One of our observations after two decades of e-discovery practice is this: the move from a paper to electronic world hasn’t changed the fundamentals of discovery very much. Whatever its form, the data still has to be relevant, unique, not privileged and in the party’s possession, custody or control. That doesn’t mean that we can disregard some of the unique challenges electronic information presents, but upon reflection, it is clear to us that most questions that arise during discovery can still be answered by remembering these basic elements.

The perennial question of “possession, custody or control” may become more complicated in light of the U.S. Supreme Court recently granting certiorari in the landmark case of In the Matter of a Warrant to Search a Certain Email Account Controlled and Maintained by Microsoft. Companies will need to watch for this decision and its potential impact on discovery and information governance when data crosses borders.

Under the Federal Rules of Civil Procedure, it remains the case that parties are only obligated to preserve and produce those records that are in their possession, custody or control. Parties are not obligated to recreate records that were destroyed in the ordinary course of business or that are in the possession of third parties, as in Phillips v. Netblue, 2007 No. C-05-4401 SC. (N.D. Cal. Jan. 22, 2007) (The fundamental factor is that the document, or other potential objects of evidence, must be in the party’s possession, custody, or control for any duty to preserve to attach … One cannot keep what one does not have.) Until recently, litigants grappling with the meaning of “possession, custody or control” could review the case law to get guidance on the prevailing “legal right” and “practical ability” tests for determining the reach of possession, custody and control. Application of these tests has suddenly gotten fuzzier and more prone to dispute, however, as data moves to the cloud and erases borders, rendering notions of data location and accessibility quaint.

The Basics: Legal Right Versus Practical Ability

Federal Rule of Civil Procedure 34(a)(1) specifies that parties may only request the production of documents or electronically stored information (ESI) “in the responding party’s possession, custody or control.” ESI is within a party’s custody or control not only when the party has actual possession or ownership of the information, but also when the party has “the legal right to obtain the documents on demand,” In re Bankers Trust, 61 F.3d 465, 469 (6th Cir. 1995), cert. dismissed, 517 U.S. 1205 (1996). Jurisdictions applying this “legal right test” have found possession, custody or control where a contract grants a right of access to documents or when a party has a legal right to obtain the information upon demand by virtue of a principal-agent relationship, such as employer and employee, client and attorney, or a corporation and officer or director. For example, it is typical for third-party technology service providers or cloud-based software services to host their customers’ data. So far, the case law indicates that data a company can obtain on demand from a third party is data within the company’s “control,” see Flagg v. City of Detroit, 252 F.R.D. at 352 (court held that defendant was obligated to produce text messages stored with its third-party service provider because messages were within the defendant’s control); Tomlinson v. El Paso, 245 F.R.D. at 477 (court held company had control of certain electronic ERISA records maintained for the company by a third-party service provider and, therefore, had to produce them).

Some jurisdictions, however, have held that documents are under a party’s control when the party has the ‘practical ability’ to obtain documents from a non-party to the action,” as in Bank of New York v. Meridien BIAO Bank Tanzania, 171 F.R.D. 135, 146 (S.D.N.Y. 1997); see also Tomlinson v. El Paso, 245 F.R.D. 474, 477 (D. Colo. 2007) (documents are within a party’s control “if such party has retained any right or ability to influence the person in whose possession the documents lie”); but see Phillip M. Adams & Associates v. Dell, 2007 WL 626355, at *3 (D. Utah Feb. 22, 2007) (noting how district courts have rejected the “practical ability” test). Application of the ‘practical ability test’ is difficult in practice. For example, when a third party received a majority of its revenues from an organization, one court found that the organization likely had the ability to influence the third party into producing documents, as in  Jacoby v. Hartford Life and Accident Insurance, 254 F.R.D. 477, 479 (S.D.N.Y. 2009).

Corporate Structure Amid the Legal Right Versus Practical Ability Tests

Historically, corporate structure has provided a fairly clear means of determining whether an organization has actual control over information. Despite the myriad permutations of parent-subsidiary and sibling entity relationships, court decisions have set relatively clear guidelines by evaluating the ownership between entities, the establishment of common policies among entities, the exercise of actual control one entity has over another entity and any overlap between the executives of the entities, as in Dieterich v. Bauer, 198 F.R.D. 397, 401 (S.D.N.Y. 2001). Applying the legal right test, courts have found control by a parent corporation over documents held by its subsidiary and vice-versa, as well as control by one sister corporation over documents held by another sister corporation. See Securities & Exchange Commission v. Credit Bancorp,194 F.R.D. 469, 472 (S.D.N.Y. 2000); In re NTL, 244 F.R.D. at 195-197 (defendant had a duty to preserve documents held by a spin-off corporation, as documents were within its control); International Union of Petroleum & Industry Workers, AFL-CIO, 870 F.2d at 1452 (party must produce subsidiary’s files); In re Hallmark Capital, 534 F. Supp. 2d 981, 983 (D. Minn. 2008) (partner in partnership required to produce partnership documents within partner’s control); Starlight International v. Herlihy, 186 F.R.D. 626, 635 (D. Kan. 1999) (joint venture had legal right to obtain documents from members).

The outer bounds of the practical ability test are harder to define. Here, courts often focus on whether, in the ordinary course of business, an entity has the ability to obtain documents held by another entity, whether documents “flow freely” between the two entities or whether there has been “demonstrated access” to the documents in the past. Where a subsidiary obtained information from a parent entity in the past does not mean that the subsidiary has the practical ability to obtain information in the future. If, however, the subsidiary can exercise control, such as unfettered access to the information sought—even if the documents or other information are in the possession of the parent—the subsidiary may be required to produce the requested data or at least to make a good faith effort to do so. The practical ability test is often criticized because the test requires the production of documents based on a possibility that the data could be obtained even if that party has no legal right to the information. This test could obligate parties to produce information in violation of non-disclosure agreements and may bypass a thorough corporate veil analysis by ordering the production of records from, for example, non-party sister entities merely because the sister entities have a common parent corporation.

‘In re Microsoft Search Warrant’: Potential Impact

The U.S, Supreme Court recently granted certiorari in the landmark case of In re Microsoft Search Warrant which could clarify the test used to determine custody and control as well as establish precedent for international discovery and the role of comity in determining the reach of U.S. discovery to data beyond U.S. boundaries. If the court embraces the practical ability test, the decision could have a significant impact on discovery as well as corporate information governance.

In Microsoft v. United States, the U.S. Court of Appeals for the Second Circuit decided that a warrant issued pursuant to the Stored Communications Act (SCA) of 1986 did not require Microsoft to turn over material from a data center located outside of the United States. The government had sought all information associated with a free Microsoft email account, regardless of where the emails were stored. Microsoft provided the government with data stored in the United States, but refused to produce emails outside the United States stored in its Ireland data center, asserting that the data center is outside the jurisdictional limit of U.S. search warrants.

The question before the Supreme Court is whether the U.S. government can compel a company in the United States to produce records located outside the United States simply because the company has the “ability” to produce them, irrespective of actual ownership, privacy rights or location of the records. The practical ability test blurs the lines of discovery and corporate information governance. Global companies will need to understand the rules of the road after Microsoft including how they could be compelled to produce data no matter where it is stored.

Morgan Lewis partner Tess Blair is the founder and leader of the firm’s e-data practice, which seeks to combine great lawyering with technology and process to deliver real efficiency and value to clients. She and her team offer full-cycle electronic discovery and information governance services to organizations across the globe. 

Senior attorney Tara Lawler works with companies in all phases of electronic discovery and information management, including counseling on various preservation, collection, data processing, document review, and production-related strategies. Contact the authors at and to receive a copy of the Morgan Lewis 2017 eData Deskbook.