I have had many conversations and discussions recently on leading practices and trends related to litigation hold notifications and preservation orders. Organizations routinely have the need to effectively manage preservation for litigation, internal investigations and for varying regulatory purposes.
Since the 2006 amendments to the Federal Rules of Civil Procedure and with the changes to Rule 37 in 2016, there has been much discussion on this topic, but limited practical solutions to the problem. The Pension Committee decision has made notifying and managing custodians and “key players” effectively a core requirement for most legal departments.
The challenge with the legal hold notification, preservation & collection processes for most organizations is the “ad hoc” nature of defining systems of record, ESI & custodians & executing preservation in a defensible manner. Notifying custodians a timely manner and keeping an audit trail to defend the process consumes significant time and resources and is inherently risky…if the organization relies on the custodian for preservation.
The Preservation Order
The ability to issue a “Preservation Order” or, more commonly known, a legal hold notification to all custodians and key players has become an essential component in any defensible legal preservation process. This usually includes a mix of end-users (creators) and IT and records custodians and possibly 3rd parties.
Managing Your Key Players
In the post-Pension Committee environment the standards have been raised and defensibility can hinge on how well the organization executed in two key areas:
- Ability to manage the legal hold notification process
- Ability to mitigate risks of spoliation
The first process is intended to prevent the second… but one of the lessons learned in the age of Big Data, Social Media and Hybrid Clouds is that there is too much risk to the organization to rely on custodians and key players to preserve. Most custodians are not IT experts, and although they may have good intentions, they don’t know their “systems of records,” retention and disposition policies, back-up procedures, etc.
The leading practice is to notify all relevant custodians and “key players” of the duty to preserve all potentially responsive information, whether in electronic form or paper form as quickly as possible, request and obtain an acknowledgment from each custodian, retain the acknowledgment and send periodic reminders.
In most cases it may not be reasonable to rely on the custodian involved to preserve responsive information, making defending the process more challenging. The more pragmatic action is to instruct the recipient to take no action until notified otherwise and rely on business processes and technology to identify, preserve and collect in a defensible manner.
Managing Preservation & Collection as a Business Process
Relying on manual processes, spreadsheets and “old school” methods is problematic and cumbersome for managing and tracking legal hold notices. The “one off” nature of using spreadsheets and other outdated tools makes the process harder to defend. The risk of spoliation, fines and sanctions makes relying on the custodian to preserve and disclose all sources of responsive information risky and may not protect the organization’s interests.
A good process includes a defensible hold notification process and a collection plan that is not controlled and managed by the custodian. The successful execution requires process & technology. An audit trail of events throughout the case has become an essential element of defending not only what is being produced, but also what has not been produced and why… Privilege, Confidentiality, Classification, etc. There is also the continued need to demonstrate the authenticity of the information being offered into evidence and that effective chain of custody procedures were in place since actual or constructive notice of the duty to preserve.
Preservation and collection should be managed & controlled by “legal”… not the custodian. Collections must be done in a forensically sound manner and require people, process and technology that go far beyond desktop tools.
Leverage tools in the data center to identify systems of record, ESI and custodians — work with and leverage custodians… but don’t rely on them!!
The growing trend is to understand the custodian’s behavior for creating, managing, storing and retaining information — from their perspective… Where do they put it? What applications, devices, and service providers do they use? Identify portable devices, home computers, Cloud, etc. Look for spoliation risks to the organization outside of identified systems of record.
Understanding all these different elements of the People, Process and Technology in your eDiscovery process is the key to controlling costs & mitigating risks.
If you would like to discuss this topic further…please post a comment!
Photo Credit – Ripster