Corporate legal teams take on many responsibilities, but risk mitigation is among the most critical. One of the most important blips on the risk radar is the spoliation of evidence.
Whenever your company faces the possibility of civil litigation, any company data that may potentially serve as evidence must be preserved. In the context of digital business, that data is increasingly in the form of electronically stored information (ESI) generated from myriad email, messaging, and collaboration platforms. The ediscovery process begins by identifying relevant ESI and notifying data custodians of their obligation to preserve data through issuance of a legal hold.
Seems pretty risk-free so far, but what if those data custodians fail to preserve ESI? Or alter it in some irreversible way? Or simply ignore your legal hold notification? That may constitute spoliation, and it can lead to serious consequences for your business. To nip spoliation in the bud, you need to understand exactly what it is, why it happens, and what you can do to prevent it.
What Is Spoliation?
First, let’s get into the nitty gritty of spoliation and why it constitutes such risk for your organization.
Defining the Terms
The Federal Rules of Civil Procedure (FRCP) define spoliation as the loss or destruction of potentially relevant information that should have been preserved for a civil litigation matter. This general definition may vary by jurisdiction—some only define spoliation as the loss of actual evidence rather than discoverable information, for example—but every jurisdiction regards the handling of such data with scrutiny.
Rule 37 of the FRCP details the conditions that must apply for an action to meet the standard of spoliation:
- A party must have had control over potentially relevant ESI
- The party must have been under a duty to preserve that ESI
- The ESI must have been lost, destroyed, modified, or altered
- The loss must be due to the party’s failure to take reasonable steps to preserve the ESI
- The ESI must not be able to be restored, recovered, or replaced through additional discovery
How Spoliation Happens
There are a number of ways a data custodian or other party may spoliate evidence, including:
- Deleting files, emails, messages, or other information
- Overwriting files
- Throwing away a computer, tablet, phone, or other device
- Modifying files
- Modifying file metadata
These actions may occur intentionally; that is, a party may wish to purposefully destroy or alter information they know to be incriminating. But spoliation is so risky because it can also happen without malicious intent as the result of negligence.
People throughout your organization are transmitting and working with data and information all day, every day. The vast majority of these “parties” are not thinking of this activity in the context of potential litigation. That’s why it’s so critical to be vigilant, and we’ll discuss a few ways to avoid unintentional spoliation in a moment. But first…
The Risks to Your Business
Spoliation compromises the ability to effectively resolve issues through litigation. Accurate and complete information is critical to the civil process, and without evidence to determine what actually happened, the ability to correctly decide cases is damaged. That can leave you exposed to liability as a defendant.
Spoliation, especially if it’s intentional, can also leave you vulnerable to court-ordered sanctions. These can range from fines to civil penalties to even felony charges. Courts may also allow opposing counsel to introduce submissions of adverse inference through which the court assumes that any modified evidence is damaging to your case. In extreme instances, spoliation can even result in a dismissal or default judgment.
Obviously, this jeopardizes the outcome of litigation. But even in the absence of sanctions or penalties, spoliation can threaten your cases because it results from some foundational errors in your ediscovery and legal-hold processes. Let’s take a look at some of those common issues and examine a few things you can do to alleviate them.
Avoid the Causes of Unintentional Spoliation
As the nature of business evolves, companies rely increasingly on a growing number of digital platforms for communication, collaboration, training, and documentation. This increases the volume of ESI and places a premium on excellent processes if you want to avoid spoliation. Here are a few of the common challenges that increase your risk and steps you can take to mitigate them.
Bad Information Governance
Information governance documents every data source across your organization—which means you know what tools and applications are being used, how data is stored within those tools, and what happens when data is no longer needed. Poor information governance robs your legal team of this insight, leaving you scrambling to find and retain data when litigation looms. This is time-consuming and costly while also contributing to spoliation.
What to do about it:
- Build strong relationships with IT and governance teams to better understand your data ecosystem
- Educate stakeholders across the business about the need for clean documentation and governance
- Utilize a central repository—like an ediscovery tool—to clearly track legal hold obligations and give your governance team greater visibility
Standing Retention/Deletion Policies
Storing excess information is costly, so most organizations create policies to manage the routine deletion of unnecessary data and the retention of essential data. These policies can vary from software to software within a single organization, depending on how the platform is used and what information it stores.
But when pending litigation instigates the legal-hold process, your organization is obligated to preserve all potentially relevant information across systems immediately. Spoliation often results when standing retention or deletion policies aren’t suspended for the duration of a legal hold and ESI is lost or damaged.
What to do about it:
- Ensure your legal operations team or ediscovery lead coordinates with IT on how much data is stored and how long it is retained in each relevant system
- Ensure IT has clearly documented retention/deletion policies for ESI hosted outside your organization
- Find an ediscovery tool that automatically releases preserved and collected data when matters close, so data is not unnecessarily stored
Low Custodian Compliance
Whenever a legal hold is necessary, notifications are sent from Legal to data custodians informing them of their obligation to preserve potentially relevant ESI. The risk of spoliation increases dramatically if custodians fail to comply with this notification. The longer they fail to acknowledge their obligation, the greater the chance that data will be damaged, destroyed, or altered. Not only does this expose you to the risks we’ve already discussed, but it also compromises the defensibility of your process.
What to do about it:
- Make sure your legal hold notifications include clear instructions for data custodians, including data to preserve, how long they should preserve it, and resources if they have questions
- Find an ediscovery tool that allows you to create templates for the best holds and sends them to the right custodians automatically
- Automate custodian follow-ups and escalations in your ediscovery platform
The Best Defense Against Spoliation
At Zapproved, we believe in saving your in-house legal team the time, money, and stress that can come from spoliation. ZDiscovery, our easy-to-use platform for ediscovery, empowers your legal team and keeps you safe from risk by taking on the spoliation of evidence at the source with its:
- Central platform for litigation-related data governance that organizes data from past matters, so your team has head start on identifying ESI in the future
- Options for automatically releasing preserved and collected data when matters close, saving you time money on storage and keeping you compliant with deletion policies
- Automation throughout the legal-hold process, allowing you to templatize, send, track, follow-up, or escalate legal holds and increase custodian compliance