CHEAT SHEET
- Be proactive. Courts now have much less patience for preservation corner-cutting and are more likely to impose costly alternatives or sanctions on parties that lose ESI as a result of primitive legal hold policies.
- Know when to take action. Due to the transient nature of ESI, waiting until litigation has actually started could easily result in the inadvertent destruction of hundreds of relevant emails or other electronically stored documents.
- Leave a paper trail. Document every step of the legal hold process to avoid potential document spoliation.
- Rinse and repeat. Repeatability can be created and enhanced through two routes: the development of a legal holds policy and automation.
Litigation professionals recognize the high-stakes chances and risks that are part and parcel of the civil litigation process. But there is one area, perhaps more than any other, where there is little room to gamble. It occurs early in any suit, sometimes prior to commencement: document preservation. Just as in Kenny Rogers’ 1978 Grammy-winning song, “The Gambler,” litigation teams need to know when to hold ’em and when to fold ’em as they plan for document preservation and later disposition.
When litigation is imminent, issuing legal holds aimed at preserving relevant documents is an important function performed by in-house counsel. Derogation from this essential responsibility could result in the inadvertent spoliation of electronically stored information (ESI) and present an opportunity for opposing counsel to move for monetary sanctions, expanded discovery or, worse, an adverse-inference jury instruction. Yet, too often, legal departments treat legal holds as an afterthought, and once a legal hold is in place, these departments may believe that the duty to preserve has been met. It is only later, when company legal hold procedures come under court scrutiny, that the hold’s lack of sophistication and efficacy becomes apparent.
Advances in technology have resulted in a massive shift to digital documents, and the preservation duty now encompasses all relevant ESI in addition to physical records. Tracking these data, preventing their deletion and communicating with those involved has become difficult for many legal departments. This is especially true for those that attempt to rely on traditional legal hold practices, such as using a spreadsheet and email approach on a case-by-case basis. Following the issuance of a legal hold, legal departments must adhere to a comprehensive policy to guide the company through a repeatable, well-documented process. Preparation, knowledge of the duty to preserve, documentation and communication will determine the success or failure of each legal hold and are factors that will either offer protection from or exposure to the threat of sanctions.
Be proactive, be prepared, be sophisticated
The duty to preserve arises when litigation becomes reasonably foreseeable as a result of a so-called triggering event. Litigation — or the threat of litigation — can arise at any time, making preparation the key to success. It may be tempting to take shortcuts, but a boilerplate legal hold letter and a spreadsheet to track ongoing holds is not always enough. Courts now have much less patience for preservation corner-cutting and are now more likely to impose costly alternatives or sanctions on parties that lose ESI as a result of less sophisticated legal hold policies.
It is crucial that legal departments craft detailed, formal, written legal-hold policies and clearly define processes that are actually followed. This should act as a game plan that will guide decisions on when to issue a legal hold, whom to identify as key custodians and how to put those key custodians on notice of the legal obligations that attach to relevant documents. Companies with the right resources should consider assigning a team to take the lead when a legal hold must be issued. Additionally, a critical determinant of the success of any legal hold process is the rate of recipients’ compliance with the notice; this key metric should be monitored diligently and used to rectify noncompliance promptly.
For all companies, regardless of size, it is important that legal departments responsible for legal holds work hand in hand with business unit managers and IT departments, preferably operating under a clearly defined governance model backed by strong executive buy-in. In many cases, sanctions stem from the deletion of relevant emails that were lost, even after a legal hold was issued, usually as the result of regularly scheduled data purges that were not properly suspended. It is imperative that legal and IT departments work together to ensure that record retention policies are modified, where necessary, to comply with the legal hold process, with a particular focus on systems that purge data automatically. It is often the responsibility of specific business units, in conjunction with the legal department, to take the initiative to develop a clear and coherent legal hold policy; then legal must ensure that IT, records management, risk, audit, compliance and other departments are aware of that policy and, critically, that they understand it and actually adhere to it.
Know when to take action
Too many practitioners wait until litigation has commenced before taking action to preserve relevant data. Due to the transient nature of ESI, waiting until litigation has actually started could easily result in the inadvertent destruction of relevant emails or other electronically stored documents. Recovering such data can be extremely costly and in some cases impossible. Depending on the nature of the lost data, sanctions or costly expanded discovery could follow.
The duty to preserve arises when litigation becomes reasonably foreseeable. Legal departments should never shy away from prompt and prudent action whenever the situation calls for it. Legal holds are not an exception to that rule. Deciding when to issue an initial legal hold or when to refresh an existing hold should be done with the entire process in mind and not just the immediate inconvenience of doing so.
When it comes to the duty to preserve, be cautious and be prudent. Delaying action can only create problems later. Expect courts to be less forgiving of careless or passive legal hold practices in the future, especially when compliance with the duty to preserve relevant documents has never been easier to achieve in light of advances in technology and industry expertise.
Often, the primary hindrance to quick implementation of a legal hold is the perceived complexity of creating the hold, notifying the relevant custodians and tracking the hold afterward. With a transparent and detailed legal hold policy in place, issuing a legal hold is much simpler, and with the sophistication of legal hold software and discovery expertise available today, even the smallest legal departments can avoid many of the headaches that come along with the inefficient, case-by-case approach.
BYOD and BYOC: Are you ready?
In recent years, many companies have established “bring your own device” (BYOD) policies that allow employees to use personal devices for work purposes. These policies offer a level of formality and acceptance to an already growing phenomenon. The benefits of a BYOD policy should be readily apparent. Employees are most familiar with their own devices, so little or no technology training is required. The companies do not need to purchase additional equipment for these employees, which yields substantial savings. As the devices are personal, employees are typically responsible for replacements or repairs. BYOD policies also promote more flexibility for employees, which can boost work performance and output. The advent of cloud computing has made BYOD policies even more attractive, as employees are now able to access work-related documents from home or while traveling.
While these BYOD policies are becoming more common, the law has yet to catch up. Thus far, company policies have virtually been the sole source of guidance on how to approach relevant data found on BYOD devices. As the devices are owned by the employees, questions remain about what level of control companies should be expected to exert over the devices themselves and the data stored on those devices. As it stands, legal departments should be sure to consider BYOD devices when promulgating legal hold policies and should communicate any concerns with IT.
Once you have a handle on BYOD, do not rest on your laurels. Just as legal professionals and IT managers are learning to cope with the BYOD phenomenon, a new trend has emerged: “bring your own cloud” (BYOC). Employees are now using third-party cloud services because they can be faster, easier or less expensive than going to IT to fulfill specific business needs. BYOC will further complicate preservation efforts, with data being stored in myriad places (that the company may or may not be able to access and retain) with considerable security risks. BYOC will require much more legal and IT preservation and retention planning than BYOD ever did.
Leave a paper trail
The best way to avoid the pitfalls of potential spoliation is to document every step of the legal hold process. Those equipped with a clear, formal, and widely available legal hold policy have already taken the first step, as future courts will be able to look to that policy to better understand why a certain action was taken. Subsequent actions taken during the course of a legal hold should also be documented, such as lifting the hold for certain custodians or changing the date range or scope of information identified in the hold. Be sure to clearly and thoughtfully identify employees with potentially relevant data and estimate the scope of data that those employees are expected to possess. Too often employees are either left in the dark or just forget about the legal hold altogether.
If your legal hold practices come under scrutiny during the course of litigation, courts will want to determine who was identified as a custodian and why he or she was selected, how often reminder notices were sent and what steps were taken to ensure compliance with the duty to preserve. Even if relevant ESI is lost, proper documentation that the right actions were taken at the right time could serve as a shield to prevent the imposition of sanctions.
Documentation, like the initial creation of the legal hold itself, does not need to be overly complicated. Legal departments that have taken the initial step of formulating a proper legal hold policy will likely discover that taking subsequent steps, and documenting them, is much easier. Anticipate courtroom challenges to your organization’s legal hold, and plan accordingly. It is far more difficult to attempt to reconstruct actions over a period of several months or years than to carefully document these same actions as they occur. Operational consistency with a sound, repeatable process is crucial to defensibility if the efficacy of a legal hold is called into question.
Follow up
The duty to preserve is ongoing, and accordingly, it is good to think of the legal hold as an ongoing process as well. In other words, it is not enough to create a legal hold and notify the relevant employees of their obligations. Counsel should take affirmative steps to periodically remind relevant parties of the ongoing nature of the hold, and IT departments must be monitored to prevent regularly scheduled data purges wherever necessary. IT departments should also know that the duty to preserve extends beyond the length of employment, meaning that company laptops or computers should not be wiped when a relevant employee leaves the company. Various departments within an organization often operate with a degree of autonomy. A defensible legal hold must transcend these artificial boundaries, and it is the responsibility of the legal department to ensure that this happens through executive support and active participation in corporate information governance strategy.
Cooperation with IT departments is critical at this stage in the legal hold process. Legal departments should identify who may have relevant data, but IT departments will be better equipped to navigate the organization’s numerous available data sources and properly maintain potentially relevant information within them. Legal departments should work with IT departments to consider developing a data map and defining a strategy to preserve each of the organization’s available data types in a forensically sound manner. Requests for nonstandard data types, such as recorded phone calls, structured data and shared drives, require particular attention in this regard. IT departments will also be able to identify potential risks of data spoliation, including everything from employee deletions to automatic data purges.
The cumulative memory of an organization can be remarkably short. Employees will come and go, taking with them relevant data and knowledge of the legal hold. It is therefore critical to inform new employees of holds relating to their lines of business or departments and to ensure that regular notifications of the legal hold are sent to anyone with potentially relevant data. Providing mandatory legal hold training when onboarding new employees can provide another layer of credibility to the process while reducing the chance of spoliation.
Savvy practitioners should be prepared to make full use of the latest technology throughout the legal hold process. Underprepared legal departments can easily become overwhelmed by the logistical difficulties of managing several legal holds at once, tracking compliance with those holds and periodically sending additional notifications to ever-expanding lists of potential data custodians. Recent advances in legal hold software can dramatically reduce these difficulties and can help automate the hold process.
Avoiding the island effect: communication is the key
It is often very easy for legal departments big and small to see themselves as islands in the company. However, legal holds require active leadership. A lack of interdepartmental coordination and communication can be the easiest way to invite costly preservation failures. All of the preparation that goes into a legal hold will be wasted if relevant emails continue to be deleted by regularly scheduled document purges. Legal departments should spend time educating other departments on the obligations that come with a legal hold. It is critical that legal departments also take the time to educate themselves on ESI-related policies set by IT that may interfere with the duty to preserve.
A “set it and forget it” attitude toward legal holds defeats the purpose of the hold: continued preservation of relevant documents. Legal departments have a number of responsibilities throughout the legal hold process. Legal departments should:
- Lead the company in complying with the duty to preserve, including the development and enforcement of a clear legal hold policy.
- Locate the firm’s universe of information sources and create a defensible approach to data mapping, in partnership with IT, devising a preservation protocol for each data type.
- Learn the applicable IT policies regarding ESI storage, maintenance and deletion.
- Limit company exposure to sanctions by actively incorporating legal hold policies into certain IT policies and by continuously monitoring interdepartmental compliance with the legal hold.
This might appear to be a daunting set of responsibilities for smaller legal departments, but as always, preparation can make these hurdles much easier to handle. Building bridges with other departments, especially IT, and creating an overarching governance model for the discovery process will help to alleviate many of the problems that come along with the island mindset and will promote greater awareness of the duty to preserve, thereby increasing its effectiveness.
Repeat, repeat, repeat
A key element of any successful legal hold policy is its repeatability. Logistical problems aside, case-by-case approaches also lack effective repeatability, making each legal hold a separate and difficult process. Repeatability can be created and enhanced through two routes: the development of a legal hold policy and automation. As noted, a clear and coherent legal hold policy is simply a must. This will clear away much of the confusion and will make compliance much easier.
Automation can also play a substantial role in establishing a foundation for repeatability of a legal-hold process. Legal departments should strive to automate as much of the process as possible. Initial hold notifications, follow-up messages and compliance tracking are among the most commonly automated parts of the process, and these are areas where the flaws of tracking legal holds by spreadsheet and email are most readily apparent.
Repeatability should be the standard against which the efficacy of legal-hold policies and practices are measured. Just as a well-crafted legal hold policy is useless if it is not disseminated or followed, a legal department is wasting time and valuable resources if it delays the issuance of legal holds or compliance tracking due to the difficulty involved.
Know when to stop
Legal holds need not — and should not — remain in place indefinitely. A major point of uncertainty for in-house counsel is when a legal hold may be ended, especially when new but related cases may spawn or new claims or defenses emerge. The duty to preserve exists where one has been sued and where litigation is reasonably foreseeable. For many corporations, this may mean that legal departments must issue legal holds quite frequently. Those holds can then be ended when litigation is brought to a close (including expiration of an appeals period, if applicable) or no longer reasonably foreseeable if the threat of litigation has ceased. Hoarding data beyond this point can have unintended consequences, particularly where data that would not have been kept in the normal course of business are preserved and become expensive fodder for future litigation. Moreover, there are other business risks of holding onto superfluous information.
The most obvious way to avoid this is for the legal department to maintain an active leadership role in the legal hold process. Actively establishing or guiding the company’s record retention policy, disposition procedures and information governance strategy helps ensure a preservation life cycle that ends in defensible deletion. Legal hold policies should explicitly address when holds will be ended and when regular data deletions, such as email purges, will be resumed. If broad holds have been in place for long periods of time for multiple matters and scope tracking has been inadequate, thoughtful communication with counsel, IT and relevant data custodians can help clarify the scope of the data under preservation and inform decisions on when to end each legal hold and dispose of data.
Preparation will pay off. A policy that addresses the end phase of the legal hold process, along with frequent documentation and follow-ups, will help make appropriate data deletion defensible.
Conclusion
The obligations that come along with the duty to preserve cannot be escaped through ignorance. Legal departments concerned with limiting the company’s potential exposure should take steps to comply with evolving industry standards. For smaller legal departments, this can seem daunting. For larger legal departments, this can appear to be a drain of time and money. However, technology has evolved to a point where legal departments of any size can handle legal holds of any scope — so long as steps are taken to communicate with other key players in the process, including relevant custodians and IT departments.
Legal holds are by their very nature a collaborative endeavor. Legal departments should take the lead when a legal hold is issued, but the ongoing obligations require a proactive approach to monitoring and ensuring compliance as well as a close partnership with IT departments backed by executive support. Taking the right steps to prepare for legal holds now will make the entire process easier to handle and easier to defend down the road.