Pennsylvania v. Navient Corp.

348 F. Supp. 3d 394

• Court: District Court, M.D. Pennsylvania
• Decided: October 17, 2018
• Docket: 3:17-CV-1814
• Status: Published

Opinion

Robert D. Mariani, United States District Judge

I. INTRODUCTION

Through this lawsuit, the Commonwealth of Pennsylvania (the "Commonwealth") seeks to hold Navient Corporation and Navient Solutions, LLC, (collectively, "Navient") liable for conduct that has allegedly harmed student loan borrowers in Pennsylvania, as well as student loan borrowers nationwide. Specifically, the Commonwealth contends *396that Navient has committed a variety of unfair, deceptive, and abusive practices in connection with the origination and servicing of student loans in violation of the Consumer Financial Protection Act ("CFPA"), 12 U.S.C. § 5536, and the Pennsylvania Unfair Trade Practices and Consumer Protection Law ("CPL"), 73 P.S. § 201-1, et seq. (Doc. 1). Presently before the Court is a dispute that has arisen during the course of discovery.

Per the procedure of the Court, the Commonwealth, rather than filing a motion, filed a letter with the Court on August 17, 2018 identifying the dispute. (Doc. 35). In particular, the Commonwealth stated that Navient was refusing to produce certain student loan borrower records "on the basis of purported Privacy Act concerns." (Id. at 1). The Commonwealth recounted that it had requested the records directly from Navient in April 2018, but that Navient subsequently informed the Commonwealth that the Department of Education ("ED") denied permission for Navient to release the records to the Commonwealth. (Id. at 2). The Commonwealth stated that it then went directly to ED to obtain the records, but ED refused to release the records, and requested that the Commonwealth submit "another request that addressed new concerns of the Department-concerns that ED did not mention in its initial May 4 letter [to Navient refusing to allow Navient to release the records]." (Id. ) The Commonwealth further contended that Navient's resort to the Privacy Act as a basis to refuse production of the records was denied by the Court in a related case involving the Consumer Financial Protection Bureau ("CFPB") pursuing similar claims against Navient ("CFPB-Navient matter"). (Id. at 2); see CFPB v.Navient Corp. , Case No. 3:17-cv-101, 2018 WL 3824367 (Aug. 10, 2018). The Commonwealth's letter closed with a request that "the Court issue an order requiring Navient to produce all documents it is refusing to produce on the basis of purported Privacy Act concerns." (Doc. 35 at 2).

In an August 20, 2018 letter, Navient responded to the Commonwealth's letter. (Doc. 36). Navient contended that "[w]hile we recognize that this Court recently ordered the production of [the borrower] data to the Consumer Financial Protection Bureau ... for the reasons set forth below, it would be both premature and inappropriate to order the production of the vast amount of data here." (Id. at 1). Navient's "reasons" in its letter included: (1) the borrower records, while in the physical possession of Navient, are legally owned by ED, and Navient is prohibited from releasing them to the Commonwealth pursuant to its contract with ED, the Privacy Act, and other federal regulations, (id. at 2-4); and (2) the procedural posture of the matter, that is, Navient's motion to dismiss remains pending, which Navient submits means that "this Court's resolution of the pending motion may limit-or even preclude-the need for much of the discovery sought by the Commonwealth," (id. at 5). Navient also argued that the Court:

would benefit from inviting ED to submit a formal statement of the government's position to the Court. See 28 U.S.C. § 517. ED's legal ownership, custody, and control of the underlying data gives the United States a clear, direct, and obvious interest in this subject matter, and before this Court takes any action that might compromise the government's interests, ED should be provided an opportunity to evaluate potential objections to the production of its data as well as the burden of providing the required notice to borrowers whose information would be subject to disclosure.

(Doc. 36 at 4-5). Navient ended its letter with a request that the Court deny the *397Commonwealth's request for the borrower data and instruct the Commonwealth to go directly to ED and request the borrower data in compliance with ED's regulations (also known as "Touhy " regulations, 34 C.F.R. §§ 8.1 - 8.5 ). (Doc. 36 at 6). In the alternative, Navient requested that the Court invite ED to submit a formal statement of interest regarding the issue, wait to decide the issue until receiving such a formal statement, and stay all discovery relating to the borrower records until after Navient's motion to dismiss is decided by the Court. (Id. )

The parties appeared telephonically before the Court on October 10, 2018. For the reasons that follow, the Court will order that Defendants produce student loan borrower records previously withheld on the basis of the Privacy Act, 5 U.S.C. § 552a ; that the parties confer about potential burden, scope, and relevancy issues related to the production of the records; and in the event they are not able to resolve these issues, seek Court guidance and ruling.

II. ANALYSIS

The question presented in this discovery dispute is essentially identical to the question previously decided by the Court in the CFPB-Navient matter: can Navient entirely withhold production of student loan borrower records that are in the physical possession of Navient because they may be "legally" owned by ED? In presenting its position, Navient mainly attempts to retread its previous Privacy Act-related arguments made in the related CFPB-Navient matter. However, during its October 10, 2018 telephonic appearance before the Court, Navient insisted that other federal statutes and regulations also bear upon the dispute, including, but not limited to the Federal Information Security Management Act of 2002 ("FISMA"), Pub. L. No. 107-347, 116 Stat. 2946 (2002) ; Pub. L. No. 107-296, 116 Stat. 2259 (2002).See also Federal Information Security Modernization Act of 2014, Pub. L. No. 113-283, 128 Stat. 3073 (2014).

A. "Legal" Ownership, the Privacy Act, and Related Federal Statutes and Regulations

Navient's first argument is that the disputed borrower records are in the legal control of ED, and that Navient's contract with ED, as well as federal laws and regulations, including the Privacy Act, prohibit the release of the records without ED's blessing. Navient attempts to frame this argument as something that the Court did not previously consider in its earlier ruling in the CFPB-Navient matter: "[t]he CFPB Order did not consider the impact of either (A) Navient's contract with ED or (B) ED's regulations on the question of who possesses, controls, or has custody of the records." (Doc. 36 at 4). However, the Court did previously consider and reject Navient's position, and the slight variations to Navient's argument presented in this matter do not change the Court's conclusion that Navient is required to produce the borrower records.

First, and most importantly, there is no dispute that the borrower records at issue are in the physical possession of Navient, even if they are in the "legal" possession of ED.¹ The Court reaffirmed its *398understanding of this fact at the October 10 telephone conference. Under Fed. R. Civ. P. 34(a)(1), requests can be made for production of documents, electronically stored information, and things in "the responding party's possession, custody, or control." Numerous courts, in this Circuit and beyond, have ruled that physical possession of documents is enough for the purposes of Rule 34(a)(1). See, e.g., In re Sunrise Sec. Litig. , 109 B.R. 658, 661 (E.D. Pa. 1990) ("Under [ Rule 34(a) ], legal ownership of a document is not determinative. Possession or control over the documents is sufficient to permit a request for production."); Devon Robotics v. DeViedma , No. 09-cv-3552, 2010 WL 3985877, at *2 (E.D. Pa. Oct. 8, 2010) ; In re Bankers Trust Co. , 61 F.3d 465, 469-71 (6th Cir. 1995). The Court asked Navient's counsel at the October 10 telephone conference if he had any legal authority to cite to the contrary in support of its argument that "legal" possession is necessary under Rule 34, and he did not.

Navient's protest that its particular circumstances should somehow excuse compliance with the requirements of Rule 34 is unconvincing. The Court has already addressed some of Navient's excuses to fail to produce the borrower records, including the Privacy Act, which mandates certain protections for and prohibitions on disclosure of federal records. As the Court indicated in its ruling in the CFPB-Navient matter:

Despite the Privacy Act's general prohibition on disclosure of records, the Court agrees with the rulings of numerous courts that have found that the Privacy Act does not create a qualified discovery privilege. See, e.g., Laxalt v. McClatchy , 809 F.2d 885, 888 (D.C. Cir. 1987) ("The Privacy Act, however, does not create a qualified discovery privilege as that concept is generally understood, and we find no basis in the statute or its legislative history for inferring one."). "Therefore, a party can invoke discovery of materials protected by the Privacy Act through the normal discovery process and according to the usual discovery standards, and the test of discoverability is the relevance standard of FRCP 26(b)(1)." Forrest v. U.S. , No. CIV.A. 95-3889, 1996 WL 171539, at *2 (E.D. Pa. Apr. 11, 1996) (citing Laxalt , 809 F.2d at 889 ). Indeed, the Privacy Act's inclusion of an exception for release of records pursuant to court order, 5 U.S.C. § 552a(b)(11), "make[s] it completely clear that the [Privacy] Act cannot be used to block the normal course of court proceedings, including court-ordered discovery." Adelman v. Brady , CIV.A. No. 89-4714, 1990 WL 39147, at *2 (E.D. Pa. Mar. 28, 1990). Thus, Defendants cannot rely on the Privacy Act to resist Plaintiffs document requests for borrower documents, made in the course of discovery.

Navient , 2018 WL 3824367, at *3 (full citations added). Indeed, both the Privacy Act and ED's internal regulations implementing the Privacy Act contain exemptions to the prohibition on disclosure in the context of court ordered discovery. See 5 U.S.C. § 552a(b)(11) (records can be released "pursuant to the order of a court of competent jurisdiction); 34 C.F.R. § 5b.9(b)(11) (same).

The In re Bankers Trust case, 61 F.3d 465 (6th Cir. 1995), while not binding on this Court, is particularly instructive on the issue of ED's internal Privacy Act regulations and why the regulations do not prevent production of the borrower records. In that matter, the Sixth Circuit ruled that the Federal Reserve did not have "the power to promulgate regulations in direct contravention of the Federal *399Rules of Civil Procedure," when its internal regulations, which stated that certain records physically possessed by banks remained the legal property of the Federal Reserve, prohibited disclosure by the banks in litigation discovery. In re Bankers Trust , 61 F.3d at 470. "To allow a federal regulation issued by an agency to effectively override the application of the Federal Rules of Civil Procedure, and in essence, divest a court of jurisdiction over discovery, the enabling statute must be more specific than a general grant of authority as found here." Id. In making this ruling, the Sixth Circuit referred to, among other enabling statutes, 5 U.S.C. § 301, which is also one of the enabling statutes for ED's Privacy Act regulations and is a "general housekeeping statute" that "does not provide 'substantive rules' regarding disclosure of government information." In re Bankers Trust , 61 F.3d at 470 ; see also 5 U.S.C. § 301 (also noting "[t]his section does not authorize withholding information from the public or limiting the availability of records to the public"). Similarly, Navient's reference in its August 20 letter to a federal regulation stating that records and data created for government use in the hands of federal contractors are federal records and are subject to the Privacy Act, 36 C.F.R. § 1222.32(b), also misses the point. (Doc. 36 at 4). The Privacy Act does not bar disclosure of the borrower records.

Navient raises new arguments regarding its contract with ED and another federal statute, FISMA, and its associated regulations, but these too are unavailing. Navient argues that "ED's contract with Navient expressly and unambiguously bars Navient from asserting or exercising any control over the data and records at issue...." (Doc. 36 at 2). This statement ignores the admissions by Navient in the teleconference held in this matter on October 10, 2018 that Navient is in physical possession of the data sought by the Commonwealth. For instance, these admissions from Navient include: "[l]n its role of a contractor to ED, Navient happens to have built the server that contains that data and maintains it on ED's behalf." (Doc. 43 at 9:15-17). And the admissions further include the following, when Navient referenced the CFPB-Navient matter:

I think, when this issue was in front of [the Court] before the CFPB, there was no dispute in front of [the Court], and Navient did not dispute that, as a factual matter, right, it physically possesses this data. As I've said before, and I'm not walking that back now, as I said before, the data resides on a server that Navient built on a Navient property.

(Doc. 43 at 13:14-19). While the Court is sympathetic to Navient's desire to not violate its contract with ED or act against the apparent directives of ED with respect to production of the borrower records, Navient's contract with ED is not a privilege that prevents Navient from producing the borrower records, and Navient cites no legal authority in support of such a proposition. Moreover, provisions in Navient's contract with ED, a portion of which was attached to Navient's August 20, 2018 letter, cast serious doubt on Navient's argument that compliance with the Commonwealth's request for documents would breach its contract with ED. The contract states that "[s]ervicers will be required to meet all statutory and legislative requirements," and "[t]he servicer shall comply with all of the following standard items related to record management," followed by citations to various federal laws, including the Privacy Act. (Doc. 36-1 at A3, A15). As previously noted, the Federal Rules of Civil Procedure require disclosure of documents as part of discovery, Fed. R. Civ. P. 34, and the Privacy Act also indicates that federal records may be disclosed in discovery, 5 U.S.C. § 552a(b)(11). Thus, on one reading of these contractual provisions, *400Navient, complying with federal law by properly disclosing the records, would be complying with its contract.

FISMA, which Navient only referenced at the October 10 telephone conference, also does not provide Navient with an avenue to resist production of the borrower records. At the October 10 telephone conference, Navient contended that the information security requirements imposed by FISMA on federal record information systems, like those managed by Navient, mean that there are special considerations regarding a release of federal records outside of the federal government. FISMA and its additions in the Federal Information Security Modernization Act of 2014 mandate that: "the Director of the Office of Management and Budget shall, on the basis of proposed standards developed by the National Institute of Standards and Technology ... and in consultation with the Secretary of Homeland Security, promulgate information security standards pertaining to Federal information systems." 40 U.S.C. § 11331(b)(1)(A). However, Navient pointed to nothing in FISMA or its associated regulations that would trump the requirements of Rule 34 or provide a privilege for a federal contractor to refuse to produce records properly requested by a state agency in the course of discovery. In fact, FISMA explicitly recognizes that its mandated information security standards do not affect the authority of "the head of any agency, with respect to the authorized use or disclosure of information, including with regard to the protection of personal privacy under section 552a of title 5 [the Privacy Act]." 44 U.S.C. § 3558. Thus, by its plain language, FISMA countenances that information protected by mandated information security standards may be released in accordance with the Privacy Act, which, as previously noted, provides for a release of protected records in court-ordered discovery. See 5 U.S.C. § 552a(b)(11) ; cf. Long v. Immigration & Customs Enf't , 149 F.Supp.3d 39, 54 (D.D.C. 2015) (citing 44 U.S.C. § 3558, stating that it "does not alter agencies' obligations under [the Freedom of Information Act]," and denying government agency reliance on § 3558 as a reason to refuse disclosure of information under the Freedom of Information Act).

Navient's final appeal that is connected to its various statutory and regulatory-related arguments is that requiring production of the borrower records from Navient, a federal contractor, "would have serious consequences not only in this case, but in scores of other matters: [because] [i]t effectively would prevent federal agencies from controlling access to their data whenever the federal government engages an outside contractor to provide services...." (Doc. 36 at 4). However, that is a risk that any party, federal agency or otherwise, takes when it outsources the possession and management of its records to another. Navient does not point to any legal authority to suggest to the contrary. Accordingly, the Court rejects Navient's arguments put forth in support of its refusal to produce the borrower records.

B. The Pending Motion to Dismiss

Navient's second argument relates to the current procedural posture of this case. Here, unlike the CFPB-Navient matter, there is a pending motion to dismiss the action, based, in part, on preemption and preclusion grounds. (Doc. 16). Navient contends that "[w]here a party's whole lawsuit may be dismissed, its need to access even the most relevant data is entirely speculative, ..., and even if that need were compelling (which it is not), there would be no prejudice in waiting until the Court resolves the pending motion to dismiss." (Doc. 36 at 6). The Commonwealth argues that the motion to dismiss "is not a principled distinction" between this case and the CFPB-Navient matter, and that *401there has been no stay on discovery in this case, and none requested by Navient until now. (Doc. 35 at 2).

The Court will not withhold its ruling on this discovery dispute, nor will it stay discovery of the borrower records entirely, merely because there is a motion to dismiss pending. There is nothing in the Federal Rules of Civil Procedure that mandates that discovery should not proceed before a motion to dismiss is decided. To the contrary, the timing set forth for discovery-related tasks in the Federal Rules, including for the parties' discovery planning conference under Fed. R. Civ. P. 26(f) and the court's issuance of a scheduling order under Fed. R. Civ. P. 16(b), indicates that it is expected that the parties in litigation will expeditiously begin discovery soon after a case is filed. "A stay of discovery is not appropriate solely because a motion to dismiss is pending." Babalola v. Donegal Mut. Ins. Co. , No. 1:08-CV-621, 2008 WL 5278393, at *1 (M.D. Pa. Dec. 18, 2008) (citing 19th Street Baptist Church v. St. Peters Episcopal Church , 190 F.R.D. 345, 349 (E.D. Pa. 2000) ). The Court notes that it is within its discretion to stay discovery based on a balancing of the "relative benefit and harm that would ensue to each party from the grant or denial of a stay." 19th Street Baptist Church , 190 F.R.D. at 349. However, Navient has not presented sufficient evidence to persuade the Court that a stay is now necessary, particularly when Navient is only raising this request months after discovery began and its motion to dismiss was filed, and when Navient has already been ordered by the Court to produce what appear to be very similar or identical borrower records in the CFPB-Navient matter.

C. Formal Statement of Interest from ED

Finally, Navient urges the Court to invite ED to submit a formal statement of interest regarding the discovery dispute, citing 28 U.S.C. § 517. That statute provides that:

The Solicitor General, or any officer of the Department of Justice, may be sent by the Attorney General to any State or district in the United States to attend to the interests of the United States in a suit pending in a court of the United States, or in a court of a State, or to attend to any other interest of the United States.

Id. Neither this statute, nor Rule 24 of the Federal Rules of Civil Procedure, which addresses the intervention of interested parties, mandates that the Court must sua sponte invite ED to participate in this dispute. See, e.g. , Fed. R. Civ. P. 24(a)(2) (the Court "may" allow intervention by a government officer or agency "[o]n timely motion"). Nor does this dispute appear to present a situation where "the constitutionality of any Act of Congress affecting the public interest is drawn in question, [where] the [C]ourt should certify such fact to the Attorney General." 28 U.S.C. § 2405(a). ED is free on its own accord to move the Court to intervene in this case. However, the Court will not further delay this case in the interim.²

*402III. CONCLUSION

For the reasons outlined above, the Court will order Navient to produce the disputed borrower records.³ The parties are also ordered to meet and confer to resolve potential burden, scope, and relevancy issues related to the production of the records, which the Court has previously and repeatedly noted have not as of yet been ripe for Court consideration.⁴ In the event the parties are not able to resolve these issues, they should so inform the Court and in doing so, precisely delineate the disputes that they are unable to resolve. A separate Order follows.

1 The Court makes this determination based on the representations of the parties in this matter, and Navient's counsel in the CFPB-Navient matter. However, the Court notes that neither the Commonwealth nor Navient have identified with specificity exactly what student loan borrower records are at issue in this dispute. For example, neither has placed of record or quoted from the Commonwealth's Request for Production of Documents or Navient's response. In the event that future Court involvement is needed to resolve issues surrounding the production of these records, the Court urges the parties to provide detailed specificity on the nature of the records.

2 The Court will also deny Navient's request that the Commonwealth go directly to ED to obtain the borrower records. As extensively noted above, it has been established that Navient physically possesses the records. Navient's reference to ED's Touhy regulations and its argument that the Commonwealth should be required to follow them does not bear on this dispute. By their plain language, such regulations, which govern the procedures ED employees should follow when responding to an external request for information, only apply when seeking information directly from ED, which is not the case here. See 34 C.F.R. § 8.1 (a) ("this part establishes the procedures to be followed when the Department or any employee of the Department receives a demand for ...) (emphasis added).

3 Similar to the Order in the CFPB-Navient matter, (Doc. 104), and to satisfy concerns regarding the Privacy Act, the Order will state that "all discovery production in this matter is made pursuant to the order of a court of competent jurisdiction."

4 Navient's appeal to the Court to consider the necessity of the Commonwealth to obtain the borrower records and balance it against the potential harms of disclosure is for future adjudication, if warranted. (See Doc. 36 at 5-6 (Navient discussing such a calculation in Privacy Act cases) ). The Court here is only concerned with addressing Navient's blanket refusal to produce any of the disputed borrower records.