What Is Litigation Hold? Web's Most Asked Questions

Too often IT professionals are relied upon to execute legal tasks such as a "Litigation Hold" but with little context, definition or support.

What is Litigation Hold?

Litigation Hold is obviously a legal matter, so if serious advice is needed, ask a Lawyer (but make sure they understand technology!). There are a few caveats below*

Litigation hold is sometimes referred to as a hold order or preservation order. It's a requirement that a company or individuals to preserve all relevant (both good or bad!) data that may relate to a legal action. Typically that data will then be subject to Discovery requests that ask for data fitting specific criteria like a date range or search terms.

Broadly it makes sense to follow a litigation hold process for all manner of investigations from disgruntled employees to full on regulatory scrutiny.

Many applications/Cloud Services (such as Office 365. Google Mail, Exchange and even Slack) have a system that has been built in to preserve data. Others don't.

You should familiarise yourself with the process that might be applicable should your company face such "crisis response" challenges.

All too often this is left as an after-thought and not built by design. If it's complex, ask for training in readiness.

WHO should receive a litigation hold notice?

Of course, I can't answer this and neither can "the Web", but I can summarise from experience and Google... There are some cautionary word and also a couple of factors to consider.

Those involved in managing the process will either have received a request from the opposing party or regulator or have an idea who they need to preserve data for. The typical approach is to be broad at this stage to avoid fines or sanctions for destruction of the data, later in the process.

Another bit of complex legalease is the concept of "Possession, Custody Or Control". The lawyers will refer to Custodians being the subject of a litigation hold. I won't go into the legal origins of the phrase, it's quite nuanced and needs a lawyer to explain the majority of precedence that defines the legal terms these days... save to say the the latin:

• "possess" - broadly meaning "occupied, held"
• "custos" broadly meaning "guardian"; and
• "contra"- broadly meaning "against" + "rotulus" broadly meaning "a roll" - i.e. keeping and checking a register

Confusingly, a custodian could also be an IT system and not necessarily a person. Who is in Possession, custody or control of a global enterprise-wide cloud-based SAP Hana installation?

There may be a named individual, but with systems becoming more autonomous and intelligent, this is likely to become more difficult to distinguish.

The advent of the Cloud Act in the United States has helped to clarify some of the nuanced questions regarding the location of data, but it is good to remember that different countries have different laws and regulations regarding jurisdictional issues.

For instance in Switzerland there is the blocking statute which can result in criminal penalties and strict banking secrecy and privacy laws (more on those another time).

If you are unsure, it is always wise to ask questions about where the data resides and whether there might be applicable laws in that country.

Back to the question, the following is a nice definition from Morgan Lewis [2]:

"One of the most important steps in the litigation hold process is deciding who should receive the instruction to preserve information. As a threshold matter, in order to ensure a company’s routine destruction procedures are suspended, the Director of Information Technology or anyone else in charge of data storage or technology issues for the employer should receive a copy of the litigation hold. Anyone else who may have potentially relevant information should also receive the litigation hold. This often includes an employee’s managers, supervisors and certain co-workers as well as HR employees and anyone who participated in the employment action(s) at issue".

And systems.. don't forget systems...

Again, I stress, these matters are complex, so legal advice must be sought. Don't simply assume that you have the right people and systems. People move globally these days, their data may not be where you think it is. They may have changed names or usernames at some point, upgraded their system, been migrated from a legacy system.. you get what I mean.. it can be conplex.

WHEN is litigation hold required?

As soon as litigation is "reasonably contemplated" steps should be taken to preserve data relevant to the legal issues (all the bad stuff too!).

Globally there are many variation, but the broad approach is that a litigation hold instruction to you as a Technology employee, should be acted on urgently to avoid the potential loss of relevant data.

Much of this process can be automated but you should also be aware of and communicate the challenges and weakness of the systems that hold your data.

If you select a hold for someone's OneDrive, what data is held? What happens to data that has already been deleted to the OneDrive Recycle Bin?

Are there gaps in archiving or journaling that mean a specific date range is not available - like last year when your EnterpriseVault went down for a week...?

As an IT professional, you need to be aware of the scope and retention of your systems and what the 'hold' actually means for the specific system, be it Office 365, SAP or the Car Parking application (I've dealt with one of those for Discovery before!)

When the specific data requests follow during the discovery process, there are many other factors that should be considered:

Does document level encryption negate you ability to comprehensively search?

What about documents that cannot be searched, such as scanned PDFs?

What about documents that are relevant but were infected with a virus (and there are lots of those)..?

What you need is a data map for each person, level, department, entity or system so it can be easily referred to in times of crisis.

Conclusion

I've tried to stick to the three most searched questions here, but that is difficult to define. As an IT or security professional you should make sure that you're broadly appraised of the concepts so you can understand the real intentions and definitions and try to avoid the mis-interpretation of "I need all John Smith's emails" to mean export his exchange mailbox.

Ask questions about what is meant and have a policy, procedures and a decent map in place to be able to ask the useful questions.

If you’re a lawyer who’s read this far:

1. Avoid legal jargon. Make sure any notice is easy to understand and highlights what the IT employees and those subject to the hold need to do.

2. Use the language of the client. Understand how certain documents and systems are referred to by asking employees in different departments. O365 might not make sense, but e-mail will.

3. It’s rare a company does not know its own IT systems. It’s more likely the first person you do speak to is not the best person to answer your questions. in a big organization there might be people who are assigned a role for this task. And don’t assume that person knows everything.

4. Most data maps are system based and might not contain the information necessary to search or retrieve content.

5. Avoid coming back for more. Cast the net wide and filter down. Data sizes are no longer relevant with the eDiscovery technology available.

I also believe most clients prefer it if you discuss up front with them whether e-discovery is an area of focus for you and whether additional help is needed, either from a specialist firm or service provider. Others have said they don’t need their litigators to be all things to them, but they do need to understand the risks to the client and its business of whatever the lawyer proposes. Clients are not well served by negative surprises. Asking for e-discovery expertise may save the client headaches and costs over the course of the litigation.

Note: My intention is not to give legal advice or opinion, but to act as a guide for those less familiar.

The next articles will focus on: eDiscovery - The World's Most Searched Questions - for the IT Crowd, Litigation - The World's Most Searched Questions - for the IT Crowd; and Regulatory Investigation - The World's Most Searched Questions - for the IT Crowd.

Let me know if you have any other suggestions. Feedback, commentary, criticism and opinion is most welcome!

HTH,

Martin.

#legal #legalops #compliance #IT #technology #legaltech #regtech #legaltech19 #legalweek19 #legalweek #counsel #litigation #forensic #investigation #microsoft #ediscovery #litigationsupport #hold

* There are of caveats to the "impactful" headline. First, search is multifaceted. The results that a search engine gives will depend on a number of factors. These include, but are not limited to: your location, the device and browser you are using, search history, the settings you've selected; the web based services you are signed into, what advertisers have paid for and whichever nationally sponsored hacking group is manipulating what you see. These results are based on the United States. I've "googled" heavily to get what I think is the better (not just the first) answer. In the age of opinions I try to steer clear of having one when I write. Also.. speak to the lawyers. They know what they need!!

[1] https://searchstorage.techtarget.com/definition/litigation-hold

[2] https://www.morganlewis.com/pubs/possession-custody-or-control-a-perennial-question-gets-more-complicated