Finding Key Players in Legal Hold Notification, Preservation and Collection Processes

By | Blogs | No Comments


I have had many conversations and discussions recently on leading practices and trends related to litigation hold notifications and preservation orders. Organizations routinely have the need to effectively manage preservation for litigation, internal investigations and for varying regulatory purposes.

Since the 2006 amendments to the Federal Rules of Civil Procedure and with the changes to Rule 37 in 2016, there has been much discussion on this topic, but limited practical solutions to the problem. The Pension Committee decision has made notifying and managing custodians and “key players” effectively a core requirement for most legal departments.

The challenge with the legal hold notification, preservation & collection processes for most organizations is the “ad hoc” nature of defining systems of record, ESI & custodians & executing preservation in a defensible manner. Notifying custodians a timely manner and keeping an audit trail to defend the process consumes significant time and resources and is inherently risky…if the organization relies on the custodian for preservation.

The Preservation Order

The ability to issue a “Preservation Order” or, more commonly known, a legal hold notification to all custodians and key players has become an essential component in any defensible legal preservation process. This usually includes a mix of end-users (creators) and IT and records custodians and possibly 3rd parties.

Managing Your Key Players

In the post-Pension Committee environment the standards have been raised and defensibility can hinge on how well the organization executed in two key areas:

  • Ability to manage the legal hold notification process
  • Ability to mitigate risks of spoliation

The first process is intended to prevent the second… but one of the lessons learned in the age of Big Data, Social Media and Hybrid Clouds is that there is too much risk to the organization to rely on custodians and key players to preserve. Most custodians are not IT experts, and although they may have good intentions, they don’t know their “systems of records,” retention and disposition policies, back-up procedures, etc.

The leading practice is to notify all relevant custodians and “key players” of the duty to preserve all potentially responsive information, whether in electronic form or paper form as quickly as possible, request and obtain an acknowledgment from each custodian, retain the acknowledgment and send periodic reminders.

In most cases it may not be reasonable to rely on the custodian involved to preserve responsive information, making defending the process more challenging. The more pragmatic action is to instruct the recipient to take no action until notified otherwise and rely on business processes and technology to identify, preserve and collect in a defensible manner.

Managing Preservation & Collection as a Business Process

Relying on manual processes, spreadsheets and “old school” methods is problematic and cumbersome for managing and tracking legal hold notices. The “one off” nature of using spreadsheets and other outdated tools makes the process harder to defend. The risk of spoliation, fines and sanctions makes relying on the custodian to preserve and disclose all sources of responsive information risky and may not protect the organization’s interests.

A good process includes a defensible hold notification process and a collection plan that is not controlled and managed by the custodian. The successful execution requires process & technology. An audit trail of events throughout the case has become an essential element of defending not only what is being produced, but also what has not been produced and why… Privilege, Confidentiality, Classification, etc. There is also the continued need to demonstrate the authenticity of the information being offered into evidence and that effective chain of custody procedures were in place since actual or constructive notice of the duty to preserve.

Preservation and collection should be managed & controlled by “legal”… not the custodian. Collections must be done in a forensically sound manner and require people, process and technology that go far beyond desktop tools.

Leverage tools in the data center to identify systems of record, ESI and custodians — work with and leverage custodians… but don’t rely on them!!

The growing trend is to understand the custodian’s behavior for creating, managing, storing and retaining information — from their perspective… Where do they put it? What applications, devices, and service providers do they use? Identify portable devices, home computers, Cloud, etc. Look for spoliation risks to the organization outside of identified systems of record.

Understanding all these different elements of the People, Process and Technology in your eDiscovery process is the key to controlling costs & mitigating risks.

If you would like to discuss this topic further…please post a comment!


Photo Credit – Ripster

What Do YOU Want from Your Professional Services Team?

By | Blogs | No Comments


I have been in the services delivery business, whether it be business analytics, consultative, or implementation services, for my entire career. Although I am not yet ready for retirement, I have enough gray hair to suggest I may have a number of learning experiences and some hard-earned wisdom under my belt. And I do.

I learned early on in my growing-up years that there are certain character qualities that will help us succeed in our jobs and in our lives. My early years as a babysitter helped me remember the basics of what is important. The safety and security of knowing someone has got things under control is significant to a little kid whose parents have gone—seemingly for days—to dinner, leaving her in someone else’s hands—someone who would calmly manage the ups and downs and unpredictable nature of childhood.

I did not take that responsibility lightly, and as I grew into adulthood, the ability to keep calm and carry on became my goal and mantra for staying centered and minding the Big Picture. The events in our personal and professional lives can distract us and impact the manner in which we interact with family, friends, colleagues. I realized that keeping focused on the important things was a really great way to disregard those distractions and stay focused on the right path.

When I became a “Professional,” I worked primarily in the financial services space. It was during those early working years that I came to Controlled-Zone2have a high expectation of what professional services can, and should, be. The financial services industry is demanding, often without sanity, and working in that fast-paced, highly focused, often frenetic environment has taught me a thing or two about how to navigate tough waters and stay the course. I learned that my babysitting days had prepared me to manage a few colleague and manager melt-downs with calm and concern for the situation at hand. I learned how to help guide the ship toward the light at the end of the tunnel. Navigating choppy waters became something I learned not to fear but to accept, as part of the challenges of growth.

Today, I work as the Director of Professional Services at Controle. When I joined the team, I realized that this group of people, from everywhere across the country, have given each other a great gift. We are smart and knowledgeable, certainly. The areas of expertise that we hail as our focus have great depth of knowledge. But this team also has those basic qualities that I learned all those years ago and look for in my interactions with others, even today. We keep calm and carry on. We lead our clients to see the light at the end of the tunnel. We show them that we take it seriously when they leave their projects in our hands. We show them that when they need someone to help navigate those choppy waters and stay the course, we are there for them. This is the basis behind our work and our ability to provide high quality professional services for our clients’ Information Governance needs, and it is not by accident that we can say we have it … well … under Controle.


The Hidden ROI in eDiscovery . . . The Legal Profile

By | Blogs | No Comments


Part III: The Legal Profile

An often overlooked link between the IT footprint and the FRCP is the notion of “source mapping” or “mapping of sources” for the Rule 26f “Meet & Confer Conference” where the parties need to discuss and disclose potentially responsive ESI by “category or type.” If the organization understands what systems and repositories contain potentially responsive information, that ESI can be managed appropriately for the matter at hand and used as a source for future eDiscovery. Most organizations have certain types of legal and regulatory challenges, like employment, Intellectual property or other types of litigation and key regulatory issues which form a pattern of a “Profile.”

If these systems and applications are identified or “mapped,” a categorization and classification of systems, data and ESI can be developed and used as an early assessment tool and a strategic tool to ensure proper preservation of ESI and notification of potential custodians.

hammer-lawPut another way, employment cases and Intellectual Property cases may share some common sources of ESI (email, file shares, collaborative spaces) but typically also have systems and repositories for business information related to the particular business function that is subject of the legal inquiry. It is rare that all systems or applications would contain responsive ESI.

Here is an opportunity to move away from the “Hold All” order by developing a defensible response protocol for legal and regulatory matters, targeting responsive ESI and managing the non-responsive ESI according to standard business practices. If you can’t find the handful of relevant ESI in the terabytes of data, then “retain all” may look like the “best option” in a bad situation.

Here is some hidden ROI:

Once Responsive ESI is identified, preserved and collected, it is a reasonable assumption that the non-responsive ESI is not subject to legal hold. Instead it is subject to ordinary lifecycle management (RM) or part of the organization’s GRC efforts within a sound Information Governance Program and would only be retained based on categorization and classification of information.

Leverage the opportunity to do some “house cleaning”… gain file visibility and perform file remediation… dispose of ESI that has outlived its useful life in a defensible, scalable manner.

Understanding all these different elements of the People, Process and Technology in your eDiscovery process is the key to controlling costs and mitigating risks.


The Hidden ROI in eDiscovery . . . People, Process & Technology

By | Blogs | No Comments


Part II:  Benchmarking—People, Process & Technology

Identify all the key players in the legal and regulatory processes who request ESI (in other words, identify the consumers) and determine why they need it. Then find all the key players and stakeholders who identify, preserve and collect ESI. Next, identify the tools currently in use to help to understand the processes and the level of effort associated with eDiscovery, from an internal resource perspective as well as from the third party cost perspective. This will help you understand risk.

Each organization is unique… understanding who touches the process is critical… knowing this early on saves resources in the long run!!

Most organizations face a mix of needs for ESI:

  • Internal Audits and Board driven actions
    • Regulatory Investigations
    • State and Federal Litigation

Consumers of ESI may include:

  • Human Resources
    • Litigation Counsel
    • Regulatory Affairs
    • General Counsel
    • Internal Audit

Personnel involved in Preservation and Collection of ESI may include:

  • Securitybinding-contract-500
    • IT
    • 3rd Parties / Service Providers
    • Custodians
    • Legal Service Providers
    • Outside Counsel
    • Internal Counsel
    • Human Resources

Understanding all these different elements of the People, Process and Technology in your eDiscovery process is the key to controlling costs and mitigating risks.


The Hidden ROI in eDiscovery . . . Faster, Better, Cheaper!

By | Blogs | No Comments


Part I: Understand the Business Problem

Faster, better, cheaper was the mantra at NASA as it set goals to improve quality and efficiency and better manage costs after several setbacks. It was a way to set goals and measure success from a “top down” approach of looking at it from all perspectives and seeking to better quantify risks and rewards in various programs . . . expect quality, but demand efficiency!!!

Faster, better, cheaper was the clear theme at LegalTech 2015 . . . good Information Governance makes good business sense!

The term “Information Governance” may be refreshed or a new name may evolve, but the desire to better manage unstructured data and business information will be as strong as ever.

As pressure mounts to control legal spends, better governance is the opportunity to defensibly delete ROT (redundant, outdated or trivial data) once it has outlived its useful life.

The hidden Return on Investment in eDiscovery lies in understanding the entire spend—not just the obvious third party costs—and understanding and quantifying risks in the current process.

I have been working with several clients in developing business cases and ROI models to frame their various challenges and drive strategic initiatives. The key to success is having developed a “base-line” understanding of the current process and identifying all key players. The nature of eDiscovery tends to affect IT, RM, the Business and of course, Legal.

As “beauty is in the eye of the beholder,” all parts of the organization affected by the process see this from a different perspective and should be included in the dialogue.

Key drivers in these initiatives are cost take-out and optimization of eDiscovery and regulatory compliance processes. Understanding the current state of the process, people involved, key processes and technology in order to get visibility and control of the process . . . this is typically an evolution over time and requires a continued commitment to total quality management.

Best Practices that cut across the broad theme of Faster, Better, Cheaper:
  • Identify all the “stakeholders” and process ownerDigital-Man-300
  • Identify all “Consumers” of ESI
  • Define cost of current process
  • Understand the organization’s “Legal Profile”
  • Form cross-functional team to drive change

Understanding all the different elements of the People, Process and Technology in your eDiscovery process is the key to controlling costs and mitigating risks.


We have become Digital Hoarders

By | Blogs | No Comments


Why do we keep everything?  We’ve become Digital Hoarders.  

This has happened not by choice but by proxy, while we’re trying to be competitive in our industries, “Run Our Businesses,” and make a good faith effort to stay compliant with the thousands of rules, regulations and laws. Just like with hoarders, if someone dropped off a dumpster for our digital trash it would be so overwhelming we wouldn’t know where to begin. Many of our customers have made significant investments in technology, but they feel like they have a Ferrari that just sits in the garage. In this age, technology is fantastic, but it is never the complete answer to a problem, it usually just helps us solve a problem faster and more efficiently.

mobile-travel-map[1]Is there a way to Take Controle and Govern Information for Compliance?  Most of our customers do not have a path forward. Our customers are in different industries and at different maturity levels regarding Governance and Compliance. Our approach with our Advisory Services starts by identifying your current location (or current state) and simply helping you get you to your future state of Compliance. Just like the mapping technology on your smart phone, we plug in your current state through a quick assessment, then we easily plug in your future state and requirements. Next we give you routes to choose from based on time and cost, and finally, easily help you with turn-by-turn directions. For example if you wanted to walk, drive or fly from your home in Chicago to Detroit it’s pretty easy to quickly find the route and execute on getting there. We believe Governance and Compliance should be the same way.

What are some of the tools and techniques? At Controle we have a proven methodology that we use in conjunction with a variety of technologies to analyze your environment, help you identify your biggest pain points, and show you the step-by-step directions for how to get to where you want to go. You can learn more here

These are the questions or problems that we can help you solve: Where does my company begin? How does our company lower our risk level and achieve compliance?

We profess that we are not the Regulatory Experts, but we have tools and partners that are. At Controle we are the experts in helping you manage your Regulatory Burden.

Getting Off The "Reliance Train" For More Cost-Effective eDiscovery

By | Blogs | No Comments

While recently attending the Georgetown Advanced eDiscovery Institute conference, I came across a number of wonderful discussions about how the recent changes to the FRCP—ones meant to encourage cooperation between the parties and reduce the cost and time of discovery—may not be effective, given the incentives continue to be stacked against them.

So long as plaintiff’s attorneys are paid to win, and defense attorneys are paid by the hour, it’s more likely that, rather than cooperation, the new rules will just result in more motion practice over whether the other party is sufficiently cooperating.

I could write a whole blog on that point, but I’ll leave that for others. I simply raise this example because as long as attorneys and service providers continue to have the same incentives, the advice they give their client may not necessarily be the best with regards to reducing cost, mitigating risk and improving quality. Read More

eDiscovery Technology Without a Business Process Is Like a Boat Without Water

By | Blogs | No Comments

A couple of years back at a conference, an attorney friend of mine mentioned that her Fortune 500 corporation was about to implement a new eDiscovery solution. My first question: “Have you worked out who is going to care and feed for that?” They hadn’t.

The next year I saw her at the same conference and asked her how she was liking her eDiscovery tool: Not so much. Even the best eDiscovery tool is still just a tool. Without a proper methodology, and an entire business process that covers the full range of the EDRM spectrum, a tool simply cannot solve your whole problem. Read More

For More Effective eDiscovery Search Term Construction, The Technology Matters

By | Blogs | No Comments

One of the most common requests I get from clients is “how can I refine my search terms?” It is a real issue for companies as they take on more of the eDiscovery roles traditionally performed by outside counsel.

Outside counsel is not incentivized to get creative with search term construction to minimize results and avoid false positives. They simply run the search of the terms they are given or create and then begin a linear review, charging the client (i.e. you) on an hourly basis. Read More

Migrating Data To A New Platform? Why And How You Should Clean Up First

By | Blogs | No Comments

My colleagues and I have noticed that we were receiving a lot of feedback from companies that are migrating or transferring segments of data or all of their electronic data to new NAS and sometimes cloud systems.

During migrations, we’ve observed that migrating data to a new NAS device or moving data to the cloud is not as simple as solely picking the data up and dropping it off. Most companies want to clean up, organizing and optimizing their data as a part of their data relocation efforts. Read More