Litigation revolves around evidence. As a result, the preservation of evidence is a key part of the litigation process. Whenever we talk about eDiscovery, the presumption is that all relevant evidence can be found. That is only true, however, if all potentially relevant evidence has been preserved and collected. Ensuring this is the case requires some care and attention to be put into creating and maintaining an evidence collection and preservation strategy.
In this article, I’ll provide some answers to some of the most common questions legal teams may have on the subject of Data Preservation.
Here's what's in:
What is Data Preservation?
When should you start the data preservation process?
What are some of the Data Preservation challenges?
Why is Data Preservation important?
What’s the difference between Data Retention and Data Preservation?
Where does Legal Hold fit in the eDiscovery process?
How do I ensure data is preserved?
What is spoliation?
How do you create a Data Preservation Plan?
5 Best Practices for Efficient Legal Hold and Data Preservation
Conclusion: from Legal Hold to eDiscovery
What is Data Preservation?
Data Preservation is the process of collecting, securing, and maintaining data in anticipation of a litigation or other legal or regulatory requirements. For data to be preserved, it must be stored in a secure location, preferably - across multiple locations, where it would be protected from deletion or modification, as well as saved in formats that will have the greatest utility in future.
When should you start the Data Preservation process?
Under the FRCP, parties are required to begin preserving evidence when litigation is “reasonably anticipated”. Vague, but simple enough. Litigation is hardly ever completely unexpected, after all. Erring on the side of caution is the smart play here.
An important thing to remember here is that the duty to preserve data can be triggered before a lawsuit has been filed or a preservation letter has been received. As a rule, you can expect to preserve more information than you need. So long as your Legal Hold is well put together, the management of a few extra custodians won’t be an issue.
Being too reluctant to start preserving evidence leaves parties at risk of spoliating evidence. Subject to regular data retention policies, evidence could be lost or destroyed. This is exactly what happened in the landmark Zubulake v. UBS Warburg case, which was the genesis for the modern conception of Legal Hold. Due to the phrasing of FRCP 37(e), there is some room for discussion on when exactly preservation duties kick in, but there should be no doubt that it does not start when the complaint is filed. When in doubt, begin to make sure any evidence is kept safe.
What are some of the Data Preservation challenges?
Among the most pressing challenges of data preservation is the fast-paced growth of data volumes and file formats created across an organization. As ESI tends to be highly disorganized, since it is being constantly moved, updated, deleted, etc. Hence, legal teams find it increasingly more difficult to identify where all relevant ESI is located, let alone preserve it. Another problem many organizations currently face lies in implementing efficient data retention policies as well as maintaining the balance between retaining too much data versus not enough data.
Why is Data Preservation important?
Data Preservation is a crucial and one of the most complex steps within the eDiscovery process. In case of an emerging litigation, you want to ensure all relevant ESI is preserved correctly. Under-preservation of data can't be corrected later, as most often when evidence that must have been preserved is lost, it cannot be restored. Evidence spoliation might result in curative measures and sanctions being imposed by the court. The harshest measure that could be taken by the court in such cases is ordering summary judgment for the opponent.
Hence, adopting proper data preservation practices allows organizations to save money wasted on inefficient storage, inefficient management, and wasted man hours.
What’s the difference between Data Retention and Data Preservation?
Although they are similar terms, Data Retention and Data Preservation are each other’s polar opposite. Both do usually involve two departments, Legal and IT.
Data Retention is a bit of a misnomer when we consider what it aims to do. In essence, it’s a scheduling policy that governs when data can (and should) be removed from the company’s datastore. Retention deals with the removal and minimization of so-called digital debris, information that holds no business value. This is more data than most may realize. In 2012, the Compliance, Governance and Oversight Council held a survey that found:
- 1% of organizational information is subject to Legal Hold;
- 5% is held pursuant to a document classification scheme;
- 25% of the information relates to a business need.
Everything else (69% of data held) has no legal or business value. That’s a lot of bytes to store, and storage isn’t free. Retention policies aim to organize and minimize the data stored responsibly, by ensuring that data is removed from the company stores when it has outlived its usefulness. Of course, legal is usually involved here since some information needs to be kept for compliance reasons.
Unlike retention, data preservation does not apply to all data in the company. Information that needs to be kept to comply with certain regulations, for instance, would have its place in the datastore enshrined by the Data Retention policy.
Data Preservation specifically deals with information relevant to legal matters, and is used to exempt information from the normal retention policy. In a Legal Hold situation, individuals who hold potentially relevant information should be informed that the information in question is now no longer subject to the retention policy. Think of Data Preservation as the anti-retention policy and you’re on the right track.
Where does Legal Hold fit in the eDiscovery process?
What is Legal Hold?
Legal Hold, sometimes called Litigation Hold, is the process through which parties involved in litigation preserve evidence. As part of civil procedure, parties must exchange evidence relevant to the case during a phase called the “initial disclosure”. Beyond initial disclosure, parties can also request information from each other later on. This evidence can then be searched by each party to strengthen their case or to assess likely outcomes. In its entirety, this is called the discovery phase. Insofar as discovery concerns Electronically Stored Information (ESI), it is commonly referred to as eDiscovery.
In particular, Legal Hold is the earliest active stage of the eDiscovery process. Once triggered, the Legal Hold process ensures that any evidence is preserved in order to be handed over at any point in the litigation process. When a Legal Hold fails to preserve data, the party in question risks spoliating evidence, which can have serious negative consequences.
As illustrated by the Electronic Discovery Reference Model (per EDRM), Legal Hold fits neatly into existing conceptions of the eDiscovery process. Data Retention schemes are a part of the more general information governance section of the model, while Legal Hold is a key part of the preservation part.
How do I ensure data is preserved?
Once Legal Hold notices have been sent do the individuals who hold potentially relevant information (data custodians), how to make sure they comply? Communication is key in ensuring compliance from custodians.
First, ensure that key employees are aware of the preservation policy, what it means and what is expected of them. A custodian who understands the gravity and importance of the Hold Notice is much more likely to comply.
Second, make sure the Hold Notice clearly and concisely communicates the task. A Hold Notice that is overly long or difficult to read leaves room for confusion. When managing data custodians, clarity in communications creates predictability of outcome. This is true regardless of their level of experience as a custodian.
Neither of these will 100% guarantee nothing is lost every single time. Inadvertent spoliation may still occur. Having a clear and well-communicated Data Preservation policy in place helps the argument that any spoliation is inadvertent. To be clear, even inadvertent spoliation is still spoliation, but the sanctions may be far less severe if it is deemed unintentional.
What is spoliation?
Spoliation of evidence occurs when evidence is not properly preserved. Spoliation may lead to a judge sanctioning a party or a negative inference. In essence, a negative inference is an assumption of bad faith. That means that whatever evidence has been lost will be assumed to be helpful to the opposing side, and damaging to the side that fails to produce it. For a much more detailed overview of what spoliation is, and how to avoid it, check, here.
The heyday for spoliation was between 2006 and 2016 when the Federal Rules for Civil Procedure (FRCP) were newly amended. The 2006 amendments in particular included language that led to a growth in spoliation. Later amendments included language aimed to mitigate this growth. They did this by adding proportionality to the mix, as well as an expectation of good faith. However, not every instance of evidence missed will be spoliation by default under the current iteration of the FRCP.
Though the FRCP currently provides some wiggle room for legal professionals, spoliation is still a serious concern. Having robust data retention and data preservation protocols in place is essential for avoiding it.
How do you create a Data Preservation Plan?
There are several steps you need to take when creating a preservation plan.
1. Undertake an assessment of preservation needs
First, you need to document the preservation needs of your organization in a written report. This report would contain observations and recommendations for each preservation component - for instance: housekeeping; security; disaster planning; etc.). You should also include an executive summary that outlines the short-, mid-, long-term preservation priorities.
2. Set preservation priorities
Based on the foundation you've built in the previous step, you can now dive deeper into setting priorities for actual preservation action. In this step, it is important to consider the criteria based on which you will collect your evidence as well as the overall criteria which preservation activities will have the highest impact, and hence priority. The three preservation criteria to consider: Impact; Feasibility; Urgency.
3. Assembling a preservation planning team
The preparation of a preservation plan cannot be put in motion by a single person, you need a preservation planning team consisting of a wide range of staff members who are responsible for ESI collections, maintenance, housekeeping, and security within the institution.
When it comes to assigning tasks, each member of the team should be responsible for a specific category or part of the plan - be it description of collections, summary of needs and required actions, listing of preservation actions to date, etc.
4. Writing a Preservation Plan
The core components of a preservation planning process include:
- Assembling a team and involving relevant stakeholders;
- Collect and review existing documents, such as collection policies, the organization's disaster plan, the organization's mission and vision, etc.
- Write the actual plan (the length and depth of the piece is entirely up to you and the team);
- Implement and update the plan whenever necessary.
The basic structure of a preservation plan can be as follows:
- Title Page
- Acknowledgements
- Executive Summary
- Table of Contents
- Introduction
- Description of Collections
- Preservation Needs and Required Actions
- Institutional Action Plan and Timetable
- Listing of Preservation Actions to Date
5. Maintaining the Preservation Plan
Preservation Plan is not a static document, and must be periodically revised to address the changing preservation needs of the organization. The initial goals and objectives will likely change with time, so to insure that the expectations of the initial plan are being met, you will have to regularly revisit them.
The person responsible for preservation management will have to direct periodic evaluations of all ongoing preservation projects to make sure the conducted efforts are delivering results, as expected.
5 Best Practices for Efficient Legal Hold and Data Preservation
As previously mentioned, retaining too much data has just as much risk as retaining too little. To help you protect your organization against future litigation, we compiled five best practices that will help you perform efficient legal hold and data preservation:
1. Conduct regular data clean-ups
Good eDiscovery starts with proper information governance. For many organizations, information gets stacked up due to IT departments not knowing which of those documents and files legal teams might need in the future. This is why legal teams should be more proactive and inform IT on what data needs collecting, permitting old devices to be wiped and reused or old information to be deleted.
As part of the data clean-up process, it is essential to perform the clean-up of insufficiently structured digitally stored data (e.g., data stored in SharePoint sites, Microsoft Teams channels, etc.) or old company/department network drives and databases. A close cooperation between the business and legal teams is necessary to efficiently separate what data to preserve and what to discard.
2. Distribute a clear legal hold notice and keep custodians updated.
Once you’re aware of a triggering event, you need to advise the custodians of potentially relevant data of their obligation to preserve that evidence. This is generally done through a clear and concise legal hold notice that outlines the gist of the matter and the scope of the evidence that must be preserved.
Your legal hold process should also include a way to verify that custodians have received the notice and acknowledged their intent to comply.
3. Create clear evidence handling protocols
To avoid data spoliation, you must create clear handling protocols such as collection logs and chain of custody documentation. This way, the protocols will ensure that no alternations can be made to the pieces of evidence without prior noticed of parties involved in potential litigation.
4. Preserve metadata by immediately making a forensic copy of the information
Metadata contains information about a file on how, when, and by whom it was created, accessed, modified, and formatted. To ensure metadata is not inadvertently altered, make a forensic copy of the information immediately. You can use the file copy for working purposes, while fully preserving the original file as it was collected without any alterations.
5.Use technology to manage data identification and preservation.
An end-to-end eDiscovery solution can help your organization efficiently identify and gather relevant information during an investigation or subsequent litigation. Such tools can also prevent your organization from overlooking and failing to preserve relevant information.
Conclusion: from Legal Hold to eDiscovery
With its inclusion in the EDRM, it should be clear that Data Preservation and Legal Hold are part of the eDiscovery process as a whole. At the same time, many eDiscovery tools do not include Legal Hold tools out of the box. This is mostly due to the fact that at their core, eDiscovery tools are built for searching rather than collecting. That said, many eDiscovery solutions do have modules available that handle Legal Hold management. If you want to know more, or discuss your Legal Hold strategy with one of our experts, don’t hesitate to reach out.