Epic Systems Corporation v. Tata Consultancy Services Limi

• Court: Court of Appeals for the Seventh Circuit
• Decided: August 20, 2020
• Docket: 19-1613
• Status: Published

Opinion

In the

United States Court of Appeals For the Seventh Circuit ____________________ Nos. 19-1528 & 19-1613 EPIC SYSTEMS CORP., Plaintiff/Counterclaim Defendant-Appellee/Cross-Appellant, v.

TATA CONSULTANCY SERVICES LTD. & TATA AMERICA INTERNATIONAL CORP. d/b/a TCS AMERICA, Defendants/Counterclaim Plaintiffs-Appellants/Cross-Appellees. ____________________

Appeals from the United States District Court for the Western District of Wisconsin. No. 14-cv-748 — William M. Conley, Judge. ____________________

ARGUED JANUARY 16, 2020 — DECIDED AUGUST 20, 2020 ____________________

Before FLAUM, MANION, and KANNE, Circuit Judges. KANNE, Circuit Judge. Without permission from Epic Sys- tems, Tata Consultancy Services (“TCS”)1 downloaded, from

1 Tata Consultancy Services Limited is an Indian company; Tata America International Corp. is a New York corporation that is wholly owned by Tata Consultancy Services. We refer to these companies collectively as “TCS.” 2 Nos. 19-1528 & 19-1613

2012 to 2014, thousands of documents containing Epic’s con- fidential information and trade secrets. TCS used some of this information to create a “comparative analysis”—a spread- sheet comparing TCS’s health-record software (called “Med Mantra”) to Epic’s software. TCS’s internal communications show that TCS used this spreadsheet in an attempt to enter the United States health-record-software market, steal Epic’s client, and address key gaps in TCS’s own Med Mantra soft- ware. Epic sued TCS, alleging that TCS unlawfully accessed and used Epic’s confidential information and trade secrets. A jury ruled in Epic’s favor on all claims, including multiple Wiscon- sin tort claims. The jury then awarded Epic $140 million in compensatory damages, for the benefit TCS received from us- ing the comparative-analysis spreadsheet; $100 million for the benefit TCS received from using Epic’s other confidential in- formation; and $700 million in punitive damages for TCS’s conduct. Ruling on TCS’s motions for judgment as a matter of law, the district court upheld the $140 million compensatory award and vacated the $100 million award. It then reduced the punitive-damages award to $280 million, reflecting Wis- consin’s statutory punitive-damages cap. Both parties ap- pealed different aspects of the district court’s rulings. We agree with the district court that there is sufficient ev- idence for the jury’s $140 million verdict based on TCS’s use of the comparative analysis, but not for the $100 million ver- dict for uses of “other information.” We also agree with the district court that the jury could punish TCS by imposing pu- nitive damages. But the $280 million punitive-damages award is constitutionally excessive, so we remand to the district Nos. 19-1528 & 19-1613 3

court with instructions to reduce the punitive-damages award. I. BACKGROUND Epic Systems is a leading developer of electronic-health- record software. This software aims to improve patients’ qual- ity of care by keeping relevant information about patients— like patient schedules and billing records—in a central loca- tion. Epic provides versions of this software to some of the top hospitals in the United States. Each customer licenses from Epic software applications (modules) to fit the customer’s spe- cific needs. The customer can then customize the software to ensure it operates properly within the customer’s organiza- tional structure. The complexity of Epic’s health-record system requires Epic’s customers to consistently update and test their sys- tems. To facilitate this process, Epic provides its customers with access to a web portal called “UserWeb.” UserWeb pro- vides various resources—including administrative guides, training materials, and software updates—and it also sup- plies an online forum where Epic’s customers can share infor- mation. Along with these helpful resources, UserWeb contains confidential information about Epic’s health-record software. To protect this information, Epic restricts who can access the UserWeb portal. Epic’s customers, who have access, are re- quired to maintain the confidentiality of this information, and they are expected to allow specific individuals access to this sensitive information on a “need-to-know” basis only. To guard this confidentiality, Epic allows only creden- tialed users to access UserWeb; to get credentialed, users must 4 Nos. 19-1528 & 19-1613

prove they are either a customer or a consultant. Customers get access to all features and documents related to the mod- ules they license from Epic. Consultants—who are hired by customers to implement and test Epic’s software—cannot ac- cess features like the discussion forum and training materials. In 2003, Kaiser Permanente—the largest managed- healthcare organization in the United States—obtained a li- cense from Epic to use KP HealthConnect, a Kaiser-specific version of Epic’s electronic-health-record software. Because of Kaiser’s size, implementation of KP HealthConnect is highly complex; testing and tweaking it after each update is compli- cated and time consuming. For help with these tasks, Kaiser hired TCS in 2011. TCS provides information-technology services, like software test- ing and consulting, on a global basis. But TCS also has its own electronic-health-record software, Med Mantra, which at the time was predominately sold in India. Epic was aware of this conflict of interest and was con- cerned about TCS’s relationship with Kaiser. Still, Kaiser used TCS to test KP HealthConnect. But to fulfill its obligation of confidentiality to Epic, Kaiser imposed rules for TCS to follow while working on Kaiser’s account. First, TCS was required to perform all services related to KP HealthConnect at Kaiser offices in the United States or off- shore development centers—approved facilities outside the United States. Second, TCS was required to follow strict security proto- cols at the offshore development centers. Desktop computers used to work on KP HealthConnect could be used only for Kaiser-related work. To ensure these computers could not Nos. 19-1528 & 19-1613 5

access the internet or TCS’s email system, a firewall was in- stalled. Other computers at the offshore facilities could access TCS’s network and email system but were not allowed to ac- cess KP HealthConnect material. TCS, while operating under these strict requirements, pro- vided testing and support services to Kaiser. But TCS employ- ees claimed they could perform the required tasks more effi- ciently if they had full access to UserWeb. Kaiser repeatedly asked Epic to grant TCS this access; Epic repeatedly declined to do so. Unsatisfied with this lack of access, in late 2011, TCS found a way to gain unfettered access to all the information available on UserWeb: the key was Ramesh Gajaram. TCS hired Gaja- ram to work on the Kaiser account from an offshore develop- ment center in Chennai, India. Before working for TCS, Gaja- ram worked for a different company that also helped Kaiser test KP HealthConnect. While working for that company, Gajaram falsely identified himself to Epic as a Kaiser em- ployee, and Epic granted Gajaram full access to UserWeb. Gajaram informed his superior at TCS, Mukesh Kumar, that he still had access to UserWeb. At Kumar’s request, Gaja- ram accessed the UserWeb portal. Gajaram also shared his login credentials with other employees at the Chennai off- shore development center. A few years later, Gajaram trans- ferred to TCS’s Portland, Oregon office; he again shared his UserWeb login credentials with at least one other TCS em- ployee. Thanks to Gajaram’s actions, dozens of TCS employees gained unauthorized access to UserWeb. And from 2012 to 2014, TCS employees accessed UserWeb thousands of times 6 Nos. 19-1528 & 19-1613

and downloaded over 6,000 documents (1,600 unique docu- ments) totaling over 150,000 pages. These documents con- tained Epic’s confidential information, including some of its trade secrets. And not all of this information related to TCS’s work for Kaiser; employees downloaded information related to a medical-laboratory module that Kaiser does not license from Epic. This unauthorized access came to light in early 2014, when Philip Guionnet, a TCS employee, attended meetings concern- ing the Med Mantra software. At the first meeting, Guionnet observed a demonstration of Med Mantra for Kaiser execu- tives. Guionnet was “astounded”; he had seen Med Mantra several times before and believed the software had dramati- cally improved. After this meeting, Guionnet was concerned that “some of the information from Kaiser had been used to improve Med Mantra.” So, Guionnet visited the Med Mantra product devel- opment team. During his visit, a TCS employee showed Guionnet a spreadsheet that compared Med Mantra to Epic’s electronic-health-record software. The spreadsheet com- pared, in some detail, the functionalities of the two products. Guionnet believed this spreadsheet confirmed his suspicion that information regarding Kaiser’s version of Epic’s software had been used to improve Med Mantra. Guionnet then asked for a copy of this spreadsheet. What he received instead was a less-detailed document referred to as the “comparative anal- ysis.” The comparative analysis—a key document in this ap- peal—was created as a part of TCS’s effort to see if it could sell Med Mantra in the United States. Specifically, TCS wanted to sell Med Mantra directly to Kaiser, who was using Nos. 19-1528 & 19-1613 7

Epic’s software, and wanted to be sure that “key gaps” in Med Mantra were addressed before this attempted sale. So, TCS gave a consultant from the Med Mantra team the task of cre- ating a comparison between Med Mantra and Epic’s software. In doing so, this employee worked with “Subject Matter Ex- perts”—employees who had experience with Epic’s soft- ware—and created the comparative analysis that was ulti- mately sent to Guionnet. The comparative analysis is an 11-page spreadsheet that compares Med Mantra to Epic’s software. The first page lists 33 modules, and it notes whether the module is available in Med Mantra and Epic’s software; the next 10 pages list Med Mantra’s functions and note whether Epic’s software contains the same functions. Multiple TCS employees confirmed that the information used in this comparative analysis is not pub- licly available.2 Guionnet—after attending these meetings and viewing the comparative analysis—reported his concerns in June 2014 to TCS, Kaiser, and Epic employees. Epic and Kaiser immedi- ately investigated Guionnet’s claim and discovered that TCS employees had gained unauthorized access to UserWeb. But TCS employees were less than forthcoming during Kaiser’s investigation; multiple TCS employees lied to investigators about TCS’s access to UserWeb. A few months later, Epic filed suit against TCS, alleging that TCS used fraudulent means to access and steal Epic’s

2 In fact, TCS was barred from arguing that the comparative analysis was created from information in publicly available sources because it failed to “direct the court to any evidence that the comparative analysis was created from such sources.” 8 Nos. 19-1528 & 19-1613

trade secrets and other confidential information. During a contentious year-and-a-half discovery process, Epic learned that TCS had failed to preserve relevant evidence. The district court sanctioned TCS for its discovery failures by ultimately providing the jury with an adverse-inference instruction: If you find by a preponderance of the evidence that Epic has proven TCS both: (1) intentionally de- stroyed evidence (or intentionally caused evidence to be destroyed), and (2) caused the evidence to be destroyed in bad faith, then you may assume that this evidence contained information helpful to Epic and harmful to TCS. The district court bifurcated proceedings into a liability phase and a damages phase. The liability phase began in April 2016. The jury returned a verdict in favor of Epic on all claims, including those under Wisconsin law for breach of contract, fraudulent misrepresentation, misappropriation of trade se- crets, unfair competition, deprivation of property, and unjust enrichment. Before the damages phase of trial, Epic presented the dis- trict court with evidence it sought to present to the jury re- garding the benefit TCS received by using Epic’s confidential information and trade secrets. Epic’s expert, Thomas Britven, initially based his damages calculation on costs Epic incurred developing the modules underlying all the documents TCS stole. But the district court concluded that the evidence did not support Epic’s broad claims of the use to which TCS put the stolen information. The district court accordingly rejected Epic’s initial damages proffer but gave Epic another oppor- tunity to present evidence of TCS’s uses of the stolen infor- mation and the value of those uses to TCS. Nos. 19-1528 & 19-1613 9

Epic went back to the drawing board and returned to the district court with a new, more limited theory of damages. Britven based his new calculation on only the confidential in- formation and trade secrets that were incorporated into the comparative analysis spreadsheet. This calculation still used a proxy for the benefit TCS received: the costs Epic incurred in developing these specific software modules—accounting for coding costs that did not benefit TCS and technology de- cay over time. The district court accepted this “ratchet[ed] back” damages theory, noting the new calculation “more ap- proximates what was actually received and apparently used by [TCS] both in the comparative model but also what were ongoing discussions by marketing people within [TCS].” During the damages trial, Epic presented two witnesses: Stirling Martin and Britven. Martin used a chart that both identified which Epic modules were reflected in TCS’s down- loads and identified, with a checkmark, which of these mod- ules were reflected in the comparative analysis. Martin testi- fied about what stolen information was incorporated into the comparative analysis. Britven then presented a calculation of the value TCS received by avoiding research and develop- ment costs they would have incurred without the stolen in- formation. First, Britven identified how much it cost Epic to develop the modules related to the trade secrets and confiden- tial information that made their way into the comparative analysis. Then, Britven adjusted this number based on certain coding costs (which conferred no benefit on TCS) and the de- cay in the value of technology over time. He reached an ap- proximate benefit to TCS of about $200 million. TCS called its damages expert—Brent Bersin—to testify about the value of the benefit TCS received related to the 10 Nos. 19-1528 & 19-1613

comparative analysis. Bersin testified that Epic was not enti- tled to an award of economic damages, but he also testified that Britven incorrectly calculated the damages. Specifically, Bersin pointed out that Britven’s calculation failed to account for reduced labor costs in India; TCS could pay its India-based engineers about 30% to 40% less than Epic would have to pay its engineers to develop the same software. At the end of the damages trial, the district court gave the jury a special-verdict form concerning compensatory dam- ages. The jury was asked to determine the amount of dam- ages, if any, to which Epic was entitled based on (a) the “Ben- efit of TCS’s Use of [the] Comparative Analysis,” and (b) the “Benefit of TCS’s Use of Other Confidential Information.” The jury was also asked to determine whether Epic should be awarded punitive damages, and if so, in what amount. The jury returned a $940 million total damages award: $140 million for uses of the comparative analysis, $100 million for uses of “other” confidential information, and $700 million in punitive damages. The district court entered an injunction prohibiting TCS from using, possessing, or retaining any of Epic’s trade secrets or confidential information. The court then addressed several post-trial motions, in- cluding TCS’s three motions for judgment as a matter of law on liability and damages. Fed. R. Civ. P. 50(a). The district court upheld the jury’s liability verdict and its $140 million compensatory-damages award based on TCS’s uses of the comparative analysis, which contained Epic’s information. But the district court struck the $100 million compensatory award for “other uses” of Epic’s confidential information and also reduced the punitive-damages award to $280 million Nos. 19-1528 & 19-1613 11

based on a Wisconsin statutory cap on punitive damages. See Wis. Stat. § 895.043(6). TCS then filed a post-judgment motion under Rules 50(b) and 59, again seeking judgment as a matter of law, or in the alternative, a new trial. But this motion “largely repeat[ed] the same arguments previously raised in [TCS’s] Rule 50(a) mo- tion.” The district court denied this new motion, leaving in- tact the $140 million compensatory award based on the com- parative analysis. It also upheld the previously reduced $280 million punitive-damages award, noting that its prior deci- sion to vacate part of the compensatory-damages award “does not undermine the jury’s award of punitive damages.” II. ANALYSIS Both parties appealed different aspects of the district court’s post-trial rulings. TCS challenges the district court’s decision to leave intact the $140 million compensatory award related to the comparative analysis. TCS also challenges the district court’s punitive damages decisions. On cross-appeal, Epic challenges the district court’s decision to vacate the $100 million compensatory award based on “other uses” of Epic’s confidential information. We first note what law applies to these appeals. Jurisdic- tion in this case is based on diversity of citizenship and a fed- eral question (with supplemental jurisdiction over the state- law claims). When hearing state-law claims that arise under diversity jurisdiction, 28 U.S.C. § 1332, or supplemental juris- diction, id. § 1367, federal courts are “obliged to follow state decisional law, as well as all other state law.” Houben v. Telular Corp., 309 F.3d 1028, 1032 (7th Cir. 2002). And when a federal jury awards compensatory damages based on a state-law 12 Nos. 19-1528 & 19-1613

claim, state law applies to our review of that damages award. Kaiser v. Johnson & Johnson, 947 F.3d 996, 1019 (7th Cir. 2020). Similarly, when state law provides the basis for liability, the punitive-damages award must be consistent with state law. See Kapelanski v. Johnson, 390 F.3d 525, 534 (7th Cir. 2004). Epic’s damages award for unjust enrichment was based on its claims under Wisconsin law for misappropriation of its trade secrets and confidential information. And its award of punitive damages had to be based on Epic’s Wisconsin law “trade secrets, fraudulent misrepresentation[,] and unfair competition claims.” Wisconsin law therefore applies to the parties’ substantive challenges of these damages awards. With that in mind, we address the parties’ challenges to the district court’s decisions regarding compensatory damages. We then turn to TCS’s ar- guments concerning punitive damages. A. “Comparative Analysis” Compensatory Award The jury awarded Epic $140 million in compensatory dam- ages based on the benefit TCS derived from using the com- parative analysis, which contained some of Epic’s confidential information. The district court upheld this award on two oc- casions: first, when ruling on TCS’s post-trial motion for judg- ment as a matter of law, Fed. R. Civ. P. 50(a); and second, when ruling on TCS’s renewed motion for judgment as a mat- ter of law, id. 50(b), and motion for a new trial, id. 59. We review a district court’s denial of a motion for judg- ment as a matter of law de novo. Empress Casino Joliet Corp. v. Balmoral Racing Club, Inc., 831 F.3d 815, 822 (7th Cir. 2016); see also Abellan v. Lavelo Prop. Mgmt., LLC, 948 F.3d 820, 827 (7th Cir. 2020) (applying Rule 50 and reviewing the district court’s Nos. 19-1528 & 19-1613 13

decision de novo when state substantive law applied). “Thus, like the district court, we decide whether the jury had ‘a le- gally sufficient evidentiary basis’ for its verdict.” May v. Chrysler Grp., LLC, 716 F.3d 963, 971 (7th Cir. 2013) (per cu- riam) (quoting Fed. R. Civ. P. 50(a)(1)). In doing so, we con- strue all evidence in the record—and inferences that can be reasonably drawn from that evidence—in favor of the party that prevailed at trial on the issue; that party here is Epic. May, 716 F.3d at 971. This is a high burden for the moving party to satisfy: we reverse the verdict “only if no rational jury could have found in [Epic’s] favor.” Andy Mohr Truck Ctr., Inc. v. Volvo Trucks N. Am., 869 F.3d 598, 602 (7th Cir. 2017). Addi- tionally, we review a district court’s denial of a motion for a new trial under Rule 59 for an abuse of discretion. Abellan, 948 F.3d at 830. TCS argues it is entitled to judgment as a matter of law on this compensatory-damages award because there is no logical connection between the basis for liability and the jury’s dam- ages verdict. Specifically, TCS argues that a reasonable jury could not find that TCS received a $140 million benefit by in- corporating Epic’s confidential information and trade secrets into what TCS characterizes as a “stale marketing document.” Unjust enrichment damages are available as a remedy for a defendant’s misappropriation of trade secrets, Wis. Stat. § 134.90, and are also available as a remedy for Wisconsin tort claims, see Pro-Pac, Inc. v. WOW Logistics Co., 721 F.3d 781, 786 (7th Cir. 2013). An action for recovery seeking unjust enrich- ment damages is “grounded on the moral principle that one who has received a benefit has a duty to make restitution where retaining such a benefit would be unjust.” Watts v. Watts, 405 N.W.2d 303, 313 (Wis. 1987). 14 Nos. 19-1528 & 19-1613

Because the recovery of unjust enrichment damages is grounded in equitable principles, Wisconsin law limits the measure of unjust enrichment damages to the value of the “benefit conferred upon the defendant.” Mgmt. Comput. Servs., Inc. v. Hawkins, Ash, Baptie & Co., 557 N.W.2d 67, 79–80 (Wis. 1996); cf. Halverson v. River Falls Youth Hockey Ass’n, 593 N.W.2d 895, 900 (Wis. Ct. App. 1999) (“Making improvements alone does not prove the [defendant] received any benefit from them.”). Unjust enrichment damages must be proven with reasonable certainty, Mgmt. Comput. Servs., 557 N.W.2d at 80, and any costs the plaintiff may have incurred are “gen- erally irrelevant,” Lindquist Ford, Inc. v. Middleton Motors, Inc., 557 F.3d 469, 477 (7th Cir. 2009). But the reasonable value of the benefit conferred on a de- fendant can be measured in a variety of ways. In ordinary un- just enrichment cases involving money or services, the amount of recovery “is the amount of money advanced or the reasonable value of the services rendered.” Shulse v. City of Mayville, 271 N.W. 643, 647 (Wis. 1937). In other cases, a ben- efit is conferred under circumstances in which the “benefactor reasonably believes that he will be paid,” so the benefactor may be entitled to receive damages equaling “the market value of the benefit.” Cosgrove v. Bartolotta, 150 F.3d 729, 734 (7th Cir. 1998). And the Restatement of Restitution and Unjust Enrichment—which Wisconsin courts treat as persuasive au- thority, see, e.g., Buckett v. Jante, 767 N.W.2d 376, 382–83 (Wis. Ct. App. 2009)—provides many examples of how to calculate the benefit conferred on a defendant depending on the con- text in which that benefit is received. See, e.g., Restatement (Third) of Restitution and Unjust Enrichment § 41 (2011) (providing guidance on how to calculate the benefit conferred Nos. 19-1528 & 19-1613 15

on the defendant in cases involving the misappropriation of financial assets). Simply put, there is no single way to measure the benefit conferred on a defendant; the measurement is context de- pendent. The important considerations are that a judge or jury calculates the benefit to the defendant—not the loss to the plaintiff—and that this calculation is done with reasonable certainty. See, e.g., Mgmt. Comput. Servs., 557 N.W.2d at 80 (holding that evidence of lost profits is insufficient for a “fair and reasonable approximation of unjust enrichment dam- ages” because “unjust enrichment is not measured by the plaintiff’s loss”); W.H. Fuller Co. v. Seater, 595 N.W.2d 96, 100 (Wis. Ct. App. 1999) (remanding with instructions for the trial court to first determine which of the plaintiff’s services the de- fendant actually benefited from and then determine the value of that benefit). Following this general approach, we have noted at least one way a plaintiff may prove the amount of benefit conferred on the defendant when the case involved misappropriation of trade secrets. In 3M v. Pribyl, we upheld the jury’s liability finding concerning the defendant’s misappropriation of 3M’s trade secret (operating procedures and manuals). 259 F.3d 587, 595–97 (7th Cir. 2001) (applying Wisconsin trade secret law). We found in the record sufficient evidence that the de- fendants used the misappropriated operating procedures and manuals to gain “a significant head start in their operation.” Id. at 596. While this trade secret was not used directly to de- velop a new product and was not tied to any of the defend- ant’s specific profits, we affirmed the jury’s liability verdict, and also noted that damages were awarded based on “what 16 Nos. 19-1528 & 19-1613

it would have cost the defendants to independently develop the trade secrets at issue.” Id. at 607. So, avoided research and development costs have been awarded when the defendants gained a significant head start in their operations. TCS believes that avoided research and development costs are not a reasonable proxy for the benefit it received from the comparative analysis. TCS assumes that Epic could prove only that the comparative analysis was used as a “stale mar- keting document.” Additionally, TCS argues that Britven— Epic’s damages expert—made a fundamental error under Wisconsin law: he based his unjust enrichment damages on Epic’s cost rather than TCS’s benefit. So, TCS reasons, the dam- ages awarded based on this calculation must fail as a matter of law. We disagree. Calculating the benefit conferred on a de- fendant to determine unjust enrichment damages is a context- specific analysis. Under Wisconsin law, the jury could award avoided research and development costs based on TCS gain- ing a “significant head start in [its] operation.” Id. at 596. And, viewing the evidence in the light most favorable to Epic, the jury would have a sufficient basis to award Epic $140 million in compensatory damages based on the “head start” TCS gained in development and competition. That “head start,” the jury could conclude, came from TCS’s use of the compar- ative analysis and thus the stolen information incorporated into that analysis. Furthermore, the jury could base its award on the benefit TCS received from avoided research and devel- opment costs, not the cost Epic incurred when creating the same information. Nos. 19-1528 & 19-1613 17

Let’s turn from the legal theory that supports the jury ver- dict to the evidence that supports the damages award. First, Epic presented evidence that TCS stole confidential infor- mation and trade secrets from Epic’s UserWeb. Gajaram, a TCS employee, testified that he improperly obtained creden- tials that allowed him to view UserWeb in its entirety. Gaja- ram also testified that he shared his credentials with other TCS employees. Stirling Martin, Epic’s senior vice president, testified that he determined TCS employees downloaded at least 1,600 unique files from UserWeb in two years. Martin confirmed that these files contained confidential information, including trade secrets. The jury also saw slides from a TCS PowerPoint presenta- tion showing that TCS strategized as to how it could start sell- ing electronic-health-record software in the United States. TCS noted in this PowerPoint, however, that there were “key gaps” in Med Mantra that TCS would need to address before selling it to United States companies. In a deposition played for the jury, a TCS employee confirmed that TCS wanted to “implement” Med Mantra at Kaiser, one of Epic’s biggest cus- tomers, and that he was asked to create the comparative anal- ysis to help achieve this goal. This employee also testified that he refused to create the comparative analysis because he did not want to get in trouble for disclosing Epic’s confidential in- formation. Still, the jury saw internal emails showing that TCS found a willing participant and the comparative analysis was created. The jury also heard Guionnet testify that TCS wanted to find a way to implement “Med Mantra, either as a whole or in modules, in the U.S.” To that end, Guionnet testified that TCS worked with DaVita to develop a lab module. And the 18 Nos. 19-1528 & 19-1613

PowerPoint slides shown to the jury show that TCS—as a part of its United States entry strategy—would use DaVita “as a reference site to promote Lab Management solution[s] to Hos- pitals and Independent Laboratories.” This lab module was a success; an email shown to the jury indicated that TCS planned on “marketing the [l]ab product as a starter immedi- ately to position [itself] in the Provider space.” Additionally, Epic presented evidence that, based on TCS’s discovery violations, would allow it to draw an adverse inference against TCS. The jury heard evidence that TCS failed to preserve proxy logs that would have indicated who accessed UserWeb and when. It also heard that TCS failed to preserve the contents of its computer hard drives. So, the jury could conclude that TCS destroyed evidence of additional downloaded documents that “contained information helpful to Epic and harmful to TCS.” The jury could conclude, based on all the evidence we’ve described, that TCS used Epic’s stolen confidential infor- mation, including trade secrets, to create the comparative analysis. Then, the jury could infer from the evidence that the comparative analysis was used for a variety of purposes. These purposes include: attempting to sell Med Mantra to Kaiser, one of Epic’s largest customers; attempting to enter the United States market and compete directly with Epic; and ad- dressing any key gaps in Med Mantra, potentially by improv- ing the product. These findings are bolstered by the adverse inference against TCS—an inference that would allow the jury to conclude that more documents harmful to TCS existed. The jury could therefore find that TCS’s benefit, based on TCS’s use of the comparative analysis, was a “head start” in competition and development. Indeed, the evidence allowed Nos. 19-1528 & 19-1613 19

a jury to conclude that TCS used Epic’s confidential infor- mation to thoroughly evaluate what it would take to compete in a new market. In other words, a jury could conclude that TCS had a free shot—using stolen information—to determine whether it would be profitable to improve Med Mantra and implement a variety of tactics to enter the United States elec- tronic-health-record market. Based on these intermediate findings, a jury could determine that a reasonable valuation of this benefit is the cost TCS avoided by not having to de- velop this information by itself. And the jury could value that benefit—avoided research and development costs—at $140 million. Martin testified that information taken from UserWeb was incorporated into the comparative analysis. He explained that the stolen infor- mation corresponded to specific modules of Epic’s software; so, Martin broke down for the jury which information, corre- sponding to specific modules, had been embedded in the comparative analysis. Martin then showed the jury an exhibit on which he placed a checkmark by each module of Epic’s software that he believed made its way into the comparative analysis. Britven then calculated TCS’s benefit from avoiding the cost of researching and developing the stolen modules that were incorporated into the comparative analysis. He started by calculating Epic’s cost in developing all of the information taken by TCS; he then reduced that number to reflect only the cost Epic incurred from developing modules incorporated into the comparative analysis. A few more reductions were made: one subtracting the costs of Epic’s coding that TCS did not receive, and one reflecting the decayed value of technol- ogy over time. Britven concluded, based on this calculation, 20 Nos. 19-1528 & 19-1613

that TCS received a $200 million benefit even though “Epic incurred [$]306 million to develop those same trade secrets and confidential information.” TCS’s expert, Bersin, testified about what he believed to be missing from Britven’s calculation: a labor-cost reduction. He explained that Med Mantra’s development team is located in India, where labor costs are 30–40% less than in the United States, where Epic developed its software. So, he reasoned, TCS’s avoided research and development costs should be 30– 40% less than the $200 million Britven calculated. And apply- ing a 30% reduction to Britven’s $200 million benefit value leaves you with an estimated $140 million in avoided research and development costs—the exact amount of damages awarded by the jury. In sum, the jury had a sufficient basis to reach the $140 million “comparative analysis” compensatory award. TCS’s argument to the contrary relies on the assumption that the comparative analysis was used as nothing more than a stale marketing document. But the jury was presented with evi- dence that would allow it to conclude the comparative analy- sis was not just a stale marketing document; the comparative analysis—and therefore Epic’s information—was used to help TCS evaluate its United States entry strategy and potentially even address key gaps in Med Mantra by improving the prod- uct. The evidence also allowed the jury to conclude that avoided research and development costs were a reasonable valuation of the benefit TCS received from using the compar- ative analysis, which contained stolen information. Likewise, using avoided research and development costs as the valua- tion of TCS’s benefit, the jury could have reached a $140 mil- lion compensatory award. Importantly, it could do so without Nos. 19-1528 & 19-1613 21

equating Epic’s development costs ($306 million, by Britven’s estimate) to TCS’s benefit from using Epic’s information in the comparative analysis. So, we agree with the district court’s decisions to uphold this damages verdict and deny TCS’s mo- tion for a new trial. TCS’s next argument concerns the punitive-damages award. But before we shift to punitive damages, we address Epic’s cross-appeal of the district court’s decision to vacate the jury’s $100 million compensatory-damages award for TCS’s “other uses” of Epic’s confidential information. B. “Other Confidential Information” Compensatory Award The district court presented the jury with a special-verdict form that allowed it to award damages based on (a) the bene- fit of TCS’s use of the comparative analysis and (b) the benefit of TCS’s use of other confidential information. The district court included “part b” of the verdict because “there was some evidence that other confidential information was dis- seminated ‘out beyond the specific people who discussed the comparative analysis.’” The jury initially awarded $100 million for “the benefit of TCS’s use of other confidential information” in addition to the $140 million awarded for the “benefit of TCS’s use of [the] comparative analysis.” But, in partially granting TCS’s Rule 50 motion for judgment as a matter of law, the district court held that this $100 million award for benefits from “other in- formation” was too speculative and was “tied to no evidence of specific use at all.” We review a district court’s decision to grant judgment as a matter of law de novo. Passananti v. Cook County, 689 F.3d 655, 659 (7th Cir. 2012). “Our job is to assure that the jury had a 22 Nos. 19-1528 & 19-1613

legally sufficient evidentiary basis for its verdict.” Filipovich v. K & R Express Sys., Inc., 391 F.3d 859, 863 (7th Cir. 2004). In deciding a Rule 50 motion, we “construe[] the evidence strictly in favor of the party who prevailed before the jury” and we do not make credibility determinations or reweigh the evidence. Passananti, 689 F.3d at 659. Still, “a verdict sup- ported by no evidence or a mere scintilla of evidence will not stand.” Martin v. Milwaukee County, 904 F.3d 544, 550 (7th Cir. 2018). The specific verdict at issue here is the jury’s award of compensatory damages apart from those based on the com- parative analysis. Under Wisconsin law, compensatory dam- ages must be “proved with reasonable certainty.” Novo Indus. Corp. v. Nissen, 140 N.W.2d 280, 284 (Wis. 1966). This does not require the plaintiff to prove damages with “mathematical precision; rather, evidence of damages is sufficient if it ena- bles the jury to make a fair and reasonable approximation.” Mgmt. Comput. Servs., 557 N.W.2d at 80. Epic—to prove it was entitled to unjust enrichment dam- ages for TCS’s use of other confidential information—needed to show that TCS used confidential information that was not incorporated into the comparative analysis. Epic says the jury heard evidence that would allow it to conclude that other con- fidential information—that was not incorporated into the comparative analysis—was used to improve Med Mantra. Epic points to Guionnet’s testimony, testimony that TCS as- signed a Med Mantra team member to the Kaiser account, tes- timony about TCS’s downloading of information unrelated to its work for Kaiser, and the adverse-inference jury instruction in support of this theory. Epic also points to evidence it be- lieves the jury could have used to reasonably determine that Nos. 19-1528 & 19-1613 23

TCS received a $100 million benefit based on its use of this alleged other confidential information. But we believe the ev- idence isn’t enough to support the jury’s $100 million award. Let’s start with Guionnet’s testimony. Guionnet—a TCS manager responsible for the Kaiser account—testified that he attended a meeting where Med Mantra was presented to Kai- ser executives. He left the meeting “astounded”; Med Mantra had improved significantly since the last time he had seen the software, and he “was concerned that some of the information from Kaiser had been used to improve Med Mantra.” Guion- net then met with members of the Med Mantra team. A TCS employee—introduced to Guionnet as the “interface between Med Mantra” and the Kaiser team—showed Guionnet a “comparison … between Med Mantra and Epic.” Guionnet “basically … knew” at that point that TCS had improperly used Epic’s information. In a portion of Guionnet’s deposition played for the jury, Guionnet confirmed that he more than suspected that Epic’s information was used to improve Med Mantra: “it’s knowledge.” He stated that Epic’s “workflow, data model, functionalities, [and] test scripts” were used in Med Mantra’s development. But when pressed about how he knew Epic’s information was used to improve Med Mantra, Guionnet con- sistently responded by saying “I don’t remember,” “I don’t remember the details,” or by saying he would have to go back and look at his emails. Guionnet then confronted TCS’s president with infor- mation about TCS’s misconduct. But rather than initiating an investigation, TCS’s president transitioned Guionnet away from the Kaiser account and told him that if he did not 24 Nos. 19-1528 & 19-1613

transition “peacefully,” he would be “put … in a corner” and TCS would “make [his] life miserable.” This evidence is missing something: any proof that TCS used any confidential information besides the information in- corporated into the comparative analysis. Guionnet testified that he knew TCS used Epic’s information to improve Med Mantra, but the evidence indicated that his knowledge came from reviewing the comparative analysis, only. And when pressed at his deposition about how he knew that Med Man- tra improved, Guionnet provided nothing but a lack of memory and some general statements that Med Mantra had improved. Basically, Guionnet was unable to tie what he per- ceived to be Med Mantra’s significant improvements to any “other information” besides the comparative analysis. Guionnet’s testimony about his meeting with the Med Mantra team does not add any support for the verdict. Guion- net testified that at this meeting, he received a detailed run- down of Med Mantra’s functionality. Additionally, a TCS em- ployee showed him a spreadsheet comparing Med Mantra to Epic’s software. But this information is related to TCS’s use of the comparative analysis; it has nothing to do with Epic’s other confidential information. Guionnet’s testimony thus supports an inference that TCS used Epic’s confidential infor- mation, but only the information that was incorporated into the comparative analysis. Epic next points to evidence that TCS assigned members of the Med Mantra team to the Kaiser account. Guionnet tes- tified that “DV” Prasad “was a member of the Med Mantra team who was planted in [the Kaiser] organization.” And in a deposition played for the jury, Prasad stated that Reddy, a senior TCS executive, asked him to prepare a presentation Nos. 19-1528 & 19-1613 25

comparing Med Mantra and Epic. Prasad then confirmed that he “never did” prepare the presentation because he knew it was “not right.” But even without Prasad’s compliance, Reddy found a willing employee and created the comparative analysis. Guionnet testified that he later caught wind that Prasad— a member of the Med Mantra team—was planted in the Kaiser organization. Guionnet attempted to get rid of Prasad imme- diately; the head of TCS’s healthcare unit denied this request, leaving this “plant” on the Kaiser team. This evidence, contrary to Epic’s argument, has nothing to do with TCS’s uses of “other information.” Reddy made his intentions clear: Prasad was to use Epic’s confidential infor- mation to compare Med Mantra to Epic’s software before at- tempting to sell Med Mantra to Kaiser. This evidence shows only that Epic’s confidential information made its way into the comparative analysis, which was then used as part of an overall market-entry strategy. Rather than proving that “other information” was used, this evidence simply provides additional support for the jury’s compensatory-damages award for TCS’s use of the comparative analysis. So again, we see no evidence tying any of Epic’s other stolen confidential information to any use outside of the comparative analysis. In another attempt to show TCS used other confidential information to improve Med Mantra, Epic points to evidence regarding TCS’s laboratory module. First, Epic points to TCS’s PowerPoint, which acknowledges that there were key gaps in Med Mantra that needed to be addressed. And Martin testified that TCS employees stole information regarding Epic’s laboratory product, Beaker. Guionnet testified that TCS had partnered with DaVita to create its own laboratory 26 Nos. 19-1528 & 19-1613

module. This project, however, fell behind and was described as “well below average” by an independent third party. Still, an email from a TCS employee showed that TCS was “very seriously thinking” about “marketing the Lab product as a starter immediately to position [TCS] in the Provider space.” TCS later licensed the DaVita laboratory module to another United States company, Quest Diagnostics. But this is where evidence concerning Beaker ends. Epic asserts that the mere fact that TCS downloaded information about Beaker shows that “TCS used [its] confidential infor- mation and trade secret information to improve the lab prod- uct it developed for DaVita.” Yet Epic fails to provide any ex- amples of how Epic’s modules or information, including the Beaker module, could be tied to uses or improvements involv- ing the DaVita project. So, Epic presented evidence only that TCS downloaded information concerning Beaker; but it does not present evidence that TCS actually used this information. Without a link from this information to any use, Epic’s evi- dence does not support a finding that TCS used “other confi- dential information.” Epic attempts to plug the evidentiary holes described above by pointing to the adverse-inference instruction. It’s true that—given the district court’s instruction—the jury heard evidence supporting an inference that TCS destroyed documents that were harmful to TCS and helpful to Epic. But even with this inference, there is still no concrete evidence showing that TCS used Epic’s “other information.” Epic is thus left asking a jury to award damages based solely on speculation as to what might be contained in the de- stroyed documents. And if this type of broad adverse infer- ence based on the destruction of evidence—standing alone— Nos. 19-1528 & 19-1613 27

were enough to support a jury’s damages verdict, a jury could hypothetically award a plaintiff any amount of damages based on any theory of liability. This would be antithetical to the purpose of adverse-inference instructions: sanctioning misconduct while leveling the evidentiary playing field. See Silvestri v. General Motors Corp., 271 F.3d 583, 590 (4th Cir. 2001). To be clear, evidence supporting an adverse inference, combined with other relevant circumstantial evidence, may be a sufficient evidentiary basis for a jury’s verdict. See Aspen Tech., Inc. v. M3 Tech., Inc., 569 F. App’x 259, 266 (5th Cir. 2014) (finding the jury had a legally sufficient basis for its verdict based on circumstantial evidence and two adverse-inference instructions); cf. Kronisch v. United States, 150 F.3d 112, 128 (2d Cir. 1998) (“[A]t the margin, where the innocent party has produced some (not insubstantial) evidence in support of his claim, the intentional destruction of relevant evidence … may push a claim that might not otherwise survive summary judg- ment over the line.”). But the destruction of evidence—by it- self—is insufficient to support a jury’s verdict as a matter of law. Cf. Kronisch, 150 F.3d at 128 (“We do not suggest that the destruction of evidence, standing alone, is enough to allow a party who has produced no evidence—or utterly inadequate evidence—in support of a given claim to survive summary judgment on that claim.”). See generally HK Sys., Inc. v. Eaton Corp., 553 F.3d 1086, 1088 (7th Cir. 2009) (noting that the standard is the same for summary judgment and for judg- ment as a matter of law). So, if Epic were truly using the adverse inference to plug evidentiary holes, this verdict might survive. But the other ev- idence on which Epic relies provides “utterly inadequate” 28 Nos. 19-1528 & 19-1613

support for a finding that TCS used confidential information apart from that incorporated into the comparative analysis. Kronisch, 150 F.3d at 128. As a result, Epic seeks to use the ad- verse inference not just to plug evidentiary holes but to hold all the water for a finding that TCS used other confidential in- formation. But Epic cannot rely on an adverse inference to do so much. In sum, Epic has not provided more than a mere scintilla of evidence in support of its theory that TCS used any of its other confidential information. This portion of the jury’s dam- ages award cannot stand. With compensatory damages sorted out, we now turn to punitive damages. C. Punitive Damages In addition to the $240 million awarded in compensatory damages, the jury initially awarded Epic $700 million in pu- nitive damages. The district court cut that award to $280 mil- lion based on a Wisconsin law capping statutory damages at two times the amount of compensatory damages, Wis. Stat. § 895.043(6). 3 The district court then denied TCS’s renewed motion for judgment as a matter of law under Rule 50(b) and TCS’s motion for a new trial under Rule 59; the court accord- ingly left the $280 million punitive-damages award intact, reasoning in part that its decision to vacate the jury’s $100 mil- lion compensatory award for use of “other information” did not affect the jury’s punitive damages verdict. Whether the district court erred in denying TCS’s Rule 50 motion is a question of law that we review de novo. Valdivia v.

3 Recall that the district court also reduced the compensatory award by $100 million, leaving $140 million in compensatory damages and $280 mil- lion in punitive damages. Nos. 19-1528 & 19-1613 29

Twp. High Sch. Dist. 214, 942 F.3d 395, 396 (7th Cir. 2019). In reviewing this decision, “[w]e view the facts and evidence in the light most favorable to [Epic], as the litigant who pre- vailed before the jury.” Id. To the extent TCS asked the district court for a new trial regarding punitive damages under Rule 59, we review the district court’s decision to deny this motion for an abuse of discretion. Abellan, 948 F.3d at 830. And be- cause the punitive damages stand on Wisconsin causes of ac- tion, the punitive-damages award must be consistent with Wisconsin law. See Kapelanski, 390 F.3d at 534. TCS presents four arguments challenging the $280 million punitive-damages award: First, TCS argues that, to receive punitive damages under Wisconsin law, the plaintiff must prove an actual injury—which Epic did not do. Second, TCS argues that the punitive-damages award here must be set aside because it may have been based on a claim that cannot support punitive damages as a matter of law. Third, TCS ar- gues that the punitive-damages award must be vacated and retried in light of the district court’s decision to vacate the $100 million compensatory-damages award. Finally, TCS ar- gues the punitive-damages award is constitutionally exces- sive. We take each in turn. 1. “Actual Injury” Requirement TCS argues that the punitive-damages award fails as a matter of law because Epic failed to prove an “actual injury.” TCS contends that under Wisconsin law, an actual injury and a damages award reflecting redress for this injury are “thresh- old requirements before punitive damages may be awarded.” TCS reasons that, because Epic did not suffer an actual injury and instead was awarded damages solely based on the benefit TCS received, Epic cannot receive punitive damages. 30 Nos. 19-1528 & 19-1613

But Wisconsin law is not as exacting as TCS argues. Ra- ther, Wisconsin law requires—for punitive damages to be awarded—the imposition of compensatory damages. TCS first cites to Tucker v. Marcus for the proposition that a plaintiff must prove “some actual injury which would justify an award of actual or compensatory damages before punitive damages may be awarded. ” 418 N.W.2d 818, 823 (Wis. 1988) (quoting Han- son v. Valdivia, 187 N.W.2d 151, 155 (Wis. 1971)). However, Tucker makes clear that the threshold requirement for puni- tive damages is an “‘award’ of actual or compensatory dam- ages” rather than an injury to the plaintiff. Tucker, 418 N.W.2d at 827. In fact, the Wisconsin Supreme Court specifically held that—even though the jury found “there had been injury suf- fered”—“punitive damages were inappropriately allowed in this case” because the plaintiff could not recover “actual dam- ages.” Id. at 823. In a more recent decision, the Wisconsin Supreme Court affirmed that compensatory damages are a sufficient predi- cate for punitive damages. “[W]e have held that ‘where there exists a “cause of action,” but the action is not one for which the recovery of compensatory damages is justified, punitive dam- ages cannot be awarded.’” Groshek v. Trewin, 784 N.W.2d 163, 173 (Wis. 2010) (emphasis added) (quoting Tucker, 418 N.W.2d at 824). Groshek, like Tucker, holds that the availability of pu- nitive damages is governed by whether compensatory dam- ages are recoverable, and not by whether an “actual injury” has been inflicted. See Groshek, 784 N.W.2d at 173; cf. Tucker, 418 N.W.2d at 830 (Heffernan, C.J., dissenting) (“Today’s ma- jority holds that [actual damages] should be defined in a man- ner that no punitive damages may be awarded in the absence of a recovery for compensatory damages.”). Nos. 19-1528 & 19-1613 31

Since Groshek, we have further expounded on when puni- tive damages are appropriate under Wisconsin law. In Pro- Pac, Inc. v. WOW Logistics Co., we stated that punitive dam- ages are recoverable under Wisconsin law regardless of whether damages are based on “gain to [the defendant] (i.e., restitutionary damages) or loss to [the plaintiff] (i.e., compen- satory damages).” 721 F.3d 781, 788 (7th Cir. 2013). This is true because Wisconsin law allows “awards of punitive damages when ‘compensatory damages’ are imposed,” and Wisconsin defines compensatory damages to include compensation, in- demnity, and restitution. Id. So, TCS is incorrect that Wisconsin law requires Epic to prove an “actual injury” to obtain punitive damages. Instead, punitive damages are available when compensatory damages are imposed, as they were in this case. Epic is therefore not barred from recovering punitive damages simply because compensatory damages were awarded for TCS’s benefit ra- ther than any injury Epic sustained. 2. Claims that Support Punitive Damages TCS next argues that the punitive-damages award must be set aside because it might have been based on one of Epic’s claims that does not support punitive damages as a matter of law. Specifically, TCS points out that Epic’s unjust enrichment claim does not support punitive damages, and there is no way to know—based on the generality of the jury’s punitive-dam- ages verdict—if that is the claim the jury used to support pu- nitive damages. We can quickly dispose of this argument. The jury was specifically instructed that it could only award punitive dam- ages “with respect to Epic’s trade secrets, fraudulent 32 Nos. 19-1528 & 19-1613

misrepresentation[,] and unfair competition claims.” “Jurors are presumed to follow a court’s instructions.” Seifert ex rel. Scoptur v. Balink, 869 N.W.2d 493, 504 (Wis. Ct. App. 2015); see also Schandelmeier-Bartels v. Chi. Park Dist., 634 F.3d 372, 388 (7th Cir. 2011) (“[W]e presume that juries follow the instruc- tions they are given.”). So we may presume that the jury based its punitive-damages award on these claims, and not on the unjust enrichment claim. And Epic’s claims for trade secrets, fraudulent misrepre- sentation, and unfair competition all allow recovery of dam- ages on a theory of gain to the defendant. Wis. Stat. § 134.90(4) (damages for a violation of Wisconsin’s trade secrets act in- clude “unjust enrichment caused by the violation”); Pro-Pac, 721 F.3d at 786 (restitutionary damages, i.e. damages based on the defendant’s benefit, are recoverable “as compensation for tort claims”). As discussed above, punitive damages can be awarded when compensatory damages—including damages based on a defendant’s gain—are imposed. Pro-Pac, 721 F.3d at 788. TCS does not dispute that Epic’s trade secrets, fraudulent misrepresentation, and unfair competition claims support an award of punitive damages; in fact, it admits these claims “could support punitive damages.” And because the jury was instructed to base punitive damages on these claims only, the punitive-damages award was not based on a claim that does not support punitive damages as a matter of law. 3. Conduct on which Punitive Award is Based TCS next argues that the punitive-damages award must be vacated and retried in light of the district court’s decision— which we affirm—to vacate the $100 million damages award Nos. 19-1528 & 19-1613 33

for TCS’s uses of other confidential information. TCS argues that when the jury determined punitive damages, it had in mind a broader range of conduct “than was legally sustaina- ble.” And because we cannot know whether the jury’s puni- tive-damages decision was based on “a permissible or imper- missible claim or theory,” we must vacate the punitive award and remand for the issue to be retried. But this argument fundamentally misunderstands puni- tive damages. Punitive damages are imposed to “punish[] un- lawful conduct and deter[] its repetition.” Trinity Evangelical Lutheran Church v. Tower Ins. Co., 661 N.W.2d 789, 798 (Wis. 2003) (emphasis added); see also Kemezy v. Peters, 79 F.3d 33, 34 (7th Cir. 1996) (“The standard judicial formulation of the purpose of punitive damages is that it is to punish the defend- ant for reprehensible conduct and to deter [the defendant] and others from engaging in similar conduct.”). Stated differ- ently, punitive damages are based on the defendant’s conduct underlying a plaintiff’s claims, not on the claims themselves. And the cases TCS cites in support of its argument provide further support for this understanding of punitive damages. Take Robertson Oil Co. v. Phillips Petroleum Co., 871 F.2d 1368 (8th Cir. 1989), as an example. The jury in that case found Phil- lips Petroleum liable for fraud, breach of the duty of good faith and fair dealing, tortious interference, and negligence. Id. at 1370. The jury also awarded Robertson Oil punitive damages. Id. But on appeal, the Eighth Circuit affirmed only the theory of tortious interference with a business relation- ship. Id. at 1375. And Phillips’s conduct “relevant to an award of punitive damages necessarily differ[ed] according to the various theories of liability on which the jury based its ver- dict.” Id. at 1376. So, because the court could not “ascertain 34 Nos. 19-1528 & 19-1613

what conduct of Phillips was determined by the jury to merit punitive damages,” the Eighth Circuit ordered the district court to retry punitive damages. Id. The Eighth Circuit in Robertson Oil did not require a retrial of punitive damages simply because it found that some of the theories of liability failed as a matter of law. Instead, the em- phasis was on the conduct underlying these theories. Because the court could not be sure which of Phillips’s conduct led the jury to believe punitive damages were necessary, and some of that conduct did not warrant damages as a matter of law, a new trial was necessary. This understanding of punitive dam- ages holds true throughout the cases TCS cites in support of its argument. See, e.g., CGB Occupational Therapy, Inc. v. RHA Health Servs. Inc., 357 F.3d 375, 390 (3d Cir. 2004) (reversing punitive damages because it was unclear which act of tortious interference formed the basis of punitive damages when the plaintiff interfered with two distinct contracts); Marrero v. Goya of P.R., Inc., 304 F.3d 7, 30 (1st Cir. 2002) (affirming a har- assment claim, reversing a retaliation claim because there was no evidence of an adverse personnel action, and requiring a new trial on punitive damages because the court could not be sure if punitive damages were based on the erroneous retali- ation finding). So, a punitive-damages award requires a new trial only when (1) the claims of liability supporting punitive damages are based on different underlying conduct by the defendant, and (2) one of those claims (and therefore the conduct under- lying that claim) is found to be unsupported as a matter of law. TCS argues that different conduct underlies the two sep- arate compensatory-damages awards, and we cannot know which conduct led the jury to award punitive damages. Nos. 19-1528 & 19-1613 35

But the conduct underlying both compensatory-damages awards was the same. One compensatory-damages award was based on the “benefit of TCS’s use of [the] comparative analysis” and the other was based on the “benefit of TCS’s use of other confidential information.” The key distinction be- tween these two compensatory awards is information, not con- duct. By awarding damages for TCS’s uses of “other confiden- tial information,” the jury did not have to find any uses—or any conduct—that differed from the uses and conduct under- lying the comparative-analysis portion of the compensatory award. Based on reasonable inferences drawn in Epic’s favor, a jury could conclude that TCS used the comparative analysis (and therefore Epic’s information incorporated into that anal- ysis) to improve its marketing strategy, to try to enter the United States market, and to generally improve Med Mantra before attempting to sell it to Kaiser. And these are the only uses that can be found in the record; TCS does not point us to a single use of Epic’s information that is not also a use that the jury could reasonably infer stemmed from the comparative analysis. So, the overall conduct underlying these two verdicts is the same. TCS stole thousands of Epic’s documents, lied about it, covered it up, and used Epic’s information in a variety of ways. This course of conduct is the same regardless of whether the jury incorrectly found that this course of conduct included the use of a few more pieces of Epic’s information. Whether the jury found that TCS received an additional ben- efit based on other confidential information does not affect the jury’s assessment of TCS’s overall conduct. So, our determi- nation that TCS did not use “other confidential information” does not disturb the jury’s punitive-damages award. 36 Nos. 19-1528 & 19-1613

4. Constitutionality of the Punitive-Damages Award TCS finally argues that the punitive-damages award of $280 million violates its due process rights under the federal constitution and Wisconsin law. We review these questions de novo. Rainey v. Taylor, 941 F.3d 243, 254 (7th Cir. 2019); Trinity Evangelical Lutheran Church, 661 N.W.2d at 799. The Due Process Clause of the Fourteenth Amendment imposes constitutional limitations on punitive damages. State Farm Mut. Auto. Ins. Co. v. Campbell, 538 U.S. 408, 416–17 (2003). Punitive damages may be imposed to further a state’s legitimate interests in imposing punishment for and deterring illegal conduct, but punitive damages violate due process when the award is “‘grossly excessive’ in relation to these in- terests.” BMW of N. Am., Inc. v. Gore, 517 U.S. 559, 568 (1996). The Supreme Court, in testing awards of punitive damages for compliance with due process, has established three “guideposts”: “(1) the reprehensibility of the defendant’s con- duct; (2) the disparity between the actual harm suffered and the punitive award; and (3) the difference between the award authorized by the jury and the penalties imposed in compa- rable cases.” Rainey, 941 F.3d at 254 (citing Gore, 517 U.S. at 575). Wisconsin courts apply a “virtually identical test.” Trin- ity Evangelical Lutheran Church, 661 N.W.2d at 800. 4

4 Wisconsin courts consider the factors most relevant to the case at hand, with those factors coming from the following list: (1) the grievousness of the acts, (2) the degree of malicious intent, (3) whether the award bears a reasonable relationship to the award of compensatory damages, (4) the potential damage that might have been caused by the act, (5) the ration of the award to civil or criminal penalties that could be imposed for compa- rable misconduct, and (6) the wealth of the wrongdoer. Trinity Evangelical Lutheran Church, 661 N.W.2d at 800. Nos. 19-1528 & 19-1613 37

The Supreme Court’s first guidepost—reprehensibility of the defendant’s conduct—is the most important. Gore, 517 U.S. at 575. In determining the reprehensibility of the defend- ant’s conduct, we consider five factors: whether the harm caused was physical as opposed to eco- nomic; the tortious conduct evinced an indifference to or a reckless disregard of the health or safety of others; the target of the conduct had financial vul- nerability; the conduct involved repeated actions or was an isolated incident; and the harm was the result of intentional malice, trickery, or deceit, or mere ac- cident. Campbell, 538 U.S. at 419. If none of these factors weigh in fa- vor of the plaintiff, the award is “suspect.” Id. And even if one factor weighs in the plaintiff’s favor, that may not be enough to sustain the punitive award. Id. And finally, since a plaintiff is presumed to be made whole by the compensatory award, punitive damages should be awarded only if the defendant’s conduct is “so reprehensible as to warrant the imposition of further sanctions to achieve punishment or deterrence.” Id. The first factor asks us to consider if the harm was physical as opposed to economic. Id. Conduct producing physical harm is more reprehensible than conduct producing eco- nomic harm. See Gore, 517 U.S. at 576. Epic did not suffer phys- ical harm as a result of TCS’s conduct. So this factor weighs against finding TCS’s conduct reprehensible. Turning to the second factor, we do not believe that TCS’s conduct evinced an indifference to or a reckless disregard of the safety of others. Epic does not attempt to persuade us oth- erwise. This factor also weighs against finding TCS’s conduct reprehensible. 38 Nos. 19-1528 & 19-1613

The third factor—the financial vulnerability of the target of the defendant’s conduct—stands for the proposition that conduct is more reprehensible if it impacts financially vulner- able plaintiffs. See, e.g., Saccameno v. U. S. Bank Nat’l Ass’n, 943 F.3d 1071, 1087 (7th Cir. 2019); EEOC v. AutoZone, Inc., 707 F.3d 824, 839 (7th Cir. 2013). Epic, one of the largest producers of electronic-health-record software, is not financially vulner- able. This factor again weighs against finding TCS’s conduct reprehensible. Applying the fourth factor, TCS’s conduct did involve a repeated course of wrongful acts. Epic presented evidence that TCS knew it lacked authority to access confidential infor- mation from UserWeb. Yet TCS employees still accessed and downloaded Epic’s confidential information for years, down- loading over 1,600 unique documents from UserWeb and gaining access to information that Epic specifically forbid TCS from accessing. This factor weighs in favor of finding TCS’s conduct reprehensible and provides support for some award of punitive damages. As for the last factor—whether the harm was the result of intentional malice, trickery or deceit, or mere accident—TCS argues that Epic suffered no harm. Specifically, TCS contends that because Epic was not deprived of the enjoyment of its software, did not lose business, and did not face any new competition, there could not have been any harm to Epic. But even though it is hard to quantify, Epic likely suffered a com- petitive harm; TCS, a potential competitor, had access to Epic’s confidential information for years without Epic’s knowledge. This gave TCS insight into the strengths and weaknesses of Epic’s software, regardless of whether TCS was able to turn that knowledge into a direct economic harm to Nos. 19-1528 & 19-1613 39

Epic. Cf. United Tech. Corp. v. U.S. Dept. of Def., 601 F.3d 557, 564 (D.C. Cir. 2010) (discussing, for purposes of what consti- tutes “confidential information” under an exemption to the Freedom of Information Act, what constitutes substantial competitive harm). We can also think of at least one economic harm, albeit minor, that Epic suffered as a result of TCS’s con- duct. Epic, after it became aware of TCS’s unlawful access to UserWeb, had to expend time and resources investigating the extent to which TCS had accessed Epic’s confidential infor- mation and trade secrets. And these harms were the result of TCS’s repeated, inten- tional attempts to deceive Epic. See Gore, 517 U.S. at 576 (not- ing that deceit is more reprehensible than negligence). Epic repeatedly denied Kaiser’s and TCS’s requests to allow TCS access to UserWeb. But TCS gained access to UserWeb through other means, using Gajaram’s account, which he ob- tained by falsely identifying as a Kaiser employee. The jury heard testimony that Gajaram’s account information was shared throughout TCS and was frequently used to download and share Epic’s confidential information. TCS employees also lied to prevent Kaiser and Epic from discovering that TCS had access to Epic’s UserWeb. A TCS employee testified that his manager told him to hide the truth from investigators. This employee obeyed these instructions and lied to investigators, telling them that he had only ac- cessed UserWeb one time when he knew he had accessed it more than once. The harms to Epic resulted from TCS’s deceitful conduct. This factor weighs in favor of finding TCS’s conduct repre- hensible and supports some award of punitive damages. 40 Nos. 19-1528 & 19-1613

In sum, we agree with the district court that TCS’s conduct warrants punishment. But TCS’s conduct was not reprehensi- ble “to an extreme degree.” Saccameno, 943 F.3d at 1088. TCS caused no physical harm to Epic. TCS also did not recklessly disregard the safety of others. And Epic is not a financially vulnerable plaintiff. But TCS’s conduct consisted of a re- peated course of wrongful actions spanning multiple years. TCS’s conduct was also intentional and deceitful, not negli- gent. We therefore conclude that TCS’s conduct justifies pun- ishment, though not in the amount of a $280 million punitive- damages award. Turning to the Supreme Court’s second guidepost, we an- alyze the ratio of punitive damages to the “harm, or potential harm” inflicted on the plaintiff. Campbell, 538 U.S. at 424. In most cases, the compensatory-damages award approximates the plaintiff’s harm. In those cases, identifying the ratio is straightforward: we compare compensatory and punitive- damages awards. See, e.g., Rainey, 941 F.3d at 255. But in some cases, the jury’s compensatory-damages award does not re- flect the plaintiff’s quantifiable harm. Still, we may account for that harm in the harm-to-punitive-damages ratio. See Som- merfield v. Knasiak, No. 18-2045, 2020 WL 4211297, at *5 (7th Cir. July 23, 2020). The circumstances of this case, however, present an unu- sual issue in determining the amount of “harm” under this guidepost. The jury awarded $140 million in compensatory damages based on the benefit to TCS, not because of any harm suffered by Epic. This award, then, does not reflect Epic’s harm. And if Epic suffered quantifiable economic harm, that harm is significantly smaller than $140 million, which would in turn drastically change the relevant ratio. If we had to Nos. 19-1528 & 19-1613 41

quantify that harm to arrive at the appropriate ratio, applying the second due-process guidepost would pose a challenging task. But TCS makes no argument here—and did not argue to the district court—that we should compare any number be- sides compensatory damages to the punitive-damages award. See Puffer v. Allstate Ins. Co., 675 F.3d 709, 718 (7th Cir. 2012) (underdeveloped arguments are waived). In fact, most of its argument under this guidepost emphasizes the size of the compensatory award as a reason the punitive-damages award violates due process. TCS has thus waived any argument that the compensatory award is the incorrect denominator in the ratio analysis. And at least one other court has compared an unjust enrichment award to the punitive-damages award un- der this guidepost when state law allowed punitive damages to be imposed for the underlying claim. See Rhone-Poulenc Agro, S.A. v. DeKalb Genetics Corp., 272 F.3d 1335, 1351 (Fed. Cir. 2001) (concluding it is appropriate to base punitive dam- ages on an unjust enrichment award when the defendant’s gain “is logically related” to the plaintiff’s “harm or potential harm”), vacated, 538 U.S. 974 (2003), remanded to 345 F.3d 1366 (2003) (reaching the same result as to punitive damages). So, we will conduct the ratio analysis using the $140 million com- pensatory award as the denominator. In conducting this analysis, the Supreme Court has de- clined to set a fixed ratio limiting punitive damages. Campbell, 538 U.S. at 425 (“[T]here are no rigid benchmarks that a puni- tive damages award may not surpass … .”). The Supreme Court has, however, noted that “few awards exceeding a sin- gle-digit ratio between punitive and compensatory dam- ages … will satisfy due process.” Id. 42 Nos. 19-1528 & 19-1613

The punitive award in this case—after the district court lowered it to comply with Wisconsin’s statutory cap on puni- tive damages—is two times the ultimate compensatory award. Our court and Wisconsin courts have upheld signifi- cantly higher ratios. See, e.g., Rainey, 941 F.3d at 255 (affirming a 6:1 ratio); Mathias v. Accor Econ. Lodging, Inc., 347 F.3d 672, 676–78 (7th Cir. 2003) (affirming a 37:1 ratio); Kimble v. Land Concepts, Inc., 845 N.W.2d 395, 412 (Wis. 2014) (finding a 3:1 ratio appropriate and constitutional); Trinity Evangelical Lu- theran Church, 661 N.W.2d at 803 (affirming a 7:1 ratio). But the compensatory damages here are high. The Su- preme Court has noted that “[w]hen compensatory damages are substantial, then a lesser ratio, perhaps only equal to com- pensatory damages, can reach the outermost limit of the due process guarantee.” Campbell, 538 U.S. at 425. And the $140 million award in this case far exceeds what other courts have considered “substantial.” See Lompe v. Sunridge Partners, LLC, 818 F.3d 1041, 1069 (10th Cir. 2016) (“[I]n many cases, com- pensatory damages less than $1,000,000 have also been con- sidered substantial.”). In fact, neither party points us to any comparable cases in which any court has upheld a 2:1-or- higher ratio resulting in over $200 million in punitive dam- ages.5

5 Epic only cites to one case with a relatively comparable award, Yung v. Grant Thornton, LLP, 563 S.W.3d 22, 73 (Ky. 2018) (upholding $80 million in punitive damages, resulting in a 4:1 ratio). It’s true that in Yung, like in this case, only the last two reprehensibility factors weighed in favor of al- lowing punitive damages. Id. at 67. But the economic harm suffered by the plaintiffs in Yung distinguishes that case from the circumstances here. In Yung, the plaintiffs suffered substantial, quantifiable economic harm, in- cluding millions of dollars in taxes, interest, and fees owed to the IRS. Id. at 57. Here, there is hardly evidence that Epic suffered any economic Nos. 19-1528 & 19-1613 43

Many courts have instead found awards “substantial” and imposed a 1:1 ratio based on significantly lower compensa- tory awards. See Saccameno, 943 F.3d at 1090 (gathering cases where courts have imposed a 1:1 ratio when the compensa- tory award is less than $1 million); cf. Estate of Moreland v. Di- eter, 395 F.3d 747, 756–57 (7th Cir. 2005) (affirming a $15 mil- lion punitive-damages award that was “a fraction of the un- derlying compensatory damages award” and was based on “truly reprehensible” conduct). Still, the precise award must be based on “the facts and circumstances of the defendant’s conduct and the harm to the plaintiff.” Campbell, 538 U.S. at 425; cf. Sommerfield, 2020 WL 4211297, at *6 (noting that sanc- tions should be based on the wrong done rather than the de- fendant’s wealth). The facts and circumstances of this case do not justify awarding $280 million in punitive damages. As noted above, three of the five reprehensibility factors weigh against the rep- rehensibility of TCS’s conduct. TCS’s conduct was reprehen- sible, but not to an extreme degree. See, e.g., Bridgeport Music, Inc. v. Justin Combs Publ’g, 507 F.3d 470, 490 (6th Cir. 2007) (based on “the low level of reprehensibility of defendants’ conduct, a ratio of closer to 1:1 or 2:1 is all that due process can tolerate in this case”). But see, e.g., Rainey, 941 F.3d at 255 (“the truly egregious nature” of the defendant’s acts of sexual objectification and assault justified “the size of [the] punitive award even with [a] significant compensatory award”); Ma- thias, 347 F.3d at 675–78 (affirming a 37:1 ratio in part because

harm; the compensatory award was based on TCS’s benefit. And any po- tential future economic harm has not been quantified. 44 Nos. 19-1528 & 19-1613

the motel company refused to have bed bugs in hotel rooms exterminated when it was aware of the risk to its customers). And although TCS’s actions did harm Epic, that harm does not support the size of the punitive-damages award. Cf. Rainey, 941 F.3d at 254–55 (affirming a punitive-damages award six times larger than the $1.13 million compensatory award in part because the plaintiff suffered “pain and humil- iation” as a result of the defendant’s groping and acts of sex- ual objectification); In re Exxon Valdez, 472 F.3d 600, 623–25 (9th Cir. 2006), amended 490 F.3d 1066, (reducing punitive damages to $2.5 billion, reflecting a 5:1 ratio with compensa- tory damages, where the plaintiff caused severe economic harm and emotional harm to thousands of people by spilling 11 million gallons of crude oil into United States waters). We therefore conclude—based on the substantial compen- satory award and the circumstances of this case—that a 2:1 ratio exceeds the outermost limit of the due process guaran- tee. See Campbell, 538 U.S. at 425. Instead, the ratio relative to the $140 million compensatory award should not exceed 1:1. We now turn to the final guidepost: the difference between the punitive award authorized by the jury and civil penalties imposed in comparable cases. Although “this guidepost gen- erally deserves less weight than the other two,” Rainey, 941 F.3d at 255, it serves an important purpose: to “allow[] courts to show ‘substantial deference to legislative judgments con- cerning appropriate sanctions for the conduct at issue.’” Auto- Zone, 707 F.3d at 840 (7th Cir. 2013) (quoting Gore, 517 U.S. at 583). TCS has made no argument about this guidepost and has thus waived any argument that it points toward the award Nos. 19-1528 & 19-1613 45

being unconstitutional. Although TCS has not pointed us to a single relevant civil penalty for comparison, we recognize that both the $280 million award the district court entered, and a $140 million award that would reflect a 1:1 ratio, comply with Wisconsin’s statutory cap on punitive damages. That cap is one indication of what the Wisconsin legislature has judged to be an inappropriate sanction for reprehensible conduct: any punitive award exceeding a 2:1 ratio is inappropriate. Wis. Stat. § 895.043(6); see AutoZone, 707 F.3d at 840 (“We rec- ognize that this statutory cap suggests that an award of dam- ages at the capped maximum is not outlandish.”). So, the final guidepost does not point toward a $280 million or $140 mil- lion punitive-damages award being unconstitutional. In sum, we conclude that the federal constitution prohibits a punitive-damages award here exceeding a 1:1 ratio with the $140 million compensatory award. And TCS only mentions Wisconsin law to point out that Wisconsin courts apply a test substantively identical to the federal test analyzed above. So, TCS has waived any argument that Wisconsin law might pro- duce a different result. We therefore remand for the district court to amend its judgment and reduce punitive damages to, at most, $140 million. III. CONCLUSION The jury heard plenty of evidence that TCS stole Epic’s confidential information and incorporated it into a compara- tive-analysis spreadsheet. And, drawing all inferences in fa- vor of Epic, the jury could conclude that TCS used the com- parative analysis for a variety of purposes, including the im- provement of Med Mantra. However, the jury did not hear any evidence that would allow it to infer that any of Epic’s other information was used by TCS. 46 Nos. 19-1528 & 19-1613

Pursuant to the reasoning set forth above, the judgment of the district court upholding the jury’s $140 million compen- satory-damages award connected to the comparative analysis is AFFIRMED; and, the judgment of the district court vacating the jury’s $100 million compensatory damages award for TCS’s use of other information is also AFFIRMED. Further, the judgment of the district court awarding $280 million in punitive damage is VACATED as it exceeds the outermost limit of the Due Process guarantee in the Constitu- tion; and, the issue of the amount of punitive damages is REMANDED with instruction to the district court to reduce the punitive-damages award consistent with the analysis in this opinion.