Tokarski v. Med-Data Inc

• Court: District Court, W.D. Washington
• Decided: March 8, 2022
• Docket: 2:21-cv-00631
• Status: Unknown

Opinion

1 2 3 4

5 6 7 UNITED STATES DISTRICT COURT 8 WESTERN DISTRICT OF WASHINGTON AT SEATTLE 9 10 NICOLE TOKARSKI, on behalf of herself CASE NO. 2:21-cv-00631-TL 11 and all others similarly situated, ORDER GRANTING MOTION TO SEAL 12 Plaintiff, v. 13 MED-DATA, INC., 14 Defendant. 15 16 This matter came before the Court on Plaintiff’s Motion to File “Confidential” 17 Documents Under Seal or In Open Court. Dkt. No. 45. Having reviewed the motion and 18 associated documents (Dkt. Nos. 46, 47, 48, 54, and 55), for the reasons detailed below, the 19 Court GRANTS the motion. 20 I. BACKGROUND 21 On September 17, 2021, Defendant Med-Data, Inc., (“Med-Data”) filed a motion to 22 change venue. Dkt. No. 29. In opposition to that motion, Plaintiff Tokarski filed a response that 23 referenced a document that Defendant maintains is confidential and should be protected from 24 1 public exposure. See Dkt. Nos. 43, 54 and 55. In support of the filing, Plaintiff’s attorney filed a 2 declaration that had several attachments, including the document at issue. Dkt. No. 44-5 3 (redacted version); Dkt. No. 48 (sealed version). Though counsel conferred in advance, they 4 were unable to agree to remove the confidentiality designation for this exhibit, and Defendant

5 maintains that partial redaction of the exhibit would not alleviate the problem. Dkt. No. 45 at 1– 6 2. 7 Defendant MedData notes that “[p]reventing disclosure of confidential business 8 information is a compelling reason that warrants keeping documents under seal.” Dkt. No. 54 at 9 2.The exhibit at issue (Exhibit 5) includes two pages from a report by a third-party cybersecurity 10 consultant, and the report was generated in order to assess and analyze potential security threats 11 to highly sensitive data and information that Defendant MedData stores. Id.; see also Dkt. No. 12 48.Defendant MedData avers that it has “remediated and retested” the security vulnerabilities 13 Exhibit 5 identifies; nonetheless, it claims that hackers could potentially still use the information 14 therein “to attack MedData’s cybersecurity systems and measures.” Id. Defendant MedData

15 believes that public disclosure of Exhibit 5 could cause harm by exposing to public view the data 16 security measures it takes to protect “highly sensitive” data about patients. Id. at 3. 17 II. DISCUSSION 18 “In this circuit, we start with a strong presumption of access to court records.” Foltz v. 19 State Farm Mut. Auto. Ins. Co., 331 F.3d 1122, 1135 (9th Cir. 2003) (internal citations omitted); 20 accord Kamakana v. Cty. of Honolulu, 447 F.3d 1172, 1178 (9th Cir. 2006). “To limit this 21 common law right of access, a party seeking to seal judicial records must show that ‘compelling 22 reasons supported by specific factual findings . . . outweigh the general history of access and the 23 public policies favoring disclosure.’” Pintos v. Pacific Creditors Ass’n, 605 F.3d 665 (9th Cir.

24 2010) (quoting Kamakana, 447 F.3d at 1178–79). Unlike motions to seal discovery motions— 1 which are reviewed under a more liberal ‘good cause’ standard instead of the ‘compelling 2 reasons’ standard that applies to dispositive motions—the appropriate sealing standard is higher 3 for “motions that go to the heart of a case.” Ctr. for Auto Safety v. Chrysler Grp., LLC, 809 F.3d 4 1092, 1098 (9th Cir. 2016). “Most litigation in a case is not literally ‘dispositive,’ but

5 nevertheless involves important issues and information to which our case law demands the 6 public should have access.” Id. Though the Ninth Circuit has not explicitly decided which 7 sealing standard applies to a motion to transfer venue under 28 U.S.C. § 1404(a), this Court will 8 apply the more stringent ‘compelling reasons’ standard here, given that “the motion “affects the 9 litigants substantive rights” and is “more than tangentially related to the underlying cause of 10 action.” Cont'l Auto. Sys., Inc. v. Avanci, LLC, No. 19-cv-02520-LHK, 2019 WL 6612012, at *3 11 (N.D. Cal. Dec. 5, 2019) (holding that a ‘compelling reason’ must warrant sealing of a motion to 12 transfer venue under 28 U.S.C. § 1404(a)). 13 A party seeking to seal judicial records must specify facts that causally connect the 14 documents at hand to sufficiently compelling reasons that justify overriding the strong

15 presumption favoring public access. Trudel v. Am. Fam. Mut. Ins. Co., No. CV-12-1208-PHX- 16 SMM, 2014 WL 11514215, at *1 (D. Ariz. Aug. 15, 2014) (internal quotation and citations 17 omitted). In determining whether the presumption should be overridden, “the district court must 18 weigh ‘the interests advanced by the parties in the light of the public interest and the duty of the 19 courts.’” Valley Broad. Co. v. U.S. Dist. Ct. for Dist. of Nev., 798 F.2d 1289, 1294 (9th Cir. 20 1986) (quoting Warner Comm’ns, 435 U.S. 589, 602 (1978)). On the one hand, courts seek to 21 promote public understanding of the judicial process and of significant public events. See, e.g., 22 id. On the other, a likelihood of “improper use” of the material would “[c]ounsel[] against such 23 access.” Id.

24 1 Where, as here, a protective order has been entered, an agreement of the parties to 2 maintain confidentiality of a document does not, on its own, establish a compelling reason to 3 seal. See Ponomarenko v. Shapiro, No. 16-cv-02763-BLF, 2017 WL 3605226, at *3 (N.D. Cal. 4 Aug. 21, 2017); see also Dkt. No. 42 (delineating protected health information and confidential

5 business information as protected). In the same vein, the mere likelihood of embarrassment, 6 incrimination, or exposure to litigation does not entitle a litigant to file a document under seal. 7 Foltz, 331 F.3d at 1136. However, a compelling reason may exist where “[n]either the public nor 8 collateral litigants have any apparent right to or interest in” a disclosure. See id. at 1138. 9 The harms Plaintiff Tokarski alleges in the instant case were brought about by a data 10 security breach. Dkt. No. 1-1 at 1. Defendant MedData alleges that Exhibit 5 contains 11 information that, if made publicly available, could undermine its current security measures. Dkt. 12 No. 54 at 2–3. There appears to be a non-trivial chance that filing any part of Exhibit 5 and 13 references to its contents in open court would make private information about patients vulnerable 14 to hackers. Id.; see also Dkt. No. 55 at 2 (By “provid[ing] hackers with information they can use

15 to attack MedData’s cybersecurity systems and measures . . . . public disclosure of Exhibit 5 16 would present a security risk.”). Even though the public has an interest in knowing what 17 Defendant MedData’s security practices are (and indeed, how those have been improved since 18 the breach at issue), in this limited circumstance, the Court finds the risk of harm to many 19 individuals who are not currently parties to the litigation to be a compelling reason to override 20 the presumption of public access to judicial records. See In re Google Location Hist. Litig., 514 21 F.Supp. 3d 1147, 1163 (N.D. Cal. 2021) (acknowledging that information about “specific 22 vulnerabilities . . . [to hacking] is sealable under the compelling reasons standard”) (internal 23 citations and emphasis omitted); Music Grp. Macao Com. Offshore Ltd. v. Foote, No. 14-cv-

24 03078-JSC, 2015 WL 3993147 at *6 (N.D. Cal. June 30, 2015) (finding a ‘compelling reason’ to 1 support request to seal portions of an exhibit that discussed a party’s network infrastructure and 2 security systems where disclosure of that information could “encourag[e] another cyber attack”). 3 III. CONCLUSION 4 The motion to seal (Dkt. No. 45) is GRANTED. Dkt. Nos. 47 and 48 shall remain sealed. The

5 redacted versions of those documents (Dkt. Nos. 43 and 44-5) shall remain on the docket. 6 7 IT IS SO ORDERED. 8 Dated this 8th day of March 2022. 9 A 10 Tana Lin United States District Judge 11 12 13 14 15 16 17 18 19 20 21 22 23 24