eDiscovery best practices: legal holds without the hold up
- December 1, 2016
- by Phi Tran
Good information governance is the key to success.
Legal holds are the building blocks of the litigation cycle. They form the backbone of the process by which the duty to preserve is fulfilled by each party to a controversy. The major amendments to the Federal Rules of Civil Procedure that took effect on December 1, 2015, have only served to heighten the focus on legal holds, with an emphasis on narrowing the scope of discovery based on proportionality and changes to rules regarding ESI-related discovery.
However, a surprising number of companies have yet to act. They have failed to put the kind of policies and procedures in place that would create a repeatable and defensible processes for identifying when a duty to preserve has arisen, allowing them to then take the necessary steps to ensure that relevant information is properly preserved. Instead, legal holds are often being implemented in an untimely, haphazard, and flawed manner, if at all.
Following best practice before and during the legal hold process is your ally.
It can help you to:
- Significantly mitigate risk
- Dramatically shrink the overall volume of data to be preserved/collected
- Cut time spent searching for, processing, and hosting relevant data
- Reduce eDiscovery costs in an efficient and defensible manner
It all starts with good information governance
If legal holds are the building blocks of the litigation cycle, information governance (IG) is the foundation. Well-defined and implemented IG policies help streamline the data identification, preservation, and collection process. This ultimately increases efficiency and reduces cost across the eDiscovery lifecycle.
The trouble is that deficiencies in an organization’s IG approach often only come to light once the legal hold process is well under way. By promoting the implementation of good IG policies at the start of an action, corporate and outside counsel can preempt this and help clients to significantly streamline the legal hold process.
Information governance (IG) is a critical, cross-functional discipline that focuses on reducing an organization’s data footprint in a controlled and defensible manner. Driving most successful IG programs are accountable people and supporting technologies devoted to automating repeatable and defensible policies and processes delivering the necessary transformation.
Information Management IG requires well-established and well-framed:
- Retention policies – Comprehensive written document/data retention policies relating to the archiving of legacy documents and the deletion of digital debris, including short-term reference files, orphaned files, outdated or superseded files, systems upgrades, safety and litigation copies, outdated storage technology, technical duplicates. All housed in one place.
- Data mapping – Data mapping is a data warehousing process that links different data models to each other using a defined set of methods. These characterize the data according to specific definitions, such as a unit of metadata or any other semantic you choose. This data linking follows a set of standards, which depends on the domain value of the data model used. Data mapping helps identify data and its storage location.
- Centralized Document Management System – One seamless platform for storing and managing data.
- Automated processes – Reduces human error and provides an audit trail, which in turn is more defensible.
- Identification of and collaboration among key stakeholders – The cross-collaboration and integration of processes among internal departments is crucial, specifically between: business users who need information to operate the organization; IT departments tasked with implementing the mechanics of information management; and legal, risk, and regulatory departments that understand the organization’s duty to preserve information beyond its immediate business value.
- eDiscovery Team – An identified and established team of individuals from departments/key stakeholders that will lead and coordinate eDiscovery efforts, both internally and externally.
- Organization and workflows – Identify and create comprehensive organizational charts and workflow processes.
- Compliance – IG is only effective if processes and procedures are followed and executed internally by all, or the majority of, employees. You need to identify individuals within your organization and charge them with enforcing and tracking compliance with IG policies.
- Risk mitigation – Train employees on pre- and post-legal hold conduct and risks, minimizing exposure and the volume of written communications.
Is your form in conjunction with the function of legal holds?
In an eDiscovery context, a legal hold (sometimes also known as a litigation hold or preservation notice) refers to the affirmative acts an organization takes to preserve both paper documents and electronically stored information (or ESI) once a duty to preserve attaches.
When does a duty to preserve attach?
Under the landmark Zubulake cases and codified under FRCP 26 and 37, the duty to preserve attaches once litigation or investigation is reasonably anticipated. The duty also attaches when litigation or a regulatory event is foreseeable, also known as a ‘triggering event.’ Much of what happens later in the eDiscovery process depends upon first having ensured that information relevant to the dispute or investigation is neither altered nor destroyed. Failure to do so can result in both spoliation claims and monetary and/or evidentiary sanctions, including adverse inference findings.
The 2015 amendments to the FRCP made two significant changes. Firstly, the scope of discovery has been narrowed by an amendment to Rule 26(b)(1), designed to significantly reduce discovery costs and focus the parties on the merits of a case. Secondly, a new Rule 37(e) expressly replaced the inconsistent federal spoliation decisions involving the failure to preserve electronically stored information by creating a rules-based spoliation standard. Rule 37(e) essentially replaces spoliation case law that relied on the courts’ inherent powers to sanction parties for lost or destroyed ESI. A significant addition to Rule 37(e) prohibits sanctions when ESI is lost despite the use of reasonable steps during preservation.
Legal holds – the form and function
Legal holds have been around as long as the duty to preserve, yet there is no uniformity when it comes to the form that legal holds take. However, there are some key things to consider when creating a legal hold, making sure your form is in conjunction with the function of a legal hold notice.
- Written vs. oral – There is no legal requirement that the legal hold notice is in written form. However, the best practice is to have a written document that is clear and concise and notifies the recipient of the duty to preserve potentially relevant information. Be aware that some courts consider a written notice to be the only defensible form of legal hold notice.
- Boilerplate vs. tailored – Some organizations use generic boilerplate legal hold notices for all matters rather than tailored them for the specific case/controversy. Caution should be used with boilerplate legal holds as some courts have deemed generic language such as “preserve all relevant information” to be generally insufficient notice. The more defensible approach is to craft a concise and clear notice with details tailored to the specific matter.
- Automated software vs. manual – For various reasons, many organizations continue to issue legal hold notices manually and track receipt and compliance via spreadsheets or some other record keeping form. But for larger organizations with multiple litigation holds in play and potentially numerous persons to send and track notice, the most efficient method is to automate the process through the use of legal hold software.
When selecting a legal hold software, consider if it provides the following capabilities:
- Cross-border compliance
- Custodian scoping
- Tracking and managing of multiple holds
- Tracking custodian interviewing
- In place preservation/functionality vs. copy/move to secure storage – locks data where it resides on the network and modifies file permissions so that only the legal hold owner has access. Users that had permission to access the file previously will still be able to read it, but not destroy it
- In place legal hold protections against accidental deletion prior to collection
- Legal hold integration with email, collaboration and archiving applications like Microsoft Office 365 – easy identification and selection for in-place preservation
- Defensible Audit Trail
- Approval workflow – preservation requests can automatically be sent to IT admins for approval or execution
- Integration capabilities with a collection and processing system
- Notice to company employees or 3rd-party or opposing party – The contents and form may vary if the notice is to internal/former employees vs. a 3rd- party or to the opposing party.
- Defensibility – Ultimately, the legal hold notice must stand up to judicial scrutiny. The legal hold notice should include the following:
- An explanation of the preservation obligation and the consequences that can result from failing to follow the directive.
- An explanation that the legal hold notice is privileged and instructions to not discuss the matter with individuals other than the party’s attorneys.
- A description of the matter, including relevant time period.
- A description of the scope of data to be preserved.
- A description of the types of data to be preserved.
- A directive to cease document retention/destruction policies.
- Directions to departing employees.
- Instructions for how to handle instant messaging, blogging, and social media.
- Instructions on who to contact with questions relating to the legal hold.
- An acknowledgment that the employee has read, understood, and agreed to be bound by the legal hold.
Ultimately, in order to be defensible, the court will look to see if the legal hold notice adequately notifies potential custodians of the scope and duty to preserve relevant information and relevant ESI.
In conclusion, defensibility is the word
Some of the challenges to a defensible legal hold process include: failure to identify the right custodians; missing, rogue, or employee-managed data sources in hold or collection; missing data when an employee transfers or departs; retiring or modifying data on hold; failure to follow through on data identified in an interview process; overlooking or mishandling data in collection; and the inability to assemble or defend the discovery audit trail.
However, by developing and enforcing well-written document management IG policies, tailoring written legal hold notices, and automating the legal hold process to keep track of legal holds, an organization can overcome these challenges. Following current best practices relating to legal holds will also help the defensibility of the process in the event of judicial scrutiny. The following are some best practices to consider.
- In-house/corporate legal departments need to create, distribute, and clearly communicate a detailed, formal, written legal hold policy with clear processes to be followed. Specifically:
- When to issue a hold
- Who to ID as key custodians for notice purposes
- How to put the key custodians on notice of the legal obligations that attach to relevant documents
- Assign a team to own the legal hold process and provide oversight with compliance and non-compliance.
- Track compliance for each recipient and each notice.
- Cross-collaboration is a must between the legal department, business unit managers, and IT in formulating the legal hold policy and ensuring data retention policies comply with legal hold policy and modify the same as needed. Executive buy-in is also needed.
- Legal must ensure that IT, business units, risk, compliance, audit, records management, and other departments are aware of, understand, and adhere to the legal hold policy. This may include mandatory training.
- Err on implementing a legal hold sooner rather than later to avoid loss of potentially relevant data and spoliation claims. Anticipate and prepare for legal courtroom challenges to the legal hold.
- Document every step of the legal hold process and leave a defensible audit trail, including lifting holds for certain custodians, changing the date/scope of a hold, and the process for identifying custodians and efforts to ensure compliance. Even if relevant ESI is lost, proper documentation showing that steps were taken that were timely and followed in accordance with the company’s hold policy may protect from sanctions.
- Automate the hold process.
- Continued vigilance throughout the lifecycle of the case matter: modify, update, release.
- Remember to release holds after settlement or final disposition.
- Work with IT to develop a preservation protocol for each data type, incorporate legal hold policies in IT policies.
- Establish a schedule to clean up digital debris.
- Rinse and repeat.
Casepoint’s expert consulting teams can offer advice on how to best deliver effective IG practices. Take a look at all the services we offer.