7 Best Practices for a Defensible Legal Hold Process
Legal holds may be issued in a wide variety of circumstances including actual, imminent, or anticipated government investigations. Obvious situations arise when notice is received, when a government agency files notice, restatement of public companies earnings or when similar circumstances within the corporation or business have previously led to legal proceedings.
Others are not so obvious. A complaint to HR, managers discussing an employee termination, a hostile customer complaint—these require a balanced approach for corporate internal investigations.
Careful documentation on why a legal hold was issued, or ultimately not issued can save many headaches down the line. While there is no bright-line test regarding the duty to preserve, legal personnel should ensure their organizations have appropriate records retention policies that define procedures that meet both business and legal requirements.
Creating a Defensible Legal Hold Process
Employees should be educated as the timely issuance of a litigation hold is critical to minimizing the risk an organization faces arising from the loss of relevant ESI that may be requested for production or used by the organization in its own defense. In particular, guidance should be provided to IT staff about document retention and the types of documents most frequently requested in litigation. Workflows may have to be changed to ensure the organization can meet its eDiscovery requirements.
A legal hold can vary based on numerous factors, including the way an organization stores data, the scope of litigation and the accessibility of data. General best practices include:
- Periodic reminders
- No legalese
- An explanation of preservation obligation and consequences from failure to follow notice
- A description of the matter and relevant time period, as well as types of data to be preserved
- A directive to stop document retention and destruction policies for information related to the hold
- Directions to departing employees
- How to handle instant messaging, blogging and social media
- Instructions on whom to contact with questions and a signed acknowledgement of receipt and understanding binding employees to abide by the hold policy
How to Prevent Spoliation During Legal Hold
It is more common now to see an adversary shift their focus from the merits of the case to claims of spoliation if they perceive a better chance of success.
Courts have authority to issue sanctions for spoliation of potential evidence, whether done intentionally or through negligence. Sanctions can include fines, payment of attorneys’ fees, adverse inference instructions to the jury, evidentiary preclusion, striking a pleading, or granting a default judgment against the spoliator.
7 Legal Hold Best Practices to Avoid Spoliation
1. Identify and manage information systems that routinely remove or alter content. This may involve auto-delete functions that regularly expunge old, outdated, archived or expiring files. It’s common for information systems to have automatic functions that routinely alter stored or real-time data. Identifying and managing these automated actions functions can be critical in eDiscovery.
2. Assess the impact of hardware-related actions, such as removal of backup drives, overwriting or routine destruction of aging or obsolete equipment. For example:
- A company disposing of old computers without preserving hard disks containing ESI
- A manager letting a cloud subscription expire without making a backup of uploaded files
- Track and manage processes that routinely update ESI may prevent preservation of data
- Files, spreadsheets, and databases may be automatically updated or altered based on periodic calculations or analyses
- Automatic updates of desktop operating systems, browser versions, software, mobile apps, and online accounts may interfere with data preservation
- Virus scanning software and tools designed to save storage space may interfere with an information system and its processes
4. Ensure that potential ESI sources are properly addressed, including online and offline devices, software, cloud-based ESI, and apps.
5. Implement controls related to user logins, passwords, authentication and document certificates that may alter ESI or prevent access.
6. Establish a secure repository for collected ESI to prevent alteration or destruction. Protect passwords, codes, and instructions required to access ESI.
7. Preserve non-work related emails, online accounts, profiles, call records that may contain business correspondence.
With the constant evolution and breakneck speed of technological advances, it’s imperative that counsel bring together a multifaceted team of stakeholders to support Information Governance and Discovery initiatives. The proliferation of data has necessitated cross-functional teams working together like never before. Only by truly understanding the limits and consequences of technology and actions can organizations protect themselves from future spend, and all but guarantee cost savings for years to come through well-documented workflow and governance initiatives.