Litigation Hold in Exchange 2010


Litigation hold (also known as a preservation order and legal hold) all have the same legal meaning; a stipulation requiring an individual or organization to preserve all data that could relate to a anticipated or pending legal action involving the individual or organization. The litigation hold responsibility is one of the biggest liabilities individuals and organizations have in the civil litigation process. If a litigation hold is ignored or insufficiently applied, the Judge will not tolerate excuses and the outcome can be a spoliation or destruction of evidence ruling which in turn can cause an adverse inference order be issued and loss of the case. Several third party eDiscovery applications provide for litigation hold placement on individual items to reduce over saving of non-responsive ESI.

In Exchange 2010, Microsoft suggests placing a custodian’s entire mailbox on litigation hold. In other words specifically putting a custodian’s mailbox on litigation hold ensures an indefinite retention on all content, even the content not relevant to the case at hand, in the user’s mailbox until the mailbox is removed from Legal Hold. This shotgun tactic does ensure all potentially responsive ESI is retained at the time of placement but many attorneys are leery of blindly placing a litigation hold on all content due to the possibility of over retaining ESI that is not responsive to the current case but could be in a future case.

To put a custodian’s mailbox on litigation hold in Exchange 2010, the person making that decision needs to be part of the “Discovery Management” Role in Exchange.  By default there are no approved auditors in the organization, including the Exchange Administrator, which has the right to put a user’s mailbox on litigation hold.  The Exchange Administrator can go into the Exchange Control Panel and give themselves (and others) the right to enable litigation hold for mailboxes.

Another caveat for Exchange 2010 litigation hold is that it could take upwards of 1 hour before a litigation hold takes effect on a given custodian’s mailbox. This is because the policy needs to be enacted on all messages and folders in the mailbox and be replicated through Active Directory. With litigation hold enabled, all messages, regardless of the organization’s retention policy will be retained until released.

Another aspect of placing effective litigation holds in Exchange 2010 is the question of PST files. PSTs are a long running problem area for corporate legal as well as the IT department. The problem is this; PSTs include email, attachments and metadata no longer preset within the Exchange email system. So when an auditor searches a custodian’s mailbox from Exchange 2010 for relevant emails and attachments, they aren’t able to search for any PSTs the custodian has on their local workstation.

Advertisements

It doesn’t it really matter where my organization’s ESI is kept…right?


Where companies store their electronically stored information (ESI) is of no concern to attorneys… right? Say what?

There’s an on-going debate over the question of where the “best” place is to store a company’s ESI for legal reasons; in the company’s own facility (on-premise) or in a third party’s  facility (hosted; also known as “storage as a service”, SaaS). The answer to this question really depends on several factors. There are three main questions to ask yourself when considering this question from a legal perspective; where’s the best place to store the organization’s ESI? The first question to ask is; is my ESI secure and can I prove it has not been altered in any way; in other words is it defensible? The second question to ask yourself is; can I access my ESI quickly enough to place legal holds and perform searches based on discovery requests? And the third question is; do I have access to the full ESI data set for ECA purposes and to insure I can fully respond?

Let’s review these topics you need to keep in mind when dealing with ESI in litigation. First, when litigation is reasonably obvious, you have a responsibility to immediately protect all ESI which could be responsive in the approaching civil case. This responsibility is an absolute requirement in U.S. Federal courts and most state courts. There are few if any excuses a Judge will swallow for a responder inadvertently deleting potentially responsive ESI after your legal hold responsibility has been triggered.

Second, the time frame you’ll have to fully respond to an eDiscovery request is generally much shorter now than in the past (pre 12/2006). Quick and complete access to all potentially responsive data is extremely important when responding to an eDiscovery request.

And third, good intentions can mean something to the court. A company that actually plans and documents their processes etc. for litigation hold and eDiscovery will mean something to the Judge (possibly) if you have an inadvertent ESI deletion.

The Pension Committee Ruling – Revisited


Conclusion from Law.com article: Pension Committee – One Year Later

If the trend exemplified by Victor Stanley II and Rimkus is any indication, Pension Committee‘s bright-line rule that failing to issue a written legal hold constitutes per se gross negligence may not be widely accepted by other judges. To the contrary, the consensus view appears to be moving away from per se rules governing the conduct of e-discovery in favor of case-by-case analysis.

It should, nonetheless, be stressed that the issuance of a written legal hold is good practice and in many cases the failure to do so may constitute negligence or even gross negligence. Litigants should not interpret judicial embrace of the concepts of reasonableness and proportionality as a signal that doing less to preserve documents is now acceptable business practice.

The entire article can be seen here:

Are Custodial Self-Discovery and Preserving ESI in Place Good for You?


A majority of organizations still follow the traditional practice of instructing custodians—that is, employees–to search for and protect potentially responsive electronically stored information (ESI) locally or what’s known colloquially as “preserving it in place”. In fact, the international law firm Fulbright & Jaworski found in its 7th Annual Litigation Trends Survey that more than half (55%) of companies still rely on custodians as their primary method to identify and preserve their own information for litigation or an investigation.

By following this practice, these companies, particularly those with larger numbers of custodians,  have a higher risk of incomplete collection, inadvertent deletion/spoliation, and metadata corruption. What’s more, it’s difficult for legal to supervise  the collection process,  leading to inadequate defensibility of the litigation hold and eDiscovery process.

In a 2008 Kahn Consulting survey on employee understanding of eDiscovery responsibilities, only 22% of respondents said they had a good understanding of their responsibilities for retaining ESI for discovery. Only 16% said they had a good understanding of their responsibilities when responding to a litigation hold. These statistics, while a few years old, blatantly highlight the risk of custodial self discovery and preservation in place.

Still not convinced? The courts are now holding litigants to a higher standard. In a recent case, Roffe v. Eagle Rock Energy GP, et al., C.A. No. 5258-VCL (Del. Ch. Apr. 8, 2010), the Judge expressed surprise overt the custodial self discovery practice used by one attorney:

The Judge asked:

Am I correct that you have been relying on what they [the defendants] self-selected to put in their transaction files in terms of what you obtained and produced?

The defense attorney answered:

That’s correct, your Honor. I was told that they uniformly would put all of their Eagle Rock e-mails into that folder. I have not checked, and I don’t know whether that is true or whether that is accurate. I believe they are telling the truth, but I don’t know if that is accurate.

The Judge immediately responded:

Then here is my ruling. This is not satisfactory. From what you have described to me, you are not doing what you should be doing. First of all, you do not rely on a defendant to search their own e-mail system. Okay? There needs to be a lawyer who goes and makes sure the collection is done properly. So both as to the two directors who already have produced — we don’t rely on people who are defendants to decide what documents are responsive, at least not in this Court. And you certainly need to put somebody on a plane to go out and see Mr. Smith.

In this exchange, the Judge clearly states: We don’t rely on people who are defendants to decide what documents are responsive. Custodial self-discovery is like the fox guarding the chicken coop.

Relying on litigants to find, protect and eventually turn over potentially responsive ESI can be problematic. Most of them will attempt to do what’s right to the best of their understanding. But as we’ve seen from the 7th Annual Litigation Trends Survey, fewer  than1 in 4 (23%) have a good understanding. Those few that could have something to hide may find ways to do a sub-par job in the discovery process. If I am the opposing counsel, I  want to know if self discovery was relied on.

So what is a defensible answer for the risks posed by custodial self discovery and preservation in place? Well in my opinion—and I’m about to sound like a corporate schill–you need an ESI archive, which captures the majority of potentially responsive ESI from the in-house infrastructure along with a solution for the remote collection of custodian ESI from their locally controlled equipment.

First, a central ESI archive that captures, indexes, stores, protects, manages and disposes of ESI allows for central discovery of ESI for silos like email systems, share drives and SharePoint systems.

So what can be done for the discovery of locally controlled custodian locations?

Some organizations centrally backup custodian workstations on a regular basis. But relying on restoring backups and searching for responsive ESI has never been considered a good idea. It’s also expensive.

What if you could schedule forensically sound backups of all custodian workstations and use those backups of custodians’ workstations to discover against, even when those custodians are traveling and not synced to the organization’s infrastructure?

A consolidated metadata repository provides enterprises with an accessible catalog of the types of data and content stored on PCs. Using flexible metadata selections, administrators can quickly identify information that is relevant to litigation or compliance matters and, if necessary, retrieve that relevant data from the solution for further review.

Are Custodial Self-Discovery and Preserving ESI in place a good idea?


A majority of organizations still rely of the practice of instructing custodians to search for and protect potentially responsive ESI locally or “preserve it in place”. In its 7th Annual Litigation Trends Survey, Fulbright & Jaworski reported that 55% of responding companies still rely on custodians to identify and preserve their own information as the method used most frequently to preserve potentially relevant information in litigation or an investigation.

Custodial self-discovery and “preservation in place” is a potentially risky in that, especially with larger numbers of custodians, the risk of incomplete collection, inadvertent deletion/spoliation, and meta data corruption is greatly increased, legal supervision of the collection process is impossible leading to inadequate defensibility of the litigation hold and eDiscovery process.

In a 2008 Kahn Consulting survey on employee understanding of eDiscovery responsibilities, only 22% of respondents said they had a good understanding of their responsibilities for retaining ESI for discovery. Only 16% said they had a good understanding of their responsibilities when responding to a litigation hold. These statistics blatantly highlight the risk of custodial self discovery and preservation in place.

The courts are now holding litigants to a higher standard. In a recent case, Roffe v. Eagle Rock Energy GP, et al., C.A. No. 5258-VCL (Del. Ch. Apr. 8, 2010), the Judge was surprised at the custodial self discovery practice one attorney was relying on:

The Judge asks;

Am I correct that you have been relying on what they [the defendants]  self-selected to put in their transaction files, in terms of what you obtained and produced?

The defense attorney answers;

That’s correct, your Honor. I was told that they uniformly would put all of their Eagle Rock e-mails into that folder. I have not checked, and I don’t know whether that is true or whether that is accurate. I believe they are telling the truth, but I don’t know if that is accurate.

The Judge immediately responds to the defense attorney;

Then here is my ruling. This is not satisfactory. From what you have described to me, you are not doing what you should be doing. First of all, you do not rely on a defendant to search their own e-mail system. Okay? There needs to be a lawyer who goes and makes sure the collection is done properly. So both as to the two directors who already have produced — we don’t rely on people who are defendants to decide what documents are responsive, at least not in this Court. And you certainly need to put somebody on a plane to go out and see Mr. Smith.

In this exchange, the Judge clearly states; we don’t rely on people who are defendants to decide what documents are responsive. Custodial self-discovery is like the wolf guarding the chicken coop.

Relying on litigants to find, protect and eventually turn over potentially responsive ESI can be problematic. Most of them will attempt to do what’s right; to the best of their understanding (less than 23% have a good understanding). Those few that could have something to hide may find ways to do a subpar job in the discovery process. If I am the opposing counsel, I am going to want to know if self discovery was relied on.

Effective Records Management Greatly Benefits the Legal Dept for eDiscovery


Many (but not all) corporate legal types consider ESI retention management as the legal hold process. Not a bad thought but really falls short of a true corporate definition of the term. To records managers ESI retention management refers to the systematic retention and disposition of the organizations electronic business records; either for the day to day running of the business, regulatory compliance or litigation support. And in this case I believe the records managers are right.

ESI retention management, also known as records management, needs to be better understood by corporate legal because the proper management and deletion of electronic business records have a direct relationship to the corporate legal department for both legal holds and eDiscovery.

A properly managed ESI records management system allows legal to quickly find and place on legal hold, all archived potentially responsive electronically stored information thereby reducing the risk of spoliation; destruction of evidence. A centralized ESI management system will also act as a on-going collection point so that when eDiscovery starts, the collection phase is already taken care of for that ESI already under management. Because the archive acts as an on-going collection point, the legal department can quickly search the ESI archive for responsive ESI and begin their culling and review responsibilities almost immediately; without the need to spend days or weeks trying to find/collect potentially responsive ESI.

A Proper Legal Hold Requires More Than Just an Email to a Few Employees


In the recent case; Jones v. Bremen High School Dist. 228, 2010 WL 2106640 (N.D. Ill. May 25, 2010), one of the discovery points made in the decision was what is the appropriate legal hold process to meet an organization’s legal hold responsibilities.

The court determined that the defendant breached its duty to preserve by failing to immediately issue a litigation hold to “all employees who had dealings with plaintiff” and by relying on only a few individual employees to identify and preserve responsive email. The Judge stated:

It is unreasonable to allow a party’s interested employees to make the decision about the relevance of such documents, especially when those same employees have the ability to permanently delete unfavorable email from a party’s system.  As one court has noted, “simply accept [ing] whatever documents or information might be produced by [its] employees,” without preventing defendants from clearing the hard drives of former employees, was improper.  Most non-lawyer employees, whether marketing consultants or high school deans do not have enough knowledge of the applicable law to correctly recognize which documents are relevant to a lawsuit and which are not.  Furthermore, employees are often reluctant to reveal their mistakes or misdeeds.

The court also rejected defendant’s argument that placing a proper litigation hold would have resulted in burden to the defendant and noted the troublesome nature of defendant’s failure to produce the document retention policy posted on the district’s website.   The court then determined that plaintiff had been harmed by the delayed production of documents as well as the possibility that emails had been permanently deleted.

This case again highlights the need to comprehensive and tested litigation hold policies. A comprehensive Information Management solution should include central control of all ESI and the ability to search for the responsive ESI and place a secure litigation hold on it immediately.

The full case review can be viewed at eDiscoverylaw.com