In-House Insights Series – Part 5
Our latest In-House Insights series has been exploring the core elements of a sound data preservation plan. We’ve discussed the trigger, scope, and notification steps. But a legal hold doesn’t end with the notice; rather, a legal hold is a process that incorporates monitoring compliance and updating the hold as the obligation evolves and changes over time, and ultimately releasing the hold when the need to preserve data goes away.
Monitoring the Hold
The work doesn’t end after the legal team has issued a legal hold notice. Legal counsel has a duty to monitor custodians’ compliance with the hold instructions. Reasonable actions to satisfy this duty typically include seeking affirmative acknowledgments from recipients, sending past-due notices to nonresponsive custodians, issuing periodic reminders over the life of the hold, and modifying the scope of the hold as new information comes to light.
Another key component of hold enforcement involves following up with custodians for additional information. Both questionnaires and interviews can help counsel to confirm that the custodian is following the hold instructions and reinforce the importance of complying with the hold. Additionally, questionnaires and interviews allow counsel to gain a greater understanding of what additional relevant information may exist, where information is actually stored, and what other custodians should be added to the hold. They also afford an opportunity to assess whether the scope of the hold should be expanded or contracted.
With questionnaires, it is generally advisable to keep questions somewhat simple and straightforward to lessen the burden on custodians and encourage prompt response. This can depend to some extent on the organization’s culture regarding available time and willingness to participate. Additionally, avoid questions that may cause confusion. Questionnaires can also be an effective way to reinforce desired behavior.
Releasing the Hold
There’s a common—yet costly—syndrome among some organizations: an urge to avoid any potential of spoliation by “preserving information forever.” To avoid this expensive accumulation of data, an effective data preservation plan shouldn’t end with preserving data, but rather with releasing holds and resuming normal operations, including scheduled data destruction. This demands that organizations plan for the release of legal holds.
Just as the preservation plan described how to recognize a trigger event, it should also describe how the organization will release holds. Who makes the decision to release a hold, and under what circumstances? For example, if the duty to preserve was triggered in response to “anticipated litigation” that never materialized, what will trigger a review of that hold decision once litigation is no longer reasonably expected?
Organizations should establish a process to determine when legal holds have expired, perhaps by calculating statute-of-limitation expiration dates when the hold is first issued or regularly reviewing all pending holds to determine which are no longer required.
Once a hold is released, the legal team must notify the custodians subject to that hold. This should involve providing written notice to custodians of the hold’s release, checking other pending holds for those custodians to differentiate the scope of the continuing holds from that of the released hold, and clarifying with each custodian what information they should still be preserving.
The organization must also consider the implications of releasing a hold and resuming “normal retention and disposition practices.” For example, most organizations rely on automated disposition of emails based on age. When a hold is in place, this automatic deletion is suspended, which may lead custodians to rely on their seemingly endless quota of email storage. When the hold is lifted, older emails can suddenly disappear because there is no longer any obligation to retain them, which may inconvenience or surprise custodians.
Finally, corporations should reach out to any third parties that have possession of any preserved data, such as law firms, consulting experts, ediscovery vendors, and requesting parties. This data should either be destroyed according to the terms of an agreement or case management order — indicated by a certificate of destruction — or returned to the corporation for destruction in accordance with written policy. Organizations should not allow third parties to retain case data after the legal hold is released.