In-House Insight Series – Part 4
Our goal for Elevate Ediscovery remains providing practical guidance and actionable tips for in-house ediscovery professionals on an array of ediscovery topics. In earlier posts, we explored the key elements of a sound preservation plan to include documenting the process for recognizing a duty to preserve (the “trigger event”) and scoping the hold. Today, we dive into steps to respond to that duty with a legal hold.
Taking Action to Preserve (Implementation)
Once the organization has determined the scope of the preservation obligation, it must take action to preserve the content within that scope. This typically involves notifying personnel about their need to preserve information and affording them adequate instructions to do so. An organization issuing this type of legal hold notice must do so in a timely manner, provide clear instructions on what actions need to be taken, and include mechanisms to ensure that data custodians and stewards receive the notice and indicate their willingness to comply with its instructions.
- Most importantly, the recipient of a legal hold notification must clearly understand both the importance of complying with the notice and the steps they should take to properly preserve information. To make the notice process clear, consistent, and repeatable, organizations should evaluate these additional considerations:
- Who sends the notice? Will the recipient recognize the notification as an important communication?
- Can templates be used to improve the consistency of the notice and therefore enhance its clarity? If every notification is novel, will recipients take the time to review them thoroughly?
- Does the notice process provide a means for recipients to assist with identifying additional data sources or custodians?
- The notification process should include measures to ensure that the recipients received the notice, read it, understood the actions expected, and agreed to comply with those expectations. Organizations that simply send an email in hopes that recipients will “get the point” will find that practice extremely hard to defend should it be called into question later. Instead, organizations should adopt best practices such as automated tracking of custodian acknowledgments, escalating communications for delinquent responses, and affirmatively following up with custodians to ensure their understanding and compliance. Custodian acknowledgments may also come into play should the scope of the hold evolve and the notification consequently change over time (as most do).
- An effective hold notification process accounts for the ongoing nature of most preservation obligations. Most legal holds persist for a considerable period of time, during which they may overlap with other legal hold obligations. Therefore, employees who are called on to preserve information should be supported with regular reminders. Automating these routine notifications can save time for legal counsel while ensuring that custodians continue to comply with their various preservation obligations.
- A thorough preservation plan must account for data sources that are subject to routine purging cycles, such as emails that are automatically deleted after a certain number of days. These automatic deletion protocols should be suspended for the duration of the legal hold. Organizations should also check for less-routine records information initiatives and protocols. How does the organization enforce or encourage periodic disposition of redundant or obsolete information? For example, are there annual “spring cleaning days” when custodians should be proactively reminded about their current hold obligations?
- Finally, the notification process should account for potential points of failure, those times when information may be at greatest risk of spoliation. These failure points might include personnel transitions, changes to enterprise applications or data repositories, or even routine upgrades and repairs to devices.
While this is a standard list of legal hold considerations, others may apply in an organization’s unique circumstances, especially in light of increasing data privacy regulations and expectations. For preservation obligations that involve information about or data repositories in different jurisdictions (e.g., the European Union), organizations should take special care to minimize conflicts with local privacy regulations such as the General Data Protection Regulation (GDPR).
A sound plan articulates a defensible and repeatable process for identifying trigger events, defining the scope of the preservation obligation, and communicating with those responsible for taking action to preserve discoverable information. Next week, we’ll add steps for monitoring the hold while the duty persists.