Bracing for the E-Discovery Dangers of Employee Status Changes

Introduction

Employee departures and other status changes are an unavoidable business reality. The Society of Human Resources Management (SHRM) estimates that the average annual rate of employee separations from an organization is 13 to 15%. When departmental transfers and prolonged leaves of absence, such as maternity leaves or sabbaticals, are factored in, the rate of employee "movements" that occur each year is probably closer to 20%. It is not uncommon for large organizations to experience 30 or more actionable employee status changes each week.

When an employee resigns, retires or transfers departments, it is common practice for IT to delete that individual's data, including email and all personal files, from the local computer, as well as shared servers, and reissue the equipment to someone new. What many organizations overlook in this standard process is the risk of inadvertently destroying electronically stored information (ESI) tied to ongoing litigation or regulatory obligations. 

Given the potential consequences of destroying legally responsive ESI, it is imperative organizations develop processes for protecting vulnerable data. Current approaches to addressing this critical preservation issue tend to be ad hoc, highly manual, time consuming and error prone.  

A defensible process for tracking employee movements should serve three primary purposes:

1.   Detect: Provide organizations with timely visibility into employee status changes and where those changes intersect with legal and regulatory obligations.

2.   Act: Prescribe a systematic set of actions that ensures no responsive data will be inadvertently deleted.

3.   Track: Capture and document every event and preservation action to demonstrate legal and regulatory compliance.    

Detect

It is highly unlikely that a departing employee under a legal hold order will go out of his or her way to make this fact known to the organization's legal and IT teams. Likewise, IT professionals must remain focused on managing systems and should not be tasked with investigating the legal implications of each and every technology transfer that they oversee. It is incumbent on the legal team to detect when data tied to an employee departure must be protected.

Though legal ultimately oversees the process, the initial detection of employee status changes begins in an organization's human resources department. Most large companies employ HR management systems, which keep an updated organizational roster along with basic information about each employee for such purposes as payroll, benefits tracking and equipment management. When an employee departs the organization or transfers departments, the HR system gets updated to reflect that change, optimally right away. Some organizations rely on periodic communications between HR and legal as a means to share these updates. This may take the form of a weekly HR report of employee terminations and other events, such as leave-of-absences, transfers and retirements, which is sent to a paralegal or other member of the legal team via email.

At large organizations, the process of cross-referencing a list of employee status changes against the catalog of open legal matters and active custodians can demand many hours of tedious work. Given the manual, repetitious nature of the task, errors and oversights are inevitable.

Another important factor is time. Some companies recycle systems and purge accounts very quickly, especially during periods of heavy hiring. Ideally, legal teams would be alerted of impending employee status changes prior to the employee actually leaving the organization and turning over his or her data. The reality, in many cases, is that legal teams don't discover that an employee possessing critical data left the organization for many days, if not weeks, after the change. Some organizations combat this risk by instituting waiting periods before reincorporating devices back into the workforce. Waiting periods can be very useful; however, some companies can ill afford to have systems sitting around idle for prolonged periods.  

One way an organization can streamline the detection process is to directly integrate its HR system with the legal hold application in its e-discovery system. By integrating systems, information from the HR system can be directly fed into the legal hold application enabling all cross-referencing to be done automatically. For instance, an employee may give notice to its employer that he or she has accepted a position at a different organization. As soon as that employee's official departure date is recorded into the HR system, an alert regarding the status change would be sent directly to the e-discovery system, potentially within mere hours of the update. Legal will be automatically notified if the employee's ESI subject is subject to a hold, resulting a much quicker detection of impending actionable employee status changes.    

Act

Once it is confirmed that an employee status change presents a potential risk for data spoliation, the organization must enact a response plan that accounts for the different actions that might be required. For example, if a departing employee is a key player in an active litigation matter, the legal team will likely decide to immediately alert IT to make a copy of that employee's data before the systems are wiped and reissued. However, applying this response to every departed employee can quickly lead to over preservation, which can burden IT, increase legal risk exposure over time and undermine data disposal initiatives.

Employee interviews can help legal teams identify the most relevant data requiring preservation. Ideally, the interview would be conducted directly with the departing employee prior to that individual actually leaving the organization. If that's not possible, it can be prudent to interview the departed employee's former supervisor or former colleagues, since they may be able to recount what the employee worked on and when. Just like tracking employee changes, the interviews should be systematic, simple and automated. In some cases, simple surveys delivered over email can bring back valuable information as long as responses to those surveys can be easily accessed and aggregated. If the interview concerns active litigation, members of the legal team should have a fairly good grasp on the key issues and timelines associated with the case. The interview should be mainly comprised of yes or no questions that address the employee's involvement. Good interview questions can be as simple as: Were you involved in project X; or, did you exchange any emails with Person A?