.title-desc-wrapper .dt-published.published.post-date { display: none; }

Preserving Your Data: Part 2 of Our Defensibility Series

 

“The worst thing that can happen to a good cause is, not to be skillfully attacked, but to be ineptly defended.”

- Frédéric Bastiat

 

 

Defensibility: Preservation

This second installment in our series on defensibility in the ediscovery process will focus on preservation.  It comes after the identification phase, where we’ve interviewed both the network experts as well as the individual custodians to ensure we know where all potential locations of data exist. 

We’ve developed the data map, and now it’s time to implement the workflows and tools necessary for preservation.  This is all done prior to the 26(f) conference where counsel will request specific electronic data.


Preservation:

Preservation means more than “to keep in existence”.  Preservation in eDiscovery actually goes a step further requiring “it is kept in a perfect or unaltered condition.”  This requires making sure both the document and any metadata attached is kept in pristine condition.

Preservation can be an iterative process as details come to light during review.  When they do, return to the identification phase and follow the same procedure as listed in my previous article to ensure you have a uniform and defensible process.  Now that you’ve interviewed the custodians, discovered whether they are central to the case, and where their data exists, the first step is to issue a litigation hold notice as quickly as possible. 

Litigation Hold Notice:

A litigation hold notice is a written notice advising relevant custodians to not delete or alter any documents relevant to a case or investigation.  The ACC released a paper in 2013 outlining the bare minimum of what should be included in the hold notice:

  •  An overview of the matter
  • Specific examples of types of information to be retained
  • Possible sources of data
  • Applicable date ranges
  • Informing recipients of their ongoing obligation to preserve
  • Contact information for the legal department  

However, I believe that there are a few other pieces of information that are worthwhile to include.

  • The current version of the company retention policy, or where they can view it
  • Detailed procedure on what to do with the data when it meets the preservation criteria
  • Receipt of acknowledgement and willingness to comply either through a button or a signature

Once the litigation hold is sent out by either the General Counsel or “C” level executive, it’s time to ensure that custodians are complying.  There are multiple programs which can be used for tracking acknowledgement. Depending on size and complexity, many companies manage it through the voting function on Microsoft Outlook and tracking on a Microsoft Excel spreadsheet.  Regardless, there needs to be a documented tracking component to the process which also allows for escalation if the hold is not acknowledged.

 
 
Your legal hold notice must have all the required information outlined by the ACC. It is also important to define a process when the custodian does not acknowledge receipt of the written notice.
 
 

If a custodian does not acknowledge receipt, there should be a defined process for escalating the problem. This may start with sending the litigation hold notice a second time, and then if still not acknowledged, result in a warning, followed by a meeting with their direct supervisor.  Also of concern with a litigation hold is continual compliance with that hold.  Depending on the case, it might be prudent to send the hold for acknowledgement once a month for ongoing investigations or matters.  Finally, it is critical to mark the release of the hold and authorization. 

The litigation hold notifies the custodian and acknowledges both their receipt and understanding, but how do you make sure the actual data is being preserved?

Locking down your data:

The other side of the coin is ensuring the policy is being followed and the data is petrified, meaning it can’t be altered or changed.  There are generally three ways to achieve that.

  1. Custodians self-preserve relevant data: This is the most manual, potentially flawed option. Verifying compliance is difficult. 
  2. Actually collect the data: This can be done through taking backup tapes out of the rotation cycle, taking forensic images of specific computers, or creating a backup in the cloud through a program like Crash Plan or Carbonite. Doing this takes the responsibility out of the hands of the individual custodian and reduces risk, especially if wrong-doing is a possibility.  However, it is also the most invasive option.
  3. Preserving data in place: This requires a separate piece of software that lies on top of your network structure.  Companies that are regulated usually have a document management system like iManage, Enterprise Vault, or StoredIQ which will allow you to preserve data in its current location.  This option offers the least amount of business interruption, but can be cost prohibitive for smaller companies and is not something that can be rolled out quickly once litigation has commenced.

In the same way you are consistently requiring continual acknowledgement of that hold, it is important to audit that indeed the relevant custodians are following the process.  Once you have decided and implemented one of the strategies above, both on a personnel level as well as a data level, pat yourself on the back and know that you have successfully preserved your data in a defensible way!