Managing legal holds requires an organization to make the same commitment to quality improvement that it applies to any of its business practices, whether it’s customer care, manufacturing or inventory management. In the context of the electronic discovery reference model (EDRM)1, legal holds are central to defensible e-discovery.
Common law and court rulings have established that organizations that fail to effectively preserve electronically stored information (ESI) and document the preservation process run the danger of having their e-discovery processes scrutinized and expose themselves to sanctions by the court.2 In addition, the courts appear unsympathetic toward organizations that complain they must commit extensive resources to recover relevant data from inaccessible sources.3
As a result, many organizations now recognize the need to elevate the legal hold process to mission-critical status. Doing so can empower key stakeholders from legal, IT, records management and other business units to manage the process as they would any other business function. Also, many organizations may not realize that the duty to preserve ESI for legal purposes supercedes their data retention policies.
There are four steps to issuing defensible legal holds:
1. Determine the trigger event. Recognize a duty to preserve potentially relevant information, whether in response to an anticipated lawsuit, investigation or audit. Some preservation triggers, such as subpoenas or the initiation of a governmental proceeding, are obvious; others are not. It’s important to understand when a preservation obligation begins.
2. Identify what to preserve. Determine what data needs to be preserved and where to find it. Who are the key employees and knowledge experts associated with the matter? Where does the relevant ESI reside in the organization? What are the data attributes that define potential relevance? Having an effective "data map" of repositories within the organization, including information about the types of ESI, how it is governed and where similar or related data may be replicated, is essential.
3. Establish a preservation plan. Develop a preservation plan that clearly articulates how the organization will preserve potentially relevant ESI when a legal hold is triggered. For example, will data be preserved in place, or will the plan call for preemptively collecting to preserve?
4. Implement and manage the preservation process. Execute, monitor and document the entire legal hold process—drafting and distributing the hold notice, tracking the responses, monitoring compliance and managing changes—in order to establish good faith and demonstrate that reasonable actions have been taken to preserve all potentially relevant ESI.
Legal Hold System and Capabilities
Once the preservation approach has been determined, an organization should look closely at the technology it will use to manage the legal hold process. The primary choice today is between systems that manage the legal hold notification process and systems that are capable of applying a legal hold on the data stored within a given repository. While email archiving and content management systems do have capabilities for suspending routine destruction, they may not adequately address the workflow and management processes involved in notifying custodians and IT stewards and documenting compliance.
The market for legal hold management software is still emerging and changing quickly. Today’s systems tend to fall into one of four categories:
- Ad hoc—approaches that can be tailored to meet the needs of a particular matter but may be harder to defend in court;
- Homegrown—systems that may be relatively inexpensive to develop and quick to deploy but require IT time and may not have the full scalability of dedicated systems;
- Dedicated systems—commercially built and maintained systems that might be perceived as expensive but are typically more scalable, highly flexible and offer greater integration with existing IT systems; and
- Auxiliary systems—systems that offer tight integration with primary systems but may have limited functionality and typically lack the ability to integrate with other applications or systems.
To decide which approach or technology is most suitable to its business processes and culture, an organization should consider the following:
- Probable volume of notices;
- Anticipated scope of notices;
- Predicted complexity of notices; and
- Organizational culture and maturity.
An organization that faces pressures to reduce the cost and risks of e-discovery, and wishes to focus on the merits of a case instead of e-discovery technicalities, should view legal hold management as a mission-critical process. Legal holds should be managed like any other quality business process within the organization, and they need to be clearly defined and well documented to be legally defensible.
For more information on defensible legal holds, visit www.fiosinc.com/e-discovery-legal-hold.
2 See Zubulake v. UBS Warburg LLC, 2004 WL 1620866 (S.D.N.Y. July 20, 2004), Broccoli, et al. v. Echo Star Communications Corp., et al., 229 F.R.D. 506 (D. Md. 2005), Miller v. Holzmann (11/17/07, District of D.C.) and NTL Inc. Securities Litigation (1/30/07, S.D. New York).
3 In AAB Joint Venture v. United States, 75 Fed. Cl. 432 (Fed. Cl. 2007), the court rejected the government’s argument that recovering email from backup tapes would be too difficult and costly.