A Guide to Litigation Holds
Here, we dive into the technological and legal requirements that must be navigated in the context of preserving information potentially relevant to litigation, investigations or other disputes, as well as the steps practitioners must take to ensure that data maintains its evidentiary integrity.
What Is a Legal Hold?
A legal hold, also known as a litigation hold, is the process that must occur to preserve data potentially relevant to anticipated, pending or active litigation, investigations or other legal disputes.
Issuing a legal hold is an essential early step in the eDiscovery process, and crucial to showing defensible and good faith efforts to preserve evidence. It is the mechanism by which parties that must preserve information potentially relevant to a dispute tell “custodians” of that data it must be preserved, and ensure compliance until the obligation no longer applies. The initial document outlining the scope of the preservation requirement is called the legal hold notification or notice.
The legal hold notice is where the rubber hits the road: the point at which all parties are aware of pending litigation and the need to preserve electronically stored information (ESI) for that litigation. It is also the point at which you need to have identified the potential sources of information, the custodians of that information, and the technical and practical challenges to be faced in the coming dispute.
In U.S. courts, legal precedent requires that potentially relevant information must be preserved at the instant a party “reasonably anticipates” litigation or another type of formal dispute. The event or occurrence that precipitates the party to begin preserving information is referred to as the “trigger” or “triggering event.”
The goal of preserving information is to ensure that the information’s evidentiary integrity is maintained for potential use in the case. This means that the information should not be altered from its original form or the form in which it exists at the time of the triggering event. Not only does this apply to the appearance of the information, such as the way a document looks, but to the hidden metadata as well, that is the “data about data,” such as creation date and author, that is included in a document. The slightest modification—such as opening an email that is potentially relevant—can alter the information’s metadata, and thus compromise its evidentiary integrity and potentially draw penalties.
Generally, the first step to preserving data is the application of a legal hold. After a triggering event, it is also imperative that the party take steps to suspend activities that could potentially alter information that must be preserved, including those that occur in the normal course of business. For example, companies should halt the deletion of email archives according to automated retention schedules.
Below, we will dive more thoroughly into perhaps the most important step of preserving information: the legal hold.
Logikcull is the #1 ranked discovery software.
The Legal Duty to Preserve Potential Evidence
Legal holds arise from a common-law duty to avoid the spoliation of evidence. That duty stretches back to 1722 and the case of Armory v. Delamirie, a dispute between a young chimney sweep and a goldsmith over a found jewel. Since then, the requirements to avoid spoliation have slowly evolved over hundreds of years of case law, which eventually resulted in today’s legal hold requirements.
Although there is no federal rule requiring the implementation of legal holds, and the concept is a fairly recent development, the practical requirements of data preservation have been well fleshed out in case law over the past decade, following Judge Shira Scheindlin’s historic rulings in Zubulake v. UBS Warburg, a case that is regarded as marking the beginning of modern eDiscovery.
In Zubulake, Judge Scheindlin made it clear that parties have an obligation to preserve relevant information as soon as litigation is imminent. However, the process of arriving at that determination—gauging when litigation is “imminent” or "reasonably anticipated" and deciding what qualifies as “potentially relevant information”—can be more complex than it seems.
When Is a Legal Hold Triggered?
The most critical step in the legal hold process is determining when the duty to preserve begins. As established by Zubulake and many other cases, a legal hold is triggered when litigation is “reasonably anticipated.” But what does “reasonably anticipated” actually mean?
Unfortunately, there is no exact standard for interpreting the phrase. Instead, when evidence is lost or the scope of preservation is otherwise questioned, courts tend to weigh other factors, such as whether parties acted with good faith and performed a reasonable evaluation of relevant facts at the time of preservation, to determine whether sanctions are appropriate.
On the plaintiff’s side, intentional acts such as sending a cease-and-desist letter are enough to trigger preservation. But the duty may arise earlier than that. In some cases, courts have held that a plaintiff is held under a duty to preserve either as soon as they determine that legal action is appropriate or when they decide to bring an action.
The trigger for defendants can seem nebulous at times. Receipt of written notice from the other party would certainly trigger a duty to preserve, but courts disagree on how certain the recipient must be that litigation will actually occur. Generally speaking, the duty to preserve does not require that the threat of litigation be “unequivocal.” A letter threatening litigation can be sufficient to prompt preservation procedures, for example.
In the most clear-cut cases, the duty to preserve is triggered by explicit communication of impending litigation, such as service of process, subpoena, or written or verbal notice. Receipt of notice by an employee or another agent generally triggers preservation for companies. Additionally, preservation obligations can be triggered by other circumstances, such as local regulations or a preservation order already entered in another case.
However, the threat of litigation must be at least somewhat credible to trigger a duty to preserve. Aimless grumbling shouldn’t bring companies to a grinding halt. As the court wrote in Hixson v. City of Las Vegas, “it is not reasonably foreseeable [sic] that every internal employment compliant may result in litigation if not resolved to the employee’s satisfaction.” Courts have long held that, if the notice is merely an “equivocal statement of discontent,” then litigation may not qualify as “reasonably anticipated,” and deletion procedures can continue.
That being said, companies cannot simply ignore vague threats to avoid preservation. If the threat level of litigation is unclear, organizations have an obligation to investigate the situation before purging their files.
Determining exactly when the duty to preserve kicks in can get complicated. But recent amendments to FRCP Rule (37)(e), the section that governs the spoliation of electronic evidence, have brought a new level of predictability to the process—and bestowed renewed power on defensible procedures, such as properly administered legal hold notices.
Exclusive report: "The End of Sanctions? How Rules Revisions and Growing Expertise Are 'De-Risking' eDiscovery"
Getting Started on Your Legal Hold
A legal hold notice is usually sent to an organization and distributed to legal counsel, custodians, and IT staff. It is also common for an organization that anticipates litigation to draft and circulate its own legal hold. The notice must be broad enough to ensure that all potentially relevant information is preserved, but narrow enough so as not to be overburdensome for the party that possesses the information.
Unfortunately, too many lawyers rely on checklists or boilerplate language when issuing a legal hold. However, an effective hold notice can only be drafted if a legal team takes the time to consider the relevant issues of a case, the potential sources of evidence, and the questions that must be answered via discovery.
Where Will You Find ESI?
Before creating a legal hold, it is important to understand where relevant information could live. The data may be located in a wide variety of storage locations such as email, desktop drives, portable devices, shared drives, home computers, tablets, smartphones, internet storage locations, and document management systems.
The most common source of ESI is through a custodian—that is, an individual who personally possesses the information. Examples of custodian data are: email, personal storage on hardware devices or cloud accounts, allocated storage, data storage, data associated with social networking sites used by the custodian, tablets, smartphones or even private web-based email accounts.
However, non-custodian ESI is a critical source of ESI, as well. Examples of non-custodian data include: databases, cloud storage databases hosted by third parties, and shared network storage locations.
Today, discoverable data lives everywhere, including:
Users of corporate computers will have email stored on one or more email servers. These servers may be physical hardware managed by IT staff or virtual machines leased from a cloud provider, either running mail server software, most likely applications like Microsoft Exchange. A third potential source is a Software as a Service (SaaS) offering from a cloud provider, which are ubiquitous. Webmail may be as simple as a single user’s Gmail account or, like the Microsoft Office 365 product, a complete replication of an enterprise email environment. On desktops and laptops, email is found locally (on the user’s hard drive) in container files with the file extensions .pst and .ost for Microsoft Outlook users or .nsf for Lotus Notes users, for example. Finally, each user may be expected to have a substantial volume of archived email spread across several on- and offline sources.
Apart from email, custodians generate content in the form of productivity documents like Microsoft Word documents, Excel spreadsheets, PowerPoint presentations and the like. These may be stored locally, i.e., in a folder on the C: or D: drive of the user’s computer. But more often corporate custodians store work product in an area reserved to them on a network file server and mapped to a drive letter on the user's local machine. The user sees a lettered drive indistinguishable from a local drive, except that all data resides on the server, where it can be regularly backed up. This is called the user's network share or file share.
Most people have at least one smartphone or tablet, and there is likely overlap between personal on work data on that device. More people access the internet via phones than all other devices combined. The bottom line is if you’re not including the data on phones and tablets, you could be missing relevant, unique and often highly probative information.
Organizations deploy network shares to ensure work is backed up routinely. Nevertheless, despite the best efforts of companies to try to keep all work in a single location, users will store data on local, physical media, including local laptop and desktop hard drives, external hard drives, thumb drives, and other devices.
From Microsoft Access databases on desktop machines to enterprise databases running multinational operations (think UPS or Amazon.com), databases of many kinds are embedded in company systems. Other databases are leased or subscribed to from third-parties via the cloud (like Salesforce.com or Westlaw). Databases often hold so-called structured data, meaning it is unreadable outside of the database in which it is created.
Corporate applications and IT infrastructure increasingly operate in cloud environments like Amazon Web Services and Microsoft Azure, while individuals increasingly store data in tools like Box, Dropbox, Google Drive, Microsoft OneDrive, Apple’s iCloud and others. The cloud must be considered alone as an adjunct to the other sources when seeking to identify and preserve potentially responsive ESI.
Collaborative software products like Slack, JIRA, and Microsoft Teams are part data repository, part chat platform, part workspace hub. Seeking collaborative software data in eDiscovery can yield valuable records of business decisions and communications, though their unique features and data types can pose challenges for those without the tools to handle such data.
If you’re not collecting Slack data, you could be missing half the conversation. Download The Lawyer’s Guide to Discovery and Investigation in Slack.
Best Practices for Drafting a Legal Hold
How do lawyers avoid sending formulaic, boilerplate notices? A litigation hold must be a thoughtful document tailored to the needs of the case. Certainly, there are elements of the legal hold process that can be repurposed over and over again, but there must also be an attention to detail in each new case as well. It’s a balancing act: minimizing cost, complexity and business disruption while ensuring that all potentially discoverable information related to the matter at hand is preserved. Find a sample legal hold notice here.
Here are a few things to consider when drafting a legal hold:
Make it timely: In a world of automatic deletion, timing is everything, and failure to issue a timely legal hold can put you at risk of sanctions. Courts have found that “failure to adopt good practices is a factor in the determination of whether discovery sanctions should be issued.”
Put it in writing: An oral threat of litigation can trigger preservation, but issuing only a verbal hold notice does not count as taking “reasonable steps” to actually preserve relevant information. To be safe, write it down.
Make it clear: Not everyone reading your notice is a lawyer. The point of a legal hold is to ensure that custodians actually retain relevant data. If your notice is full of legalese, fails to provide examples, or is otherwise incomprehensible to its intended audience, it won’t do you any good.
Explain the matter at issue: For some custodians, this may be the first time they are hearing about the litigation. Describe the situation briefly at the beginning of the legal hold notice, so everyone is on the same page.
Be specific: Include the names (or titles) of specific custodians covered by the legal hold and explain how those custodians are expected to gather information. Provide applicable date ranges and file types, and clearly state the duty to preserve all relevant information, even data covered by regularly scheduled deletion policies.
Revise, revise, revise: A legal hold is no good if it’s out of date. If anything, including the scope of discovery, the number of custodians covered, etc. changes, make sure to update and reissue your written notice.
Ask for a notice of receipt—and document everything: If any data goes missing, you’ll want to have hard evidence of preservation efforts. Implementing a legal hold is a good first step, but you also want to demonstrate that the hold actually reached relevant custodians (and more importantly, that they understood their obligations at the time).
Create a procedure for releasing the hold: When data collection is over, make sure to release the custodians from their obligations. This lets companies return to their normal document retention schedule, and allows individual parties to use a device or data without fear of spoliation.
How to Ensure Receipt and Compliance With a Legal Hold
It is important that once the initial notice is issued, reminders are sent early and often to ensure compliance. Cloud-based instant discovery software, like Logikcull, automates notices and reminders, and keeps track of which custodians confirm receipt of the notice and when.
Key custodians must receive email and messaging hold notices, and IT and HR must receive notices to preserve specific machines, devices, and backend systems when those may possess potentially relevant ESI. While issuing a legal hold notice that demands backup drives and media to be preserved will help ensure that you can recover evidence even if the original records are lost, it is important to note that courts have often held that producing legacy media such as tapes can be overly burdensome to the producing party.
Parties should seek further counsel if they are unsure of how far their preservation efforts should extend or where original sources of evidence reside. At a minimum, a sound legal hold notice should instruct parties to suspend data destruction efforts if appropriate so that evidence will be easier to find later.
How Do You Work With Document Retention Policies?
Email systems can be set to automatically delete messages after a certain elapsed time according to the organization’s email retention policy. When preserving and collecting data from a company's’ communication systems (email, phone, messaging, etc.), consider the company’s ESI retention policy and whether it must be suspended.
Two groups to consider interviewing and involving are the users of the data and the IT department. The IT department may have to modify their practices in order to comply with the company’s preservation obligation. So be sure to interview users and custodians who can help identify data you need, but also the IT group, which can help you to preserve and collect it.
Simplify your legal hold process.
How Are ‘Possession, Custody, and Control’ Determined?
When a company is party to litigation, its employees often become “key custodians.” That is, they are likely to control highly relevant information and records, which may be subject to preservation in the case. When they know litigation is coming, corporate defendants must preserve anything under their “possession, custody, or control”—but how far does that “control” go? Are corporations responsible for ensuring that employees and other non-parties comply with preservation practices?
The short answer is yes. Certainly, companies have an obligation to identify key custodians and preserve their data. But the duty often goes further than that. Named parties may also be responsible for ensuring subpoenaed or otherwise notified non-parties, including employees, actually comply with the terms of relevant legal holds. That may include obtaining discovery into employee's personal devices, for example.
The “possession, custody, and control” standard is established by Rule 45 of the Federal Rules of Civil Procedure. Federal courts have taken different approaches to interpreting that requirement, leading to three general standards.
The Legal Right Standard: Data is considered under a party’s possession, custody, and control when the party has a legal right to obtain the ESI. This standard is applied in the Third, Fifth, Sixth, Seventh, Eighth, Ninth, Tenth, and Eleventh Circuits.
The Legal Right Plus Notification Standard: Data is considered under a party’s possession, custody, and control when the party has a legal right to obtain the ESI, plus, if no such right exists, the party has been put on notice that the ESI is in the hands of a third party and thus, must notify its adversary. This standard is applied in the First, Fourth, Sixth, and Tenth Circuits.
The Practical Ability Standard: Data is considered under a party’s possession, custody, and control when, regardless of whether the party has a legal right to the data, it has the practical ability to obtain the ESI. This standard is applied in the Second, Fourth, Eighth, Tenth, Eleventh, and D.C. Circuits.
How Do I Make a Legal Hold Defensible?
In the context of litigation holds, defensibility means understanding how your opposition, judge, jury, or regulator will view your legal hold process in light of applicable legal requirements. While perfection is not required, your actions will need to be reasonable given the information available at the time of the action.
The first step to demonstrating that you’ve taken “reasonable steps” to preserve ESI is to implement a defensible legal hold. The best definition for legal hold is that it is a way to communicate to a party or custodian that a) litigation is imminent, or reasonably anticipated, b) potentially relevant information must be preserved, and c) electronically stored information and paper documents that may be relevant to this pending litigation must not be deleted or altered. It should be designed to combat potential confusion around preservation procedures and encourage compliance by providing a retention timeline.
Unfortunately, this third part of the litigation hold process, the retention timeline, is often the most problematic—either because parties fail to institute a legal hold and continue with the routine destruction of data, such as deleting emails after a set period of time, carelessly spoliate data because they don’t know better, or, less often, shred documents in deliberate efforts to thwart justice.
If the requesting party fails to offer a prompt, detailed, and understandable litigation hold notice to its adversary, for example, it may not receive the information necessary to conduct litigation. On the other hand, when a producing party fails to take a litigation hold letter seriously, sanctions for spoliation may be imposed. Ultimately, the party that possesses or controls potentially relevant ESI is under an obligation to preserve that information when litigation becomes reasonably anticipated, regardless of whether its adversary has alerted it of its preservation obligations, and parties may also be held responsible for the failure of non-parties to retain relevant evidence.
Trust But Verify
Courts have criticized the practice of allowing individuals who are stakeholders in the outcome of the case to identify, preserve or collect their own data, since they arguably lack the necessary objectivity to collect all of what is relevant and responsive. This practice of “self-collection” is often described as the “fox guarding the henhouse.” Moreover, custodians simply cannot be expected to identify and preserve all the ESI that could be relevant to a case.
With hundreds of independent, verified 5-star reviews, Logikcull is the #1 discovery software on the market.
Picking a Legal Hold Solution
Legal holds are too important to handle without a powerful, yet easy-to-use hold solution. When evaluating legal hold products, look for products that are:
No more spreadsheets. No more manual emails. No more user errors. Keep it simple with Logikcull by easily creating and managing defensible legal holds.