Opinion
CV-19-02746-PHX-DWL
07-09-2021
SiteLock LLC, Plaintiff, v. GoDaddy.com LLC, Defendant.
ORDER
DOMINIC W. LANZA UNITED STATES DISTRICT JUDGE
Pending before the Court are (1) GoDaddy's Rule 37(c)(1) motion to exclude one of SiteLock's damages theories based on late disclosure (Doc. 306), and (2) SiteLock's cross-motion for additional discovery in lieu of exclusion (Doc. 320). For the following reasons, GoDaddy's motion is granted and SiteLock's motion is denied.
RELEVANT BACKGROUND
This contentious lawsuit has been filled with discovery disputes, the details of which have been discussed ad nauseum in earlier orders. (See, e.g., Docs. 36, 80, 87, 160, 176, 248, 291, 315.) Here, the dispute concerns the timing of the disclosure of one of SiteLock's damages theories. The relevant background details bearing on that issue are as follows.
On April 30, 2019, SiteLock initiated this action by filing the complaint. (Doc. 1.) As summarized in earlier orders, the gist of the complaint is that “SiteLock and GoDaddy entered into a contract under which GoDaddy agreed to market and sell SiteLock's website security services. When a GoDaddy customer would purchase a SiteLock subscription and then take the additional step of activating that subscription, GoDaddy would remit a portion of the sale proceeds to SiteLock. When a GoDaddy customer would purchase a SiteLock subscription but then fail to activate it, GoDaddy would not remit any of the sale proceeds to SiteLock. One of the disputed issues in this case is whether GoDaddy was required by the parties' contract to remit payment to SiteLock in this latter circumstance—SiteLock says yes, GoDaddy says no.” (Doc. 248 at 4.) In addition to this contract-based claim, the complaint also asserts Lanham Act and state-law unfair competition claims premised on the allegation that GoDaddy misused SiteLock's trademark. (Doc. 1 ¶¶ 72-85.)
Because it was filed in April 2019, this case was (and remains) subject to the District of Arizona's Mandatory Initial Discovery Pilot Project (“MIDP”), which applies to most civil cases filed between May 1, 2017 and May 1, 2020. Under the MIDP, SiteLock was required to “[p]rovide a computation of each category of damages [it] claimed . . . and a description of the documents or other evidentiary material on which it is based, including materials bearing on the nature and extent of the injuries suffered.” See D. Ariz. G.O. 17-08 ¶ B.5.
On August 9, 2019, SiteLock served its initial MIDP disclosures. (Doc. 308-2.) On the issue of damages, SiteLock's disclosures provided as follows:
Plaintiff has conducted limited discovery concerning damages, and therefore is presently unable to accurately compute damages. However, Plaintiff has calculated that it is entitled to no less than $25, 640, 309 in damages, not including pre-judgment and post-judgment interest on these amounts at the maximum rate permitted by law, and not including attorney's and other fees. This number is based on (1) the total estimated dollar value of SiteLock orders for which SiteLock did not receive payment ($13, 361, 139) , and (2) the total estimated dollar value of the harm to SiteLock based on GoDaddy's use of SiteLock's trademark ($12, 279, 170). Plaintiff is entitled to receive its actual, consequential, and incidental damages sustained in an amount to be determined at trial, as well as prejudgment and post-judgment interest and attorney's fees. Discovery is ongoing and Plaintiff reserves the right to supplement its damages computation as discovery progresses and based on consultation with expert(s). Plaintiff also reserves the right to supplement the categories of damages based on its continuing investigation and discovery in this action. Plaintiff also reserves its right to supplement these initial responses accordingly.(Id. at 3, emphasis added.) In other words, in its MIDP disclosures, SiteLock computed its breach-of-contract damages at around $13.3 million and explained that this sum consisted solely of the “estimated dollar value of SiteLock orders for which SiteLock did not receive payment.” Although SiteLock also stated in generic fashion that it was seeking “actual, consequential, and incidental damages, ” it did not identify any such damages apart from the two specific categories of damages (contract and trademark) elsewhere identified in its disclosures. SiteLock did not, for example, disclose that it would also be seeking damages based on the theory that GoDaddy had interfered with its ability to make additional sales to customers, let alone provide any computation of such lost-profit damages.
Upon receipt of SiteLock's MIDP disclosures, GoDaddy sought more information about how, precisely, SiteLock had arrived at its damage computations. (See, e.g., Doc. 308-4 at 11 [GoDaddy's December 2019 discovery letter: “GoDaddy notes that SiteLock failed to abide by its obligations under the Federal Rules to adequately disclose the calculation for its damages in its initial disclosures.”].)
On February 28, 2020, after the parties' meet-and-confer efforts on this issue proved unsuccessful, GoDaddy sought judicial intervention by filing a notice of discovery dispute. (Doc. 34.) In this notice, GoDaddy asserted that “[t]en months into this litigation, SiteLock has yet to provide a thorough statement of damages, whether in conjunction with its MIDP obligations or in response to straightforward written discovery. . . . SiteLock must be compelled to meet its basic discovery obligations, and to provide evidence related to its claimed damages.” (Id. at 1, citations omitted.) In response, SiteLock stated: “SiteLock has . . . provided a specific damages estimate . . . and has explained the components of that estimate. The remainder of the documents necessary to calculate damages are in GoDaddy's exclusive possession: To calculate contract damages, SiteLock must discover from GoDaddy how many ‘orders' of SiteLock's services were made through GoDaddy's website but not reported to SiteLock.” (Id. at 2.) In other words, SiteLock again suggested that its sole theory of contract damages was that it didn't receive payment for all of the orders made through GoDaddy's website—there was no mention of additional contract- based damages arising from lost sales to customers.
On March 5, 2020, the Court held a hearing to address this and other discovery disputes. (Doc. 36 [minute entry]; Doc. 90 [transcript].) As relevant here, SiteLock's counsel argued that SiteLock's efforts to disclose its damages computations should be deemed sufficient because:
[T]he vast majority of the documents necessary to calculate damages are in GoDaddy's exclusive possession and have not been produced yet by GoDaddy. That would include things like documents showing the numbers of orders and activations through GoDaddy's website of SiteLock's services. We need those to figure out what the delta is in what GoDaddy owed us and what GoDaddy paid us. We've done the best we can estimating that dollar value based on the sliver of information that we have. But until we have that information, we can't get a more precise answer to that question.(Doc. 90 at 64.) In other words, SiteLock once again suggested that the entirety of its contract-based damages arose from GoDaddy's failure to pay for subscriptions that were purchased but not activated—in SiteLock's words, “the delta” between those two figures— and made no suggestion that SiteLock was also seeking damages based on lost sales to customers.
The parties' squabbling over the adequacy of SiteLock's damages disclosures continued after the March 2020 discovery hearing. (See, e.g., Doc. 70-3 at 4 [GoDaddy's June 2020 discovery letter: “GoDaddy is entitled to a showing as to how SiteLock calculated the damages, and if we aren't going to get a meaningful, robust production showing that calculation in some detail, along with internal communications from SiteLock stating, for example, exactly what they thought they would get in the way of damages from this lawsuit, then we're going to move to compel. To be clear, all documents regarding SiteLock's calculation of damages must be produced, including all communications with counsel regarding those calculations, and counsel's own calculations of damages and they must be produced.”].)
On June 23, 2020, after the parties' further meet-and-confer efforts on this issue proved unsuccessful, GoDaddy sought judicial intervention by filing another notice of discovery dispute. (Doc. 70.) In this notice, GoDaddy argued that “[m]ore than a year into this litigation, and after losing [in its opposition to] a motion to compel that also sought information regarding its damages, SiteLock still has not produced meaningful documents, or provided a thorough statement of damages, whether in conjunction with its MIDP obligations or in response to straightforward written discovery.” (Id. at 1, citations omitted.) In response, SiteLock argued that it “has nothing more to produce” because “nearly all of the documents necessary to calculate damages remain in GoDaddy's exclusive possession; only GoDaddy knows the SiteLock services it sold, and it refuses to produce accurate and complete sales information.” (Id. at 2.) In other words, SiteLock seemed to affirm, for at least the fourth time, that the entirety of its contract-based damages arose from GoDaddy's failure to pay for subscriptions that were ordered but not activated.
On July 14, 2020, the Court held a hearing to address this and other discovery disputes. (Doc. 87 [minute entry]; Doc. 91 [transcript].) During this hearing, GoDaddy argued that SiteLock's damages-related disclosures were inadequate because “we still don't have a viable theory or even an articulated theory of damages from SiteLock regarding any of its claims. . . . All we have basically is a number.” (Doc. 91 at 6.) In response, SiteLock argued that “[w]e produced our best estimate of damages based on the information that we have. The documents that we cite . . . are spreadsheets that lay out on a month-by-month basis the numbers that show the delta between our best estimate of what GoDaddy paid us and what GoDaddy should have paid us. And so the documents that we cite do lay out the methodology for these numbers.” (Id. at 9-10.) SiteLock further argued that GoDaddy was responsible for any lack of clarity, because “we have been completely stymied in our ability to provide our damages numbers” and “GoDaddy has sole possession of the evidence that shows what orders were made by customers . . . of SiteLock services through GoDaddy that GoDaddy never reported to [SiteLock]. That's what the whole lawsuit is about.” (Id. at 10.) These comments were consistent with SiteLock's previous statements concerning the nature of its contract damages (i.e., all of the damages were based on the “delta” between sales and activations). However, near the end of the relevant portion of the hearing, SiteLock's counsel also made the following statement: “Final point is, this is all going to be subject to expert testimony, which we have also told [GoDaddy]. We need to get from them the actual numbers of how many orders they sold and pocketed the money and didn't tell us about so that we can calculate what they owe us based on what those services were, what the revenue share was on those services, et cetera, et cetera.” (Id. at 12.) This appears to be the first time SiteLock mentioned, in a non-generic way, that it might be seeking additional damages based on lost sales to customers.
At the conclusion of the July 2020 discovery hearing, the Court granted GoDaddy's motion to compel in part. (Doc. 87.) Specifically, the Court required SiteLock to supplement its disclosures by spelling out how it reached the damages computations set forth in the disclosures. (Doc. 91 at 14.) The Court added that SiteLock's oral analysis at the hearing wasn't “actually reflected in the discovery responses, ” which merely included “black box bottom line figures about what the contract damages are and what the trademark damages are.” (Id. at 15.)
On August 28, 2020, SiteLock provided amended MIDP disclosures to GoDaddy. (Doc. 308 ¶ 9; Doc. 308-6.) Critically, in the portion of those disclosures providing more information concerning its methodology for calculating its contract-based damages (as ordered during the July 14, 2020 discovery hearing), SiteLock did not increase its damages estimate and did not add any language suggesting it was seeking additional damages based on lost sales to customers. (Doc. 308-6 at 4 [“The first component of SiteLock's damages estimate ($13, 361, 139) is based on GoDaddy's failure to pay SiteLock for all orders of SiteLock subscriptions.”].) Instead, SiteLock merely provided more information about how it had calculated the number of subscriptions that had been ordered but not activated. (Id. at 4-7 [“This spreadsheet shows that, from January 2015 through June 2015, . . . the total number of SiteLock units that were ‘activated' (and that GoDaddy thus paid SiteLock for) were approximately 38.5% of the total number of SiteLock units that GoDaddy sold. . . . By multiplying the average percentage delta from January 2015 through June 2015 by the total of each invoice, SiteLock calculated that GoDaddy failed to pay it at least $13, 361, 139 for orders of SiteLock subscriptions.”].)
In September 2020, SiteLock retained its damages expert, Dr. Steven Kursh. (Doc. 319-9 ¶ 6.)
In December 2020, Dr. Kursh began his damages analysis. (Id. ¶ 9.)
In mid-January 2021, Dr. Kursh “determined that GoDaddy's conduct during its relationship with SiteLock had likely caused economic harm to SiteLock by diminishing the revenue that SiteLock earned from direct sales (or ‘upsells') to customers who originally purchased SiteLock products from GoDaddy.” (Id. ¶ 10.)
On February 5, 2021—the deadline for the completion of written discovery (Doc. 250)—GoDaddy deposed SiteLock's Rule 30((b)(6) representative, Neill Feather. (Doc. 319-3.) During this deposition, Feather was asked whether SiteLock was seeking “any other damages in this action” beyond “the licensing fees that SiteLock is seeking for products that were not activated” and beyond certain other categories of previously disclosed damages. (Id. at 3.) In response, Feather stated:
I believe we're still in the midst of having experts kind of analyze the damages. I would say there are a few categories that are still kind of open-ended as far as getting to a final comprehensive damages assessment. One of those would be around our ability—you know, the customers that we were deprived of under the endeavor-to-promote claim, you know, have a lifetime value that is beyond the, you know—the term of the time they may be with GoDaddy or the time that, you know, their original subscription lasts, so things like upgrades and cross-promotions and things like that are within the scope of what I believe we're looking at there.(Id. at 3-4.) In response to follow-up questioning about the “steps SiteLock has taken to quantify that category of damages, ” Feather elaborated: “I think we're still in the process of performing some of that analysis. I know we've looked at some internal metrics around lifetime value and up-sells to provide, but I know that that assessment is ongoing.” (Id. at 4-5.)
The deadline for the completion of all fact discovery was February 26, 2021—that is, three weeks after SiteLock's Rule 30(b)(6) deposition. (Doc. 250.) At no point during this three-week period did SiteLock made any effort to amend its MIDP disclosures to add (let alone quantify) the lost-profit damages theory that Feather had briefly mentioned during the Rule 30(b)(6) deposition. Thus, as of the close of fact discovery, SiteLock's MIDP disclosures continued to state that it was seeking approximately $13.3 million in contract-based damages, which figure was “based on GoDaddy's failure to pay SiteLock for all orders of SiteLock subscriptions.” (Doc. 308-6 at 4-7.)
The deadline for the disclosure of SiteLock's expert reports was March 19, 2021. (Doc. 250.) One of the reports disclosed on this deadline was from Dr. Kursh. (Doc. 308-9.) As for the dollar value of the SiteLock subscriptions that GoDaddy sold but did not report or pay for, Dr. Kursh concluded that SiteLock's damages (before interest) were $1, 804, 247 for “standalone” subscriptions and $1, 373, 802 for “bunded” subscriptions. (Id. ¶¶ 165, 172.) These figures are, of course, far lower than the $13.3 million estimate set forth in SiteLock's MIDP disclosures. However, Dr. Kursh's report also included a calculation of SiteLock's damages arising from “Lost Profits from Direct Sales to Customers.” (Id. ¶¶ 175-205.) These damages are based on the “assum[ption] that GoDaddy's failure to report a SiteLock subscription effectively deprived SiteLock of the ability to make a direct sale to the customer who owned that domain.” (Id. ¶ 176.) After identifying an array of different methodologies for calculating such damages, Dr. Kursh concluded that “SiteLock's damages based on loss of direct sale profits from GoDaddy's failure to report and pay for all subscriptions, including interest, was between $10, 499, 527 and $18, 381, 514, depending on the method and interest rate used.” (Id. ¶ 205.) Dr. Kursh also opined that SiteLock would have earned additional profits from its customers via upsells had GoDaddy met its contractual obligation to promote SiteLock's products and calculated the value of those lost profits as “between $2, 274, 632 and $6, 291, 795, including interest.” (Id. ¶ 223.) In short, using his high-end estimates, Dr. Kursh identified nearly $25 million in lost-profit damages, separate and apart from the damages associated with non-payment for subscriptions.
On April 19, 2021, GoDaddy disclosed the report of one of its experts, Jeffrey George. (Doc. 319-5.) Among other things, George's report contains opinions about why Dr. Kursh's lost-profit calculations are flawed. (Id.)
On May 7, 2021, GoDaddy filed the pending Rule 37(c)(1) motion and supporting memorandum. (Docs. 306, 307.)
On May 21, 2021, SiteLock filed its response to GoDaddy's motion. (Doc. 319.) That same day, SiteLock filed the pending cross-motion for additional discovery in lieu of exclusion. (Doc. 320.)
On June 1, 2021, GoDaddy filed a combined reply in support of its motion and response to SiteLock's cross-motion. (Doc. 325, )
On June 4, 2021, SiteLock filed a reply in support of its cross-motion. (Doc. 328.) Neither side requested oral argument.
DISCUSSION
I. Legal Standard
Both parties contend that GoDaddy's request for sanctions is governed by Rule 37(c)(1) of the Federal Rules of Civil Procedure. (Doc. 307 at 7; Doc. 319 at 9.) It is unclear whether this is correct. As noted, the MIDP required each party to “[p]rovide a computation of each category of damages [it] claimed . . . and a description of the documents or other evidentiary material on which it is based, including materials bearing on the nature and extent of the injuries suffered.” D. Ariz. G.O. 17-08 ¶ B(5).4. Notably, “[t]he discovery obligations [created by the MIDP] supersede the disclosures required by Rule 26(a)(1) and are framed as court-ordered mandatory initial discovery pursuant to the Court's inherent authority to manage cases.” Id. at 1 (emphasis added). See also Id. ¶ A(2) (“The responses are called for by the Court, not by discovery requests actually served by an opposing party.”); Doc. 22 at 2 n.1 (“Parties that fail to timely disclose relevant information will be precluded from using it in the case and may be subject to other sanctions. Parties that unreasonably postpone disclosure of relevant information to the end of the discovery period also will be subject to sanctions.”). Accordingly, a request for sanctions based on failure to disclose information required by the MIDP is arguably governed by Rule 37(b)(2)(A), which authorizes the imposition of sanctions for “fail[ing] to obey [a court] order to provide or permit discovery, ” rather than Rule 37(c)(1), which authorizes the imposition of sanctions against “a party [that] fails to provide information
. . . as required by Rule 26(a) or (e).”
Rule 26(a)(1)(A)(iii) requires the disclosure of “a computation of each category of damages claimed by the disclosing party—who must also make available for inspection and copying . . . the documents or other evidentiary material, unless privileged or protected from disclosure, on which each computation is based.” Thus, a failure to disclose damages computations is ordinarily (i.e., in cases not governed by the MIDP) treated as a violation of Rule 26(a) that is sanctionable under Rule 37(c)(1).
If anything, GoDaddy's invocation of Rule 37(c)(1), rather than Rule 37(b)(2)(A), is beneficial to SiteLock. Although both provisions expressly authorize the exclusion of the challenged matter based on late disclosure, which is the sole remedy that GoDaddy seeks here, the provisions also differ in certain other respects—for example, Rule 37(b)(2) more readily authorizes the imposition of more severe sanctions, creates a presumptive right to fee-shifting, and doesn't (at least as a textual matter) include a safe harbor for violations that were “substantially justified or harmless.” See, e.g., Lair for Estate of Lair v. Reyes, 2020 WL 9718813, *7 (S.D. Ill. 2020) (“[A] harmless analysis is not relevant to whether there has been a violation of a discovery order under Rule 37(b)(2)(A). The term ‘harmless' is not present in Rule 37(b)(2)(A). Rather, the term ‘harmless' is present for sanctions sought under Rule 37(c)(1) for a failure to disclose or supplement.”) (citation omitted).
Rule 37(b)(2)(A) sets forth a non-exhaustive list of sanctions that may be imposed for failing to comply with a discovery order, including “prohibiting the disobedient party from supporting or opposing designated claims or defenses, or from introducing designated matters into evidence.” Rule 37(c)(1) provides that the presumptive sanction for non-disclosure is that “the party is not allowed to use that information or witness to supply evidence on a motion, at a hearing, or at a trial.”
At any rate, the Court would reach the same outcome here regardless of whether Rule 37(b)(2)(A) or Rule 37(c)(1) were applicable. Thus, as contemplated by both parties, the Court will analyze GoDaddy's request for sanctions under Rule 37(c)(1)'s standards. As noted by the Ninth Circuit, the purpose of Rule 37(c)(1) is to “‘give[] teeth' to Rule 26's disclosure requirements by forbidding the use at trial of any information that is not properly disclosed.” Goodman v. Staples The Office Superstore, LLC, 644 F.3d 817, 827 (9th Cir. 2011), superseded by rule on other grounds as recognized in Shrader v. Papé Trucks, Inc., 2020 WL 5203459, *2 n.2 (E.D. Cal. 2020). Thus, a party's failure to properly or timely disclose its damages computations may result in exclusion of the undisclosed matters. Hoffman v. Construction Protective Servs., Inc., 541 F.3d 1175, 1179-80 (9th Cir. 2008) (affirming district court's exclusion of damage claims as to 64 of 66 plaintiffs due to late disclosure, because “[d]isclosure of damage calculations was mandated under Rule 26(a) and the . . . failure to disclose was not substantially justified . . . [or] harmless, ” and emphasizing that “the district court was [not] required to make a finding of willfulness or bad faith to exclude the damages evidence”).
“The party requesting sanctions [under Rule 37(c)(1)] bears the initial burden of establishing that the opposing party failed to comply with the [applicable] disclosure requirements.” Silvagni v. Wal-Mart Stores, Inc., 320 F.R.D. 237, 241 (D. Nev. 2017). If the movant makes this showing, “[t]he party facing sanctions bears the burden of proving that its failure to disclose the required information was substantially justified or is harmless.” R&R Sails, Inc. v. Ins. Co. of Penn., 673 F.3d 1240, 1246 (9th Cir. 2012). When evaluating substantial justification and harmlessness, courts often consider (1) prejudice or surprise to the other party, (2) the ability of that party to cure the prejudice, (3) the likelihood of disruption of trial, and (4) willfulness or bad faith. Silvagni, 320 F.R.D. at 242.
“Rule 37(c)(1) is an ‘automatic' sanction that prohibits the use of improperly disclosed evidence, ” such that “litigants can escape the ‘harshness' of exclusion only if they prove that the discovery violations were substantially justified or harmless.” Merchant v. Corizon Health, Inc., 993 F.3d 733, 740 (9th Cir. 2021) (citation omitted). Nevertheless, “[t]he automatic nature of the rule's application does not mean that a district court must exclude evidence that runs afoul of Rule 26(a) or (e) . . . . Rather, the rule is automatic in the sense that a district court may properly impose an exclusion sanction where a noncompliant party has failed to show that the discovery violation was either substantially justified or harmless.” Id. (citation omitted). The “party facing sanctions under [Rule 37(c)(1)] bears the burden of showing that a sanction other than exclusion is better suited to the circumstances.” Id. at 741. “[A] noncompliant party must ‘avail himself of the opportunity to seek a lesser sanction' by formally requesting one from the district court.” Id. (citation omitted).
II. The Parties' Arguments
GoDaddy moves under Rule 37(c)(1) to preclude SiteLock from pursuing the “lost profits from direct sales” theory of damages set forth in Dr. Kursh's report. (Doc. 307.) First, GoDaddy argues this theory wasn't properly disclosed because “[n]either SiteLock's Initial nor Amended MIDP disclosures, not its damages-related discovery responses suggest—let alone assert—a damages theory based on lost profits from SiteLock's direct sales.” (Id. at 11-12.) GoDaddy contends the first disclosure of this theory didn't come until March 2021, when Dr. Kursh issued his report, and argues this disclosure was inadequate and untimely because (1) it occurred after the close of fact discovery and (2) SiteLock has not, in any event, ever amended its disclosures or discovery responses to include Dr. Kursh's lost-profit theory. (Id.) Second, GoDaddy argues the disclosure violation wasn't substantially justified because the new damages theory is based on SiteLock's internal information (i.e., “the total monthly revenue purportedly earned by SiteLock from direct sales to GoDaddy customers between 2014 and 2017”), and thus SiteLock has “had custody of the information necessary” to develop and disclose its lost-profit theory since the outset of the case. (Id. at 12-14.) GoDaddy also emphasizes that the new theory would increase its exposure by $25 million. (Id.) Third, GoDaddy argues the disclosure violation wasn't harmless because “permitting SiteLock to proceed on its previously undisclosed theory would require the re-opening of discovery and delay of the Court's schedule.” (Id. at 6, 14-17.) More specifically, GoDaddy argues that all of SiteLock's claims about the revenue earned from existing customers (which provide the foundation for Dr. Kursh's lost-profit calculations) are based on a made-for-litigation summary document that was produced by SiteLock for the first time on January 29, 2021; that GoDaddy would have pursued far more discovery related to this issue had it been on notice of the issue's relevance to SiteLock's damages theories; that SiteLock has previously (and successfully) demanded additional discovery material, including granular transaction-level receipts, when presented with made-for-litigation summary documents prepared by GoDaddy (which underscores why GoDaddy would have been entitled to conduct additional discovery had this issue been properly raised); and that SiteLock took various steps to thwart GoDaddy's earlier efforts to obtain discovery related to SiteLock's upsells. (Id.) Finally, GoDaddy argues, in the alternative, that the Court should reopen fact and expert discovery and require SiteLock to pay the attorneys' fees and costs associated with these reopened processes. (Id. at 17.)
SiteLock opposes GoDaddy's motion. (Doc. 319.) First, SiteLock argues it “fully complied with its disclosure obligations” because (1) in its MIDP disclosures, it “flagged” that possibility that it would be seeking consequential damages in addition to the other contract-damaged damages it had calculated and also “flagged” the possibility that its damages calculations might change once it obtained expert analysis; (2) it provided more information about its lost-profit theory during its Rule 30(b)(6) deposition in February 2021 (which occurred less than 30 days after its expert, Dr. Kursh, first “determined . . . that the consequential harm to SiteLock from GoDaddy's breach of contract likely included harm to SiteLock's upsells”); and (3) it fully disclosed Dr. Kursh's analysis of the lost-profit issue by the expert disclosure deadline set forth in the scheduling order. (Id. at 10-14.) Second, SiteLock argues any disclosure error was substantially justified because it “disclosed what it knew about its damages at the outset of the case (making clear it would need expert help), then promptly disclosed the upsell theory within three weeks of its expert identifying that theory, during fact discovery.” (Id. at 14.) Third, SiteLock argues any disclosure error was harmless because (1) “GoDaddy's expert was able to fully analyze and respond to Dr. Kursh's analysis of upsell damages” and GoDaddy “can continue to probe Dr. Kursh's analysis during upcoming expert depositions, ” (2) GoDaddy was allowed to conduct extensive discovery concerning upsells, including 12 requests for production and extensive Rule 30(b)(6) questioning on the topic, and had a motive to conduct such discovery irrespective of Dr. Kursh's damages opinion because GoDaddy has asserted a set-off affirmative defense based on SiteLock's failure to pay for upsells, and (3) GoDaddy “cannot identify any specific additional discovery that it would have pursued had SiteLock disclosed its upsell damages earlier).” (Id. at 14-17.) Finally, SiteLock contends that “GoDaddy's unexplained three-month delay in bringing [its] motion independently warrants its denial.” (Id. at 17.)
SiteLock also cross-moves, in the alternative, to allow GoDaddy to conduct additional discovery in lieu of the remedy of exclusion. (Doc. 320.) SiteLock contends it “has a reasonable explanation for the timing of its disclosures” and thus argues that, even if it erred, the absence of willful, bad-faith conduct means the Court should exercise its discretion under Rule 37(c)(1) to impose the “more limited sanction of targeted discovery” instead of “the extreme remedy of excluding approximately half of [its] damages.” (Id. at 3.) In support of this argument, SiteLock largely elaborates upon the discussion of substantial justification and harmlessness that appears in its opposition to GoDaddy's motion. (Id. at 3-7.)
In its combined reply and response, GoDaddy first argues that Feather's testimony during the Rule 30(b)(6) deposition did not constitute adequate disclosure of SiteLock's lost-profit theory of damages because his testimony was vague (i.e., he never used the phrase “lost profits from direct sales”) and he didn't provide a computation. (Doc. 325 at 1-4.) Next, GoDaddy argues that SiteLock's arguments regarding substantial justification miss the mark because (1) even if SiteLock needed an expert to provide a precise calculation of its lost-profit damages, it was still required to provide an initial computation at the outset of the case; (2) SiteLock never supplemented its MIDP disclosures and discovery responses before the fact-discovery deadline to include the lost-profit claim; and (3) SiteLock has not submitted any evidence explaining its “years-long failure to issue spot lost profit damages” or its failure to mention the issue at any point between January 11, 2021 and March 19, 2021, when the parties exchanged 70 items of correspondence on other issues. (Id. at 5-6.) As for SiteLock's arguments regarding harmlessness, GoDaddy argues that they, too, miss the mark because (1) although GoDaddy's affirmative defense happens to “overlap” in some respects with SiteLock's new damages theory, the two claims are “very different things as a matter of law” and would require different forms of discovery, and (2) GoDaddy has identified specific categories of discovery it would need to defend against SiteLock's new theory, including “granular transaction date for every product SiteLock sold to a GoDaddy customer from 2014-present, ” “the products SiteLock allegedly would have sold to GoDaddy customers, the prices of those products from 2014-present, and the expenses avoided by not having sold these products, ” “the costs associated with the sale and provision of those products from 2014-present, ” “changes to SiteLock's direct sales platform and strategies, including . . . any decision to halt direct sales between 2014-present, ” and “the impact to SiteLock's direct sales from external market forces, competition, other contracts, and acquisitions from 2014-present.” (Id. at 6-9.) As for SiteLock's claim that the exclusion motion was filed too late, GoDaddy responds that the case on which SiteLock relies is inapposite (it dealt with Rule 37(b)) and that SiteLock made a settlement offer in late February 2021 that suggested SiteLock wasn't seeking lost-profit damages—which, in turn, explains why GoDaddy was justified in not seeking relief until Dr. Kursh's report was disclosed three weeks later. (Id. at 9-10.) Finally, GoDaddy opposes SiteLock's cross-motion because SiteLock's disclosure failures were not the product of good faith and reasonable explanations and, instead, were the product of unjustifiable “delay in retaining an expert witness to investigate its damages despite knowing it needed help.” (Id. at 10-11.)
GoDaddy also objects to SiteLock's proffered evidence, on the ground that the accompanying declaration of counsel was not signed under penalty of perjury (Doc. 325 at 2-3), but SiteLock subsequently addressed that oversight (Doc. 328 at 1 n.1; Doc. 328-1 ¶ 3).
In its reply in support of its cross-motion, SiteLock reiterates its previous argument that, because it “made clear in its initial disclosures that it was seeking consequential damages and that its damages would be subject to expert analysis, ” its subsequent efforts to disclose that theory (first by Feather during the Rule 30(b)(6) deposition testimony, then in Dr. Kursh's report) are proof that it acted in good faith. (Doc. 328 at 1.) SiteLock also disputes GoDaddy's contention that Feather's testimony was vague and inadequate, arguing that he “disclosed the substance of SiteLock's upsell damages theory” and was unable to provide a computation only because “its expert was still working on those calculations” at the time of the deposition (id. at 1-3), and argues it was permissible for Dr. Kursh to begin his analysis in December 2020 because that was still three months before the close of fact discovery (id. at 3). As for the timing of GoDaddy's motion, SiteLock argues it came three months after the relevant disclosure (the Feather deposition) and criticizes GoDaddy for enclosing a settlement-related communication, which SiteLock characterizes as prejudicial and a violation of Rule 408. (Id. at 3-4.) Finally, SiteLock argues that authorizing additional discovery wouldn't be disruptive because it “can perform a reasonable search for an appropriately narrowed set of documents responsive to GoDaddy's five categories” and “produce any additional documents it identifies from these searches within 14 days of this Court's order.” (Id. at 4-5.)
III. Analysis
As explained below, SiteLock did not timely and adequately disclose its “lost profits from direct sales” theory of damages, the disclosure violation was not substantially justified or harmless, the remedy of exclusion (rather than additional discovery) is appropriate here, and SiteLock's other grounds for opposing GoDaddy's motion lack merit. Accordingly, GoDaddy's Rule 37(c)(1) motion is granted and SiteLock's cross-motion is denied.
A. Adequacy And Timeliness Of Disclosure
SiteLock's efforts to disclose its lost-profit theory of damages did not comply with the letter or spirit of the MIDP. SiteLock's initial MIDP disclosures suggested it was seeking a total of $13.3 million in contract-based damages, consisting solely of unpaid fees for SiteLock subscriptions that GoDaddy sold but customers never subsequently activated. (Doc. 308-2 at 3.) This was the only contract-related damage figure for which a computation was provided. Although SiteLock did mention, in passing, that it was seeking “actual, consequential, and incidental damages” and “reserve[d] the right to supplement its damages computation . . . based on consultation with expert(s), ” no reasonable reader would have inferred from these seemingly boilerplate, throwaway phrases that SiteLock was actually seeking another $25 million in contract damages based on an entirely different theory related to lost profits.
SiteLock's subsequent statements—during hearings, in court filings, and in meet-and-confer correspondence with GoDaddy—reaffirmed this understanding. Time and again, when pressed by GoDaddy (and the Court) for more information about its theory of damages, SiteLock only mentioned the unpaid fees for sold-but-not-activated subscriptions and didn't mention anything about a separate claim for $25 million in lost profits from hypothetical future sales. For example, in the February 2020 notice of joint summary dispute, SiteLock took umbrage with GoDaddy's suggestion that its damages disclosures were inadequate, stating that it had “provided a specific damages estimate” and had “explained the components of that estimate” and explaining that the only additional computational step was to “discover from GoDaddy how many ‘orders' of SiteLock's services were made through GoDaddy's website but not reported to SiteLock.” (Doc. 34 at 2.) Not only did this statement fail to mention that SiteLock was seeking a separate $25 million in lost-profit damages, but it gave the impression that the previously disclosed categories of damages were exclusive.
The first fleeting mention of a potential claim for lost profits came during the July 2020 discovery hearing. To be clear, most of the discussion during that hearing concerned SiteLock's “methodology” for calculating its contract damages related to unactivated subscriptions, i.e., “the delta between [SiteLock's] best estimate of what GoDaddy paid [SiteLock] and what GoDaddy should have paid, ” which SiteLock's counsel characterized as “what the whole lawsuit is about.” (Doc. 91 at 9-14.) This statement is impossible to reconcile with SiteLock's current arguments about its disclosure efforts—it would make no sense to characterize a damages theory valued (at the time) at $13.3 million as “what the whole lawsuit is about” if SiteLock had a different damages theory valued at more than $25 million.
It is true that, after making these statements, SiteLock's counsel went on to suggest that SiteLock's expert might be conducting an analysis of “the revenue share” related to ordered-but-never-activated subscriptions. (Id.) But this comment did not fairly apprise GoDaddy of SiteLock's intent to pursue $25 million in lost-profit damages. Critically, when SiteLock issued an amended version of its MIDP disclosures in August 2020, as it had been ordered to do at the conclusion of the July 2020 discovery hearing, SiteLock did not increase its contract-damages calculation beyond the original estimate of $13.3 million and did not add any language suggesting it was seeking additional damages based on lost sales. Instead, it merely provided more information about how it had calculated the number of subscriptions that had been ordered but not activated. (Doc. 308-6 at 4-7.) Again, the only reasonable interpretation of this disclosure was that SiteLock's claim for contract-based damages was limited to the $13.3 million for purchased-but-not-activated subscriptions.
SiteLock did not further amend its damages-related disclosures after issuing the August 2020 version. Indeed, even after January 2021 (when Dr. Kursh began developing the lost-profit theory) and February 2021 (when SiteLock's Rule 30(b)(6) deposition took place), the relevant disclosures remained unchanged. Thus, as of the close of fact discovery on February 26, 2021 (Doc. 250)—nearly two years after SiteLock filed this action (Doc. 1)—GoDaddy still had not been provided adequate notice that SiteLock was seeking $25 million in lost-profit damages, let alone a computation of those damages or a specification of the documents on which the damages computation was based. On this record, the Court easily concludes that SiteLock did not properly or timely disclose that theory of damages, in violation of the MIDP. Cf. Oracle USA, Inc. v. SAP AG, 264 F.R.D. 541, 556-57 (N.D. Cal. 2009) (“Plaintiffs' discovery responses failed without substantial justification for over two years to inform Defendants that Plaintiffs were seeking [certain] lost profit damages . . . . Further, Plaintiffs failed to timely supplement their initial disclosures to update their damages theory until May 2009, even though facts supporting such damages were known to Plaintiffs before filing this lawsuit . . . . In addition, expanding the damages case significantly as Plaintiffs belatedly attempt to do would severely prejudice the Court's ability to manage this case to resolution in anything approaching a just, speedy, and inexpensive manner. Thus, Rule 37 mandates preclusion sanctions . . . .”).
In a related vein, the Court rejects SiteLock's contention that it adequately and timely disclosed the challenged theory during its Rule 30(b)(6) deposition. The proper way for SiteLock to disclose its damages theories and computations was through MIDP disclosures, not deposition testimony. Cf. Ollier v. Sweetwater Union High Sch. Dist., 768 F.3d 843, 862-63 (9th Cir. 2014) (affirming exclusion of witnesses who were never formally disclosed in a party's Rule 26 disclosures but were mentioned during a deposition). Formal disclosure was particularly necessary in this case, where the adequacy of SiteLock's damages disclosures had been repeatedly challenged. At any rate, although it is true that the MIDP sometimes permits disclosure via deposition instead of via formal supplemental response, this exception applies only when the “new information is revealed in a . . . deposition in a manner that reasonably informs all parties of the information.” See D. Ariz. G.O. 17-08 ¶ A.8. Here, Feather's Rule 30(b)(6) deposition testimony did no such thing—it was vague, equivocal, and did not include even a rough estimate of the amount of damages being sought. Moreover, SiteLock overlooks that the Rule 30(b)(6) deposition occurred on the same day as the deadline for the completion of written discovery. Thus, even if Feather had unspooled SiteLock's new damages theory in a crisp, understandable manner and provided comprehensible computations (which didn't happen), GoDaddy wouldn't have had any practical ability to follow up on this belated disclosure by pursuing additional written discovery related to it. And without such discovery, any efforts by GoDaddy to notice and conduct additional fact-witness depositions in the remaining three-week period before the close of all fact discovery would have been fruitless.
B. Substantially Justified Or Harmless
Because GoDaddy has met its burden of establishing that a disclosure violation occurred, the burden shifts to SiteLock to establish that the violation was substantially justified or harmless. SiteLock has not met that burden.
As for substantial justification, this isn't a case where SiteLock only discovered its ability to pursue a new damages theory after it obtained documents from GoDaddy during the discovery process. To the contrary, SiteLock could have developed the challenged theory even before this case began—the complaint is premised on the notion that GoDaddy committed a contractual breach by failing to pay for subscriptions that were sold but never activated, and the challenged theory simply represents Dr. Kursh's opinion as to the additional profit that SiteLock could have earned from such customers (via future upsells) had SiteLock been aware of them. To be sure, SiteLock needed to rely on the discovery process to develop information concerning one of the variables in this theory (i.e., the number of customers who purchased but didn't activate subscriptions). But the theory itself has always been ripe for development and disclosure. Cf. Ocean Garden Prods. Inc. v. Blessings Inc., 2018 WL 6133773, *2 (D. Ariz. 2018) (“Even if [a party is] unable to provide precise computations without first commissioning an expert, [it] must provide initial computations based on all information that is currently reasonable available to [it].”). Notwithstanding this, SiteLock waited until September 2020 (more than a year after the case was filed) to retain its damages expert; didn't bother to amend its MIDP disclosures in January 2021, when its expert first developed the theory; and didn't disclose any computations associated with the theory until March 2021, well after the close of fact discovery. Contrary to SiteLock's argument (Doc. 319 at 10-11), a party cannot drag its heels when it comes to expert retention and then argue that, because it was dependent on that expert to develop a damages theory, its own delay in the retention process serves as substantial justification for a disclosure violation. To hold otherwise would create perverse and bizarre incentives.
The case cited by SiteLock in support of this supposed principle, Myers for Myers v. United States, 2003 WL 27375939 (S.D. Cal. 2003), is easily distinguishable. There, the plaintiff's initial disclosures specifically stated that she was seeking “substantial special damages, possibly exceeding $5 million, from medical bills, psychological bills, neuropsychological bills, bills for educational assistance, loss and/or reduction in future wages and/or earning capacity, loss and/or reduction in her ability to care for herself and the cost of obtaining care for herself” and further explained that “these special damages will most likely be the subject of expert testimony in this case and a complete breakdown of special damages will be provided at the appropriate stage in the litigation consistent with Rule 26.” Id. at *1 (internal quotation marks omitted). Given this backdrop, the court rejected the defendant's challenge to the sufficiency of the plaintiff's disclosures, holding that she was not required “to provide a more particularized calculation of her damages at this stage of the litigation” in part because “[m]ost of the damages claimed by Plaintiff in this case fall into this category because they are dependent on information in the possession of another party—Plaintiff's expert witnesses.” Id. at *2. Here, of course, SiteLock's initial disclosures did not state that SiteLock was seeking approximately $25 million in lost-profit damages arising from upsells, subject to further refinement by SiteLock's expert. The theory wasn't mentioned at all.
Nor was the violation harmless. GoDaddy has identified specific categories of evidence it would have pursued via the discovery process had it been aware of SiteLock's intent to pursue the lost-profit theory of damages. Thus, to even the playing field, the Court would be required to reopen fact discovery. This would be an expensive and delay-inducing outcome in a case that is already over two years old. Courts have not hesitated to reject claims of harmlessness under analogous circumstances. See, e.g., Hoffman, 541 F.3d at 1180 (late disclosure of damages computations was not harmless because it “would have most likely required the court to create a new briefing schedule and perhaps re-open discovery, rather than simply set a trial date”); Ollier, 768 F.3d at 862-63 (“Orderly procedure requires timely disclosure so that trial efforts are enhanced and efficient, and the trial process is improved. The late disclosure of witnesses throws a wrench into the machinery of trial. A party might be able to scramble to make up for the delay, but last-minute discovery may disrupt other plans. And if the discovery cutoff has passed, the party cannot conduct discovery without a court order permitting extension. This in turn threatens whether a scheduled trial date is viable. And it impairs the ability of every trial court to manage its docket.”); Dayton Valley Investors, LLC v. Union Pacific R. Co., 2010 WL 3829219, *6 (D. Nev. 2010) (“Multiple courts within the Ninth Circuit have found that the failure to provide a computation of damages . . . within the discovery period is not harmless for purposes of Rule 37(c) precisely because it results in the need to reopen discovery.”) (citations omitted). Moreover, SiteLock's new computations are based, in part, on a made-for-litigation summary exhibit. Just as GoDaddy was required to provide additional documentation in support of a made-for-litigation summary exhibit it had previously compiled and disclosed because that exhibit was important to the issue of damages (Doc. 291 at 16-18), the Court would likely require SiteLock to produce additional documentation related to its summary exhibit were discovery reopened. This, too, would add to the delay and expense.
Notwithstanding all of this, SiteLock argues that any disclosure violation was harmless because GoDaddy's expert was able to issue a rebuttal report concerning Dr. Kursh's lost-profit opinions. (Doc. 319 at 14-15.) This argument fails because it overlooks that GoDaddy's expert was hamstrung by an undeveloped record. It is true, as SiteLock notes, that “GoDaddy's expert had the same information that Dr. Kursh considered” (id.), but the point is that the information on which Dr. Kursh relied consisted (at least in GoDaddy's view) of overly rosy and undeveloped data concerning the future profits that SiteLock would have earned from customers via upsells. GoDaddy should have been given the opportunity to test that data via the discovery process. And GoDaddy would have made a more strenuous effort to do so had it been aware the data was providing the foundation for a $25 million damage claim. Cf. Apple, Inc. v. Samsung Elecs. Co., Ltd., 2012 WL 3155574, *5 (N.D. Cal. 2012) (late disclosure not harmless, even though it occurred “before the close of expert discovery, ” because “the experts were in effect locked-in to the factual record as of the time fact discovery closed and could not test the factual basis for the newly amended contentions by conducting additional discovery”).
C. Additional Discovery In Lieu Of Exclusion
SiteLock argues in its cross-motion that, even if the conditions for exclusion under Rule 37(c)(1) are otherwise satisfied, the Court should exercise its discretion to order additional discovery in lieu of exclusion. (Doc. 320.) Although the Court acknowledges that it possesses discretion to go that route, Merchant, 993 F.3d at 740-41, it declines to do so. The sanction being imposed here is not case-dispositive—SiteLock has still disclosed millions of dollars' worth of other damages theories—and, as discussed in Part III.B above, the justification for SiteLock's disclosure violation is weak, particularly given the hard-fought nature of this case and the many prior inquiries into the adequacy of SiteLock's disclosures.
D. Remaining Arguments
SiteLock's final argument is that GoDaddy's motion should be denied because GoDaddy waited too long before filing it. (Doc. 319 at 17.) This argument fails. As an initial matter, it is unclear what sort of deadline, if any, applies to Rule 37(c)(1) motions. See, e.g., White v. Deere & Co., 2016 WL 525911, *1 (D. Colo. 2016) (“Plaintiff cites no authority for the proposition that . . . a party's failure to [seek a witness-exclusion order under Rule 37(c)(1)] until shortly before trial somehow waives that party's right to object. The Court finds that defendants have not waived their ability to object to plaintiff's late disclosure of these witnesses under the discovery rules.”). No deadline is set forth in the text of Rule 37(c)(1) and, although some districts appear to have adopted such deadlines by local rule, the District of Arizona has not.
See, e.g., Democratic Republic of Congo v. Air Capital Grp., 2013 WL 2285542, *2 (S.D. Fla. 2013) (“Under the Local Rules of this Court, all motions related to discovery must be filed within thirty days of the occurrence of grounds for the motion. Failure to file a timely discovery motion within thirty days ‘may constitute a waiver of the relief sought.'”) (citations omitted).
Moreover, even assuming some sort of reasonableness standard applies in this context, GoDaddy did not wait an unreasonable amount of time before seeking relief. As noted, Feather's testimony during the Rule 30(b)(6) deposition was vague, equivocal, and didn't include any computations. It wasn't until March 19, 2021, when the Kursh report was disclosed, that GoDaddy finally received fair notice of SiteLock's new $25 million damages theory. The exclusion motion—which is comprehensive, supported by hundreds of pages of exhibits, and clearly required a substantial amount of time to draft, edit, and finalize (during a period when GoDaddy's counsel was tied up with many other case-related tasks)—was filed just over six weeks later. There was nothing unreasonable about the amount of time it took for GoDaddy to file its motion.
Accordingly, IT IS ORDERED that:
(1) GoDaddy's motion for Rule 37(c)(1) sanctions (Doc. 306) is granted.
(2) SiteLock's cross-motion for additional discovery (Doc. 320) is denied.