*1 The plaintiff, The Prudential Insurance Company of America (“Prudential”), brings this action for injunctive relief against the defendant, Jennifer Kowalski (“Kowalski”), alleging that Kowalski misappropriated more than 1,000 documents containing Prudential's confidential and sensitive business information by sending herself over 700 emails immediately before voluntarily resigning her position to commence employment with a competitor. (See Doc. Nos. 1, 2).

Currently before this Court is Prudential's Motion to Compel Defendant to Comply with the Court's Orders and for Sanctions. (Doc. No. 254). The Court held oral argument on the motion on March 30, 2023. (Doc. No. 275).

I. BACKGROUND

Prudential moves for an Order: (1) compelling Kowalski to comply with the Stipulated Order entered by this Court on July 11, 2022 (“Deletion Order”) (Doc. No. 201), which requires Kowalski to cooperate with Epiq to ensure the deletion of all inadvertently produced data in her possession, custody, or control; and (2) sanctioning Kowalski in the form of both fines for willfully violating this Court's Orders and monetary damages to Prudential for the attorneys’ fees and costs it incurred in its efforts to obtain Kowalski's compliance. (See Doc. No. 254 at 1). In response, Kowalski asserts that Prudential's motion “seeks to invade [her] privacy, violates her privileges, and is not even required by the [Deletion] Order.” (Doc. No. 271 at 2) (emphasis omitted).

In June 2021, Prudential's electronic discovery vendor, Epiq Systems (“Epiq”), inadvertently produced .zip files containing Prudential's confidential and sensitive information (“inadvertently produced data”) to Alexa Millinger, Kowalski's counsel at the time.[1] (See Doc. No. 254-1 at 16). Following Epiq's production, Attorney Millinger informed Prudential's counsel that Kowalski had deleted the inadvertently produced data. (See Doc. No. 254-1 at 20).

On March 4, 2022, Prudential discovered that Kowalski remained in possession of the inadvertently produced data, despite Attorney Millinger's prior assertion that Kowalski had deleted such information. (See Doc. Nos. 126 at 1; 254-1 at 20).

In an email dated March 9, 2022, Attorney Millinger advised Prudential's counsel that she had based her representation that Kowalski had deleted the inadvertently produced data on information she received from Kowalski herself. (See Doc. No. 254-1 at 22).

On July 11, 2022, the Court entered the Deletion Order, which the parties had jointly drafted, requiring Kowalski to cooperate with Epiq to ensure the deletion of all inadvertently produced data in her possession, custody, or control. (Doc. No. 201).

On October 14, 2022, upon learning that Kowalski had failed to comply with the requirements set forth in the Deletion Order, the Court entered a separate Order requiring Kowalski to “ ‘provide credentials to access the computer and all other sources, including but not limited to email accounts where the inadvertently produced data may reside’ ” by October 17, 2022. (Doc. No. 229) (quoting Doc. No. 201 at 4).

*2 On November 9, 2022, Epiq reported that it had completed its search of Kowalski's device and Gmail account, and that it had located 91,856 instances of the inadvertently produced data files. (See Doc. No. 254-1 at 30-31). Moreover, Epiq advised that it had observed evidence of possible activity on three cloud-based sources—Dropbox, OneDrive, and Google Drive—between February 4, 2022, and February 21, 2022. (See Doc. No. 254-1 at 31). To determine whether any of the inadvertently produced data was transmitted, copied, or stored using one of these cloud-based sources, Epiq indicated that it needed Kowalski's login credentials for these cloud-based sources. (Id.).

During a meet-and-confer on November 10, 2022, Prudential's counsel requested that Kowalski provide Epiq access to the cloud-based sources that were identified as possible locations where the inadvertently produced data resides. (See Doc. No. 254-1 at 17). In a follow-up email to Jonathan Bechtel, Kowalski's counsel at the time, Prudential's counsel asked whether Kowalski agreed to provide Epiq access to the cloud sources. (See Doc. No. 254-1 at 25). Attorney Bechtel responded that Kowalski refuses to provide Epiq access to the cloud-based sources since Epiq's “finding some evidence of possible Dropbox, OneDrive, and Google Drive activity on the device between 2/4/2022 and 2/21/2022 is insufficient to warrant a search into these sources.” (Id.) (internal quotation and emphasis omitted). Attorney Bechtel further stated that Kowalski will not provide further access to Epiq without a Court order directing her to do so. (See id.).

II. DISCUSSION

Prudential argues that Kowalski knowingly and intentionally violated the Deletion Order, the terms of which were jointly negotiated by the parties through counsel to enable a vendor of their choosing—Epiq—to search a third-party computer “and all other sources, including but not limited to email accounts” in Kowalski's possession, custody, or control, for data that Epiq had inadvertently produced to Kowalski during discovery in this matter. (See Doc. Nos. 124 at 6 n.2, 7-9; 126 at 1; 254-1 at 5-8, 17).

The parties do not dispute that the inadvertently produced data should not be in Kowalski's possession, custody, or control, or that it should be deleted. The inadvertently produced data became a significant issue in this matter after Kowalski disclosed that she retained possession of it, despite representations by Attorney Millinger that Kowalski had already deleted it. (See Doc. Nos. 124 at 6 n.2, 7-9; 126 at 1-2; 254-1 at 20).

Disputes relating to Kowalski's compliance with the Deletion Order arose almost immediately after it was entered on July 11, 2022. In addition to delaying the delivery of the third-party computer to Epiq, Kowalski initially refused to provide Epiq with the credentials it needed to commence its forensic examination. (See Doc. Noa. 211 at 2; 211-2; 217 at 1-4; 227 at 2; 254-1 at 29). To ensure compliance with the Deletion Order, the Court entered an Order on October 14, 2022, requiring Kowalski to “ ‘provide credentials to access the computer and all other sources, including but not limited to email accounts’ ” by October 17, 2022. (Doc. No. 229) (quoting Doc. No. 201 at 4). Indeed, though Kowalski has disputed the claim that she has violated the Deletion Order, there can be no dispute that the Court's October 14, 2022 Order quoted paragraph two of the Deletion Order and specifically directed her to “provide credentials to access the computer and all other sources, including but not limited to email accounts, where the inadvertently produced data may reside.” (Doc. No. 229 (emphasis added)).

*3 Though Kowalski complied with the October 14, 2022 Order by turning over her Gmail account password, Epiq still could not access the account without completing a two-factor authentication, which required an autogenerated unique code that was sent to Kowalski's phone. (See Doc. No. 254-1 at 29). Epiq contacted Attorney Bechtel to arrange for Kowalski to provide the unique code at a mutually agreeable time; however, Kowalski did not provide the code until November 1, 2022. (See Doc. No. 254-1 at 30).

During its forensic examination, Epiq found evidence of cloud-based activity on the third-party computer between February 4, 2022 and February 21, 2022. (See Doc. No. 254-1 at 31). Once Epiq identified the cloud-based sources as locations “where the inadvertently produced data may reside,” Kowalski was required to provide Epiq access to them, pursuant to both the Deletion Order and the October 14, 2022 Order. (See Doc. Nos. 201 at 1; 229).

Prudential argues that Kowalski's non-compliance with the Court's Orders is preventing Epiq from ensuring the deletion of the inadvertently produced data, thereby undermining the objective of this entire litigation. (See Doc. No. 254-1 at 8-9). Specifically, Prudential asserts that, by refusing to provide Epiq access to the cloud-based sources, Kowalski has failed to comply with the Deletion Order, which was jointly drafted by the parties to prevent Kowalski from retaining the inadvertently produced data by requiring her to provide Epiq with access to sources “where [it] may reside.” (Doc. No. 201 at 1) (emphasis added).

The Court agrees with Prudential's position that Epiq must search the cloud-based sources to “determine whether the [inadvertently produced] data was transferred to any other non-privileged undisclosed source, and ascertain the breadth and scope of any subsequent, non-privileged transfer, download and/or disclosure, if any, of the inadvertently disclosed data.” (Doc. No. 201 at 2). Though Kowalski suggests that the Deletion Order is confusing on this point and objects to what she views as a broad intrusion of her private accounts, her objection is baseless for three reasons. First, the Deletion Order itself was only necessary because Kowalski's counsel had incorrectly indicated that Kowalski had deleted the inadvertently produced data. Second, the Deletion Order was drafted by the parties to resolve what was then a pending motion to compel the forensic examination of the computer at issue. (Doc. No. 189). Third, any possible confusion created by the Deletion Order was certainly resolved by the Court's October 14, 2022, in which the Court specifically order Kowalski to turn over her credentials to all sources where the inadvertently produced data may reside. Accordingly, Prudential's Motion to Compel is GRANTED. Kowalski shall provide Epiq access to her Dropbox, OneDrive, and Google Drive accounts by April 17, 2023.

Prudential argues that Kowalski's actions are sanctionable because she has failed to comply with the requirements of the Deletion Order, despite having been afforded multiple opportunities to do so. (See Doc. No. 254-1 at 9-12). In support of its motion, Prudential asserts that Kowalski's non-compliance has caused it to expend significant and unnecessary time and money. (See Doc. No. 254-1 at 9).

The Court does not find that sanctions against Kowalski are warranted at this time due largely to the fact that Kowalski is representing herself in this matter and claims that she has not turned over the credentials to these cloud-based sources, not because of a willful refusal to comply with the Court's order, but due to a good faith belief that her provision of this information was not required by the Court's Orders. Prudential's Motion for Sanctions is DENIED without prejudice, however. Kowalski is cautioned that any future failure to comply with this Order would likely result in the issuance of sanctions.

*4 IT IS SO ORDERED.

Dated at New Haven, Connecticut, this 10th day of April 2023.