-Government [EXTERNAL] <marriott-government@edelson.com>; Joann Militano <jmilitano@tadlerlaw.com>; snathan <snathan@hausfeld.com>; DMcnamara <DMcNamara@cohenmilstein.com>; Paul Stephan <pstephan@cohenmilstein.com>

Subject: Re: In re Marriott: Consumer Plaintiff Privilege Challenges

[External Email: Use caution when clicking on links or opening attachments.]

I have created for us today the attached spreadsheet. I found the two numbers identifying the documents confusing. Ms. Ghannoum, in your last entry I think you meant Entry 6801. There is no 6800 in Mr. Keteltas' letter to me of May 24, 2021.

John M. Facciola