All Courts |
Federal Courts |
US Court of Appeals Cases |
Court of Appeals for the Seventh Circuit |
2022-08 |
-
In the United States Court of Appeals For the Seventh Circuit ____________________ No. 21-3290 MARTIN J. WALSH, Secretary of Labor, Petitioner-Appellee, v. ALIGHT SOLUTIONS LLC, Respondent-Appellant. ____________________ Appeal from the United States District Court for the Northern District of Illinois, Eastern Division. No. 1:20-cv-2138 — John F. Kness, Judge. ____________________ ARGUED APRIL 21, 2022 — DECIDED AUGUST 12, 2022 ____________________ Before EASTERBROOK, ROVNER, and BRENNAN, Circuit Judges. BRENNAN, Circuit Judge. The U.S. Department of Labor is investigating alleged cybersecurity breaches at Alight Solu- tions LLC, a company that provides administrative services for employers who sponsor healthcare and retirement plans. As part of its investigation the Department issued an admin- istrative subpoena. Alight produced some documents but 2 No. 21-3290 objected to many of the subpoena’s requests. The district court granted the Department’s petition to enforce the sub- poena with some modifications. On appeal, Alight argues the subpoena is unenforceable because the Department lacks authority to investigate the company, or cybersecurity incidents generally. The company also contends the subpoena’s demands are too indefinite and unduly burdensome, and that the district court abused its dis- cretion by denying Alight’s request for a protective order to limit production of certain sensitive information. Alight’s ar- guments are not persuasive, so we affirm. I Alight provides recordkeeping services for employers who sponsor healthcare and retirement benefit plans for their employees, some of which are governed by the Employee Re- tirement Income Security Act,
29 U.S.C. §§ 1001–1461 (“ERISA”). As of November 2020, Alight served over 750 cli- ents supporting more than 20.3 million plan participants. These clients entrust Alight with highly sensitive information about their companies, employee benefits plans, and plan par- ticipants. Alight provides cybersecurity services to protect this confidential information. The Department opened an investigation of Alight in July 2019 prompted by a discovery that Alight processed unau- thorized distributions of plan benefits due to cybersecurity breaches in its ERISA plan clients’ accounts. The Department says Alight failed to report, disclose, and restore those unau- thorized distributions. Alight denies any knowledge of breaches resulting in unauthorized distributions. No. 21-3290 3 As part of the investigation the Department sent Alight an administrative subpoena duces tecum. The subpoena calls for documents in response to 32 inquiries and covers the period from January 1, 2015 through the date of production. The in- formation requested ranges from specific inquiries, like Alight’s articles of incorporation and bylaws, to broad de- mands, including “[a]ll documents and communications re- lating to services offered to ERISA plan clients.” Alight produced a limited number of documents in re- sponse to about half of the subpoena’s requests, but the com- pany also objected to many of the inquiries. Specifically, the company challenged the Department’s investigatory author- ity and purposes, criticized the subpoena’s scope and burden, and emphasized its duty to keep certain information confi- dential. After unsuccessful attempts by the parties to resolve Alight’s objections, the Department petitioned the district court to enforce the subpoena. Meanwhile, the company con- tinued to interact with the Department and produced addi- tional materials. But Alight redacted most of the documents it produced to remove client identifying information, which prevented the Department from discerning potential ERISA violations. In response to the petition, Alight filed a memorandum opposing enforcement of the subpoena. The company argued that the Department lacked the authority to investigate the company because Alight is not a fiduciary under ERISA, the subpoena was too indefinite to enforce and sought documents unrelated to ERISA plans, and enforcement would jeopardize confidential information Alight was contractually obligated to protect. The company also noted that although the 4 No. 21-3290 subpoena requested documents back to January 1, 2015, Alight was not formed until May 2017. Alight asked the dis- trict court to quash the subpoena, or at a minimum to limit the subpoena and enter a protective order permitting redac- tions. Alight’s response also highlighted a production sample its legal consultant prepared, which covered two months of re- sponsive documents. The consultant spent over 40 hours pre- paring the sample, and she estimated that the employees who assisted her collectively spent the same amount of time on the project. Based on this sample, Alight’s legal consultant pro- jected full compliance with the subpoena would require “thousands of hours of work.” The Department filed a reply memorandum defending the subpoena. It stated that additional documentation was not required for 9 of the original 32 production requests. For the remaining 23 inquiries, the Department clarified or narrowed each request. Ultimately, the district court granted the Department’s pe- tition to enforce the subpoena as modified by the Depart- ment’s reply memorandum. The court found that the Depart- ment’s investigatory authority was not limited to fiduciaries, and that the requested information was reasonably relevant to the ERISA investigation. It also ruled that the subpoena was not too indefinite, and that Alight’s challenge to the indefi- niteness of the subpoena related more to the burden of pro- duction than the clarity of the production requests. As to Alight’s burden of compliance, the court applied the pre- sumption that subpoenas should be enforced and decided that the balance between the relevance of the requested infor- mation and the cost of production favored enforcement. No. 21-3290 5 The district court also declined to enter a protective order. Not only had Alight failed to formally move for such an order under Federal Rule of Civil Procedure 26(c), but the court found that the Freedom of Information Act and
18 U.S.C. § 1905prohibited the Department from publicizing Alight’s confidential information. So, the court concluded that Alight had not shown good cause for redacting the requested docu- ments. Last, the court addressed the date range covered by the subpoena. Reasoning that Alight “cannot produce what it does not have,” the court directed Alight to produce those documents in its possession. And “if [Alight] does not have anything within its possession, custody, or control to produce from the period before it had its current legal existence, it should respond to the Subpoena accordingly.” II “We review the district court’s decision to enforce an agency subpoena for abuse of discretion, and we review any factual determinations on which the ruling is based for clear error. Questions of law are reviewed de novo.” EEOC v. Aero- tek, Inc.,
815 F.3d 328, 333 (7th Cir. 2016) (citations omitted); see McLane Co., Inc. v. EEOC,
137 S. Ct. 1159, 1170 (2017). “A decision is an abuse of discretion only if no reasonable person would agree with the decision made by the trial court.” Lange v. City of Oconto,
28 F.4th 825, 842 (7th Cir. 2022) (quoting Smith v. Hunt,
707 F.3d 803, 808 (7th Cir. 2013)). Under clear- error review, we will overturn a decision “only if the entire record leaves us ‘with the definite and firm conviction that a mistake has been committed.’” Wilborn v. Ealey,
881 F.3d 998, 6 No. 21-3290 1006 (7th Cir. 2018) (quoting Anderson v. City of Bessemer City,
470 U.S. 564, 573 (1985)). A subpoena enforcement proceeding is “designed to be summary in nature.” EEOC v. United Air Lines, Inc.,
287 F.3d 643, 649 (7th Cir. 2002) (quoting EEOC v. Tempel Steel Co.,
814 F.2d 482, 485 (7th Cir. 1987)). In the context of administrative subpoenas, “a district court’s subpoena enforcement function is narrowly limited: in deciding whether to enforce, ‘it is suf- ficient if the inquiry is within the authority of the agency, the demand is not too indefinite and the information sought is reasonably relevant.’” Aerotek, 815 F.3d at 333 (quoting Dow Chem. Co. v. Allen,
672 F.2d 1262, 1267 (7th Cir. 1982)). “[I]t is also clearly recognized that disclosure may be restricted where it would impose an unreasonable or undue burden on the party from whom production is sought,” Dow Chem.,
672 F.2d at 1267, and a subpoena may not be issued for an illegit- imate purpose. McLane, 137 S. Ct. at 1165. “In the mine run of cases, the district court’s decision whether to enforce a sub- poena will turn either on whether the evidence sought is rel- evant to the specific charge before it or whether the subpoena is unduly burdensome in light of the circumstances.” Id. at 1167. These inquiries “are ‘generally not amenable to broad per se rules’; rather, they are the kind of ‘fact-intensive, close calls’ better suited to resolution by the district court than the court of appeals.” Id. at 1168 (citations omitted). On appeal, Alight offers similar arguments as in the district court: the Department lacks authority to issue the sub- poena, the subpoena is too indefinite and burdensome to en- force, and a protective order is needed to prevent disclosure of certain confidential information. No. 21-3290 7 A Alight contends that the subpoena falls outside the Department’s authority because it cannot investigate non-fi- duciaries, and ERISA does not authorize investigations into cybersecurity issues. Each challenge raises a question of law, which we review de novo. Aerotek, 815 F.3d at 333. The Department’s authority to issue subpoenas under ERISA is codified at
29 U.S.C. § 1134(a)(1): The Secretary shall have the power, in order to determine whether any person has violated or is about to violate any provision of this sub- chapter or any regulation or order thereunder-- (1) to make an investigation, and in connection therewith to require the submission of reports, books, and records, and the filing of data in sup- port of any information required to be filed with the Secretary under this subchapter[.] As the statute states, and as both parties agree, the Depart- ment need not determine whether a violation has occurred before issuing a subpoena. Indeed, “[a]n administrative agency’s subpoena power is intended to permit the agency to ‘investigate merely on suspicion that the law is being violated, or even just because it wants assurance that it is not.’” Chao v. Loc. 743, Int'l Brotherhood of Teamsters, AFL-CIO,
467 F.3d 1014, 1017 (7th Cir. 2006) (quoting United States v. Morton Salt Co.,
338 U.S. 632, 642–43 (1950)). Alight maintains that the Department is not authorized to investigate non-fiduciaries. This precludes the Department from issuing a subpoena to Alight, the company claims, be- cause Alight only services ERISA plans in an administrative 8 No. 21-3290 capacity. Thus, Alight insists, it is not a fiduciary for any cli- ent’s ERISA plan. Whether or not Alight is a fiduciary does not affect the De- partment’s investigatory authority. Under
29 U.S.C. § 1134(a)(1), the Department has the power to launch investi- gations “in order to determine whether any person has vio- lated or is about to violate any provision of this subchapter or any regulation or order thereunder.” (Emphasis added). The statute does not limit the Department’s investigatory author- ity to fiduciaries, or by who receives a subpoena. Instead, as the Department argued, its authority hinges on the infor- mation requested and its relation to an actual or potential ERISA violation. Even if Alight only has information about another entity’s ERISA violation, the statute grants the De- partment authority to compel its production from Alight. A contrary rule would allow ERISA fiduciaries to avoid liability altogether by outsourcing recordkeeping and administrative functions to non-fiduciary third parties, evading regulatory oversight. Congress did not confine the Department’s inves- tigatory power in this manner. For the first time on appeal, Alight also argues that the Department lacks authority to conduct cybersecurity investi- gations. This argument is forfeited. While “waiver is the ‘in- tentional relinquishment or abandonment of a known right,’ forfeiture is the mere failure to raise a timely argument, due to either inadvertence, neglect, or oversight.” Henry v. Hulett,
969 F.3d 769, 786 (7th Cir. 2020) (en banc) (quoting United States v. Olano,
507 U.S. 725, 733 (1993)). Alight did not chal- lenge the Department’s authority to investigate cybersecurity incidents in the district court. The company disagrees and points to multiple citations in the district court record. But No. 21-3290 9 each is a challenge by Alight of the Department’s authority to investigate non-fiduciaries, not an objection to cybersecurity investigations generally. Because this is a civil case, “‘our abil- ity to review for plain error … is severely constricted,’ as ‘a civil litigant should be bound by his counsel’s actions.’”
Id.(quoting SEC v. Yang,
795 F.3d 674, 679 (7th Cir. 2015)). Con- sequently, we will review for plain error only “in the rare sit- uation where a party can demonstrate that: ‘(1) exceptional circumstances exist; (2) substantial rights are affected; and (3) a miscarriage of justice will occur if plain error review is not applied.’”
Id.(quoting Thorncreek Apartments III, LLC v. Mick,
886 F.3d 626, 636 (7th Cir. 2018)). Alight makes no effort to satisfy this demanding standard. Even if not forfeited, Alight’s merits argument is uncon- vincing. As the Supreme Court has long recognized, Congress incorporated into ERISA “a standard of loyalty and a stand- ard of care.” Cent. States, Se. & Sw. Areas Pension Fund v. Cent. Transp., Inc.,
472 U.S. 559, 570 (1985). The reasonableness of Alight’s cybersecurity services, and the extent of any breaches, is therefore relevant to determining whether ERISA has been violated—either by Alight itself, or by the employers that outsourced management of their ERISA plans to Alight. B Alight also argues that the Department’s administrative subpoena is too indefinite and too burdensome to enforce. Indefiniteness. To Alight, the subpoena’s requests are “too indefinite and unreasonably broad to be enforced in its en- tirety, without modification.” At the outset, whether a sub- poena is too broad is a question of indefiniteness for Alight. Alight disputes the district court’s framework for addressing 10 No. 21-3290 the subpoena’s breadth, contending that the district court erred by addressing this issue as a question of undue burden. We disagree. The cases Alight identifies do not state that a subpoena’s breadth and definiteness are the same inquiry, and many expressly distinguish these questions. See, e.g., Okla. Press Pub. Co. v. Walling,
327 U.S. 186, 208 (1946) (noting that the Fourth Amendment guards against “too much indef- initeness or breadth” in a subpoena); Peters v. United States,
853 F.2d 692, 699 (9th Cir. 1988) (noting a “subpoena will not be enforced if it is too indefinite or broad”). A subpoena can be too indefinite if its demands are overly vague or amor- phous, but the breadth of the production demanded is a topic better suited for an inquiry of relevancy or undue burden. See, e.g., Aerotek, 815 F.3d at 332, 334 (treating the appellant’s ob- jection that an administrative subpoena’s requests amounted to “a fishing expedition totally unrelated to the matter under investigation” as a relevancy challenge, while also noting that the appellant made “no claim that the request is too indefi- nite”). Alight has not argued that the subpoena is unclear, and the district court was correct to find that its terms are not too indefinite. Burdensomeness. Alight offers a scattershot of contentions about the burden of compliance with the Department’s ad- ministrative subpoena. The company challenges the legal standard the district court employed. Alight is less than clear as to which subpoena requests it actually protests. The com- pany also disagrees with the district court’s evaluation of the subpoena’s burden. When examining the burden of complying with a sub- poena, “[t]he presumption is that compliance should be en- forced to further the agency’s legitimate inquiry into matters No. 21-3290 11 of public interest.” United Air Lines,
287 F.3d at 653(quoting FTC v. Shaffner,
626 F.2d 32, 38 (7th Cir. 1980)). “Often we have phrased this ‘difficult burden’ as requiring a showing that ‘compliance would threaten the normal operation of a re- spondent’s business.’”
Id.(quoting EEOC v. Bay Shipbuilding Corp.,
668 F.2d 304, 313 (7th Cir. 1981)). This is a fact-intensive inquiry, and “[c]onclusory allegations of burdensomeness are insufficient.”
Id.To determine whether a subpoena is unduly burdensome, the district court must “weigh the likely rele- vance of the requested material to the investigation against the burden to [the respondent] of producing the material.”
Id. at 654(alteration in original) (quoting EEOC v. Ford Motor Credit Co.,
26 F.3d 44, 47 (6th Cir. 1994)); see Chao, 467 F.3d at 1017 (requiring requested information to be “reasonably rele- vant”). Alight insists the district court applied the wrong legal standard. The company points to a portion of the court’s or- der which determined that Alight’s burden was not out- weighed by the “potential relevance” of the requests. This was error, Alight insists, because the court should have ensured the production requests were “reasonably relevant” or “likely relevant.” But Alight ignores a different portion of the court’s order in which it expressly found that the subpoena’s modified re- quests “are reasonably relevant to an investigation of compli- ance with ERISA.” That the court also described the requested documents as “potentially relevant” does not undermine this express finding. Alight also has not argued why the court’s “reasonably relevant” determination is incorrect, so we are not left with a “definite and firm conviction” that a mistake 12 No. 21-3290 has been made. Wilborn, 881 F.3d at 1006 (quoting Anderson,
470 U.S. at 573). Alight further suggests that the district court improperly relied on this court’s decision in EEOC v. Quad/Graphics, Inc.,
63 F.3d 642(7th Cir. 1995). There, the subpoenaed party esti- mated that compliance would require more than 200,000 hours of work.
Id. at 648. This court ruled that the time projections for compliance were “inflated” and upheld the subpoena.
Id. at 649. Alight argues the district court wrongly construed the 200,000-hour estimate in Quad/Graphics as a threshold for assessing burdensomeness while ignoring the fact that this estimate was found to be exaggerated. But here, the district court raised the estimate only to show that a sub- poena has been upheld when “the responding party esti- mated that compliance would require more than 200,000 hours”—a true statement. Elsewhere in its order, the district court acknowledged that burdensomeness is a “case-specific” inquiry, not a universal standard. So an erroneous 200,000 threshold requirement was not applied, as Alight contends. Next, we note that Alight is not clear as to which subpoena requests it disputes. Its opening appellate brief directly chal- lenged only 5 of the 23 production requests that remain in dis- pute out of the original 32. What is more, at least some of Alight’s objections are based on the production requests “as originally drafted,” not the inquiries the district court upheld as modified. 1 1 For example, Alight objects to the breadth of Request 8, which seeks “[a]ll documents relating to any litigation, arbitration, or legal proceed- ings in which Alight is a party.” But the modified subpoena states that the Department is not seeking any additional documentation for that inquiry. Alight also challenges Request 9, which sought “[a]ll documents relating No. 21-3290 13 The only unmodified requests that Alight challenges by name are Request 11 (“[a]ll contracts, agreements, arrange- ments, and fee schedules used by Alight to provide services to ERISA plan clients”) and Request 12 (“[a]ll documents and communications relating to services offered to ERISA plan clients, including the Alight Protection Program”). These re- quests would require production of “virtually every docu- ment concerning its ERISA business,” the company submits. Yet Alight does not argue that these documents lack reasona- ble relevancy to the Department’s investigation, nor does it show how compliance with Requests 11 and 12 would be unduly burdensome. Alight does not estimate how many documents these two requests encompass, or the time or cost associated with compliance. If Alight believes specific re- quests in the modified subpoena are unrelated to the investi- gation or unduly burdensome, it should have briefed those concerns before us, which it did not do. Alight also disagrees with the district court’s evaluation of the burden the company faces to comply with the administra- tive subpoena. Alight points to its two-month production sample, noting that its legal consultant took “over forty hours” to identify responsive materials. “Replicating this pro- cess for all the incidents in the seven-year period covered by the Subpoena,” the company claims, “would require thou- sands of hours of work.” These estimates also do not include to any regulatory investigations, examinations, or inquiries in which Alight is a party,” on the basis that it is not limited to ERISA plans, but the modified subpoena added language specifying that precise limitation. Alight opposes Request 3 on similar grounds, but the Department also limited its scope. 14 No. 21-3290 the hours spent by other employees collecting the requested information. But Alight fails to show the district court abused its discre- tion for two reasons. First, the company’s estimates lack de- tail. “We often have considered the cost of compliance when evaluating burdensomeness,” United Air Lines,
287 F.3d at 653, along with “the number of files involved” and “the number of estimated work hours required to effect compliance.” Shaffner,
626 F.2d at 38. Alight has not estimated the number of documents at issue or the cost of producing those docu- ments. As for the two-month sample, Alight has not shown that the documents in this window represent the remaining materials covered by the subpoena’s timeframe. In fact, Alight's legal consultant provided only a single paragraph ex- trapolating her two-month burden to the investigation at large. Alight’s estimates may be high because it increased its own burden of production by redacting many documents it produced—a practice the district court later disallowed. Such self-imposed measures undermine our confidence that a com- pany’s production estimates are accurate. See Aerotek, 815 F.3d at 334 (“Aerotek increased the burden on itself by creating a coding system to mask the identity of individuals and clients in its earlier non-compliant productions to the EEOC.”). Alight’s estimates also seem to be based on a seven-year pe- riod in accord with the subpoena’s request for information back to 2015. But as Alight noted during litigation, the com- pany was not formed until 2017, so it is unclear how many documents, if any, Alight possesses from before 2017 that the subpoena covers. As for Alight’s assertion that its two-month sample does not account for the hours or costs incurred by No. 21-3290 15 other employees, unarticulated cost multipliers—based wholly on an unverified and summary estimate by its legal consultant—are the type of conclusory allegations insufficient to establish an undue burden. See United Air Lines,
287 F.3d at 653. Second, even if we credited Alight’s estimates that produc- tion would require “thousands of hours of work”—an admittedly cumbersome task—Alight has not shown why that undertaking is unduly burdensome. While Alight has ex- plained that it could be difficult to comply with the subpoena, it has not shown, for example, that “compliance would threaten the normal operation of [its] business.”
Id.(quoting Bay Shipbuilding, 668 F.2d at 313). A review of decisions by our fellow circuits confirms that large production requests are not necessarily unduly burdensome. See, e.g., FDIC v. Garner,
126 F.3d 1138, 1145-46 (9th Cir. 1997) (upholding an administra- tive subpoena that required production of over one million documents); NLRB v. Carolina Food Processors,
81 F.3d 507, 513 (4th Cir. 1996) (“[A] subpoena is not unduly burdensome merely because it requires the production of a large number of documents.”); EEOC v. Citicorp Diners Club, Inc.,
985 F.2d 1036, 1040 (10th Cir. 1993) (upholding a subpoena where com- pliance required “two full-time employees working approxi- mately six months”). Without more, we cannot say that “no reasonable person would agree with the decision made by the trial court.” Lange, 28 F.4th at 842 (quoting Smith, 707 F.3d at 808). In concluding that the administrative subpoena here is not unduly burdensome, we note our holding is narrow. Agen- cies should not read this result as granting leave to issue ad- ministrative subpoenas that are overly cumbersome or that 16 No. 21-3290 seek information not reasonably relevant to the investigation at hand. Indeed, at oral argument before us, the Department was hard pressed to explain why a subpoena was issued seek- ing all documents responsive to the 32 inquiries, as opposed to requesting a production sample. But Alight has not argued the requested information lacks reasonable relevancy. And the company’s burdensomeness arguments—which target only a handful of the remaining 26 production requests—lack details about the number of documents implicated, the cost to produce those documents, the hours production would re- quire, or how compliance would threaten the normal opera- tion of Alight’s business. C Finally, Alight argues the district court wrongly denied its request for a protective order. The company submits that three categories of documents should have received confiden- tiality protections: “(1) ERISA plan participant [personally identifiable information]; (2) confidential settlement agree- ments; and (3) client identifying information.” “The trial court is in the best position to weigh fairly the competing needs and interests of parties affected by discov- ery.” Heraeus Kulzer, GmbH v. Biomet, Inc.,
881 F.3d 550, 565 (7th Cir. 2018) (quoting Cnty. Materials Corp. v. Allan Block Corp.,
502 F.3d 730, 739 (7th Cir. 2007)). So, we review a dis- trict court’s denial of a protective order in a subpoena enforce- ment action for abuse of discretion. Id.; Dow Chemical,
672 F.2d at 1277. “[A] district court is required to ‘independently de- termine if good cause exists’ before judicially protecting dis- coverable documents from third-party disclosure.” Salmeron v. Enter. Recovery Sys., Inc.,
579 F.3d 787, 795 (7th Cir. 2009) (quoting Jepson, Inc. v. Makita Elec. Works, Ltd.,
30 F.3d 854, 858 No. 21-3290 17 (7th Cir. 1994)); see FED. R. CIV. P. 26(c) (“The court may, for good cause, issue an order.”). Alight starts from behind on this point, as it never for- mally moved for a protective order under Rule 26(c). It does argue that the personal identifiable information of its plan- participants should have been protected. This information is highly confidential, and includes “social security numbers, contact information, asset information, and banking infor- mation.” Indeed, Alight is contractually obligated to protect the confidentiality of this information. 2 While this information is sensitive, Alight has not shown how its disclosure to the Department would result in the in- formation being revealed to a third party. As the district court observed, this confidential information is protected from dis- closure under the Freedom of Information Act, and
18 U.S.C. § 1905criminalizes the disclosure of confidential information by federal employees. Alight’s only attempt to show good cause for the protective order is to note that the Department has experienced some data breaches and cyberattacks in the past. But this generalized concern, which exists for nearly every government subpoena, does not persuade us that the district court abused its discretion, especially when Alight it- self is being investigated for alleged cybersecurity breaches that threatened ERISA plan participant information. Next, Alight contends that a protective order should have been issued for confidential settlement agreements the 2 Of course, the Department’s investigatory authority is not impinged by private agreements. See EEOC v. Severn Trent Servs., Inc.,
358 F.3d 438, 442 (7th Cir. 2004) (stating a private contract cannot trump a government subpoena). 18 No. 21-3290 company entered with clients that concern “potential unau- thorized access and disbursement to client accounts.” But again, Alight has not articulated how production of this infor- mation would result in disclosure to a third party. The De- partment correctly argues that the settlement agreements, which could clarify the number and extent of any cybersecu- rity breaches, are crucial to its investigation of Alight. Last, Alight insists a protective order was warranted for “broad categories of client information including contracts and fee schedules, information related to investigations of al- leged cybersecurity and fraud, documents concerning ser- vices and security measures applicable to a given plan, and other proprietary information about Alight’s client’s benefit plans.” Aside from Alight’s continued inability to explain how this information could become publicly available, the Department’s cybersecurity investigation directly implicates this information. If Alight were to redact the names of its cli- ents and the corresponding plan names, as the company ad- vocates, the Department could not identify which employers may have violated ERISA. There is no good-cause basis to deny the Department access to this critical information, and we cannot say the district court abused its discretion in deny- ing Alight’s request for a protective order. * * * For these reasons, we AFFIRM the judgment of the district court.
Document Info
Docket Number: 21-3290
Judges: Brennan
Filed Date: 8/12/2022
Precedential Status: Precedential
Modified Date: 8/12/2022