legal hold

Litigation Hold in Exchange 2010

Bill Tolson eDiscovery, Technology , , , , , ,

Litigation hold (also known as a preservation order and legal hold) all have the same legal meaning; a stipulation requiring an individual or organization to preserve all data that could relate to a anticipated or pending legal action involving the individual or organization. The litigation hold responsibility is one of the biggest liabilities individuals and organizations have in the civil litigation process. If a litigation hold is ignored or insufficiently applied, the Judge will not tolerate excuses and the outcome can be a spoliation or destruction of evidence ruling which in turn can cause an adverse inference order be issued and loss of the case. Several third party eDiscovery applications provide for litigation hold placement on individual items to reduce over saving of non-responsive ESI.

In Exchange 2010, Microsoft suggests placing a custodian’s entire mailbox on litigation hold. In other words specifically putting a custodian’s mailbox on litigation hold ensures an indefinite retention on all content, even the content not relevant to the case at hand, in the user’s mailbox until the mailbox is removed from Legal Hold. This shotgun tactic does ensure all potentially responsive ESI is retained at the time of placement but many attorneys are leery of blindly placing a litigation hold on all content due to the possibility of over retaining ESI that is not responsive to the current case but could be in a future case.

To put a custodian’s mailbox on litigation hold in Exchange 2010, the person making that decision needs to be part of the “Discovery Management” Role in Exchange.  By default there are no approved auditors in the organization, including the Exchange Administrator, which has the right to put a user’s mailbox on litigation hold.  The Exchange Administrator can go into the Exchange Control Panel and give themselves (and others) the right to enable litigation hold for mailboxes.

Another caveat for Exchange 2010 litigation hold is that it could take upwards of 1 hour before a litigation hold takes effect on a given custodian’s mailbox. This is because the policy needs to be enacted on all messages and folders in the mailbox and be replicated through Active Directory. With litigation hold enabled, all messages, regardless of the organization’s retention policy will be retained until released.

Another aspect of placing effective litigation holds in Exchange 2010 is the question of PST files. PSTs are a long running problem area for corporate legal as well as the IT department. The problem is this; PSTs include email, attachments and metadata no longer preset within the Exchange email system. So when an auditor searches a custodian’s mailbox from Exchange 2010 for relevant emails and attachments, they aren’t able to search for any PSTs the custodian has on their local workstation.

It doesn’t it really matter where my organization’s ESI is kept…right?

Bill Tolson eDiscovery , , , , ,

Where companies store their electronically stored information (ESI) is of no concern to attorneys… right? Say what?

There’s an on-going debate over the question of where the “best” place is to store a company’s ESI for legal reasons; in the company’s own facility (on-premise) or in a third party’s  facility (hosted; also known as “storage as a service”, SaaS). The answer to this question really depends on several factors. There are three main questions to ask yourself when considering this question from a legal perspective; where’s the best place to store the organization’s ESI? The first question to ask is; is my ESI secure and can I prove it has not been altered in any way; in other words is it defensible? The second question to ask yourself is; can I access my ESI quickly enough to place legal holds and perform searches based on discovery requests? And the third question is; do I have access to the full ESI data set for ECA purposes and to insure I can fully respond?

Let’s review these topics you need to keep in mind when dealing with ESI in litigation. First, when litigation is reasonably obvious, you have a responsibility to immediately protect all ESI which could be responsive in the approaching civil case. This responsibility is an absolute requirement in U.S. Federal courts and most state courts. There are few if any excuses a Judge will swallow for a responder inadvertently deleting potentially responsive ESI after your legal hold responsibility has been triggered.

Second, the time frame you’ll have to fully respond to an eDiscovery request is generally much shorter now than in the past (pre 12/2006). Quick and complete access to all potentially responsive data is extremely important when responding to an eDiscovery request.

And third, good intentions can mean something to the court. A company that actually plans and documents their processes etc. for litigation hold and eDiscovery will mean something to the Judge (possibly) if you have an inadvertent ESI deletion.

The Pension Committee Ruling – Revisited

Bill Tolson eDiscovery , , , , ,

Conclusion from Law.com article: Pension Committee – One Year Later

If the trend exemplified by Victor Stanley II and Rimkus is any indication, Pension Committee‘s bright-line rule that failing to issue a written legal hold constitutes per se gross negligence may not be widely accepted by other judges. To the contrary, the consensus view appears to be moving away from per se rules governing the conduct of e-discovery in favor of case-by-case analysis.

It should, nonetheless, be stressed that the issuance of a written legal hold is good practice and in many cases the failure to do so may constitute negligence or even gross negligence. Litigants should not interpret judicial embrace of the concepts of reasonableness and proportionality as a signal that doing less to preserve documents is now acceptable business practice.

The entire article can be seen here:

Are Custodial Self-Discovery and Preserving ESI in Place Good for You?

Bill Tolson eDiscovery , , , , , , , , , , , ,

A majority of organizations still follow the traditional practice of instructing custodians—that is, employees–to search for and protect potentially responsive electronically stored information (ESI) locally or what’s known colloquially as “preserving it in place”. In fact, the international law firm Fulbright & Jaworski found in its 7th Annual Litigation Trends Survey that more than half (55%) of companies still rely on custodians as their primary method to identify and preserve their own information for litigation or an investigation.

By following this practice, these companies, particularly those with larger numbers of custodians,  have a higher risk of incomplete collection, inadvertent deletion/spoliation, and metadata corruption. What’s more, it’s difficult for legal to supervise  the collection process,  leading to inadequate defensibility of the litigation hold and eDiscovery process.

In a 2008 Kahn Consulting survey on employee understanding of eDiscovery responsibilities, only 22% of respondents said they had a good understanding of their responsibilities for retaining ESI for discovery. Only 16% said they had a good understanding of their responsibilities when responding to a litigation hold. These statistics, while a few years old, blatantly highlight the risk of custodial self discovery and preservation in place.

Still not convinced? The courts are now holding litigants to a higher standard. In a recent case, Roffe v. Eagle Rock Energy GP, et al., C.A. No. 5258-VCL (Del. Ch. Apr. 8, 2010), the Judge expressed surprise overt the custodial self discovery practice used by one attorney:

The Judge asked:

Am I correct that you have been relying on what they [the defendants] self-selected to put in their transaction files in terms of what you obtained and produced?

The defense attorney answered:

That’s correct, your Honor. I was told that they uniformly would put all of their Eagle Rock e-mails into that folder. I have not checked, and I don’t know whether that is true or whether that is accurate. I believe they are telling the truth, but I don’t know if that is accurate.

The Judge immediately responded:

Then here is my ruling. This is not satisfactory. From what you have described to me, you are not doing what you should be doing. First of all, you do not rely on a defendant to search their own e-mail system. Okay? There needs to be a lawyer who goes and makes sure the collection is done properly. So both as to the two directors who already have produced — we don’t rely on people who are defendants to decide what documents are responsive, at least not in this Court. And you certainly need to put somebody on a plane to go out and see Mr. Smith.

In this exchange, the Judge clearly states: We don’t rely on people who are defendants to decide what documents are responsive. Custodial self-discovery is like the fox guarding the chicken coop.

Relying on litigants to find, protect and eventually turn over potentially responsive ESI can be problematic. Most of them will attempt to do what’s right to the best of their understanding. But as we’ve seen from the 7th Annual Litigation Trends Survey, fewer  than1 in 4 (23%) have a good understanding. Those few that could have something to hide may find ways to do a sub-par job in the discovery process. If I am the opposing counsel, I  want to know if self discovery was relied on.

So what is a defensible answer for the risks posed by custodial self discovery and preservation in place? Well in my opinion—and I’m about to sound like a corporate schill–you need an ESI archive, which captures the majority of potentially responsive ESI from the in-house infrastructure along with a solution for the remote collection of custodian ESI from their locally controlled equipment.

First, a central ESI archive that captures, indexes, stores, protects, manages and disposes of ESI allows for central discovery of ESI for silos like email systems, share drives and SharePoint systems.

So what can be done for the discovery of locally controlled custodian locations?

Some organizations centrally backup custodian workstations on a regular basis. But relying on restoring backups and searching for responsive ESI has never been considered a good idea. It’s also expensive.

What if you could schedule forensically sound backups of all custodian workstations and use those backups of custodians’ workstations to discover against, even when those custodians are traveling and not synced to the organization’s infrastructure?

A consolidated metadata repository provides enterprises with an accessible catalog of the types of data and content stored on PCs. Using flexible metadata selections, administrators can quickly identify information that is relevant to litigation or compliance matters and, if necessary, retrieve that relevant data from the solution for further review.

Are Custodial Self-Discovery and Preserving ESI in place a good idea?

Bill Tolson eDiscovery , , , , , , , , , , , ,

A majority of organizations still rely of the practice of instructing custodians to search for and protect potentially responsive ESI locally or “preserve it in place”. In its 7th Annual Litigation Trends Survey, Fulbright & Jaworski reported that 55% of responding companies still rely on custodians to identify and preserve their own information as the method used most frequently to preserve potentially relevant information in litigation or an investigation.

Custodial self-discovery and “preservation in place” is a potentially risky in that, especially with larger numbers of custodians, the risk of incomplete collection, inadvertent deletion/spoliation, and meta data corruption is greatly increased, legal supervision of the collection process is impossible leading to inadequate defensibility of the litigation hold and eDiscovery process.

In a 2008 Kahn Consulting survey on employee understanding of eDiscovery responsibilities, only 22% of respondents said they had a good understanding of their responsibilities for retaining ESI for discovery. Only 16% said they had a good understanding of their responsibilities when responding to a litigation hold. These statistics blatantly highlight the risk of custodial self discovery and preservation in place.

The courts are now holding litigants to a higher standard. In a recent case, Roffe v. Eagle Rock Energy GP, et al., C.A. No. 5258-VCL (Del. Ch. Apr. 8, 2010), the Judge was surprised at the custodial self discovery practice one attorney was relying on:

The Judge asks;

Am I correct that you have been relying on what they [the defendants]  self-selected to put in their transaction files, in terms of what you obtained and produced?

The defense attorney answers;

That’s correct, your Honor. I was told that they uniformly would put all of their Eagle Rock e-mails into that folder. I have not checked, and I don’t know whether that is true or whether that is accurate. I believe they are telling the truth, but I don’t know if that is accurate.

The Judge immediately responds to the defense attorney;

Then here is my ruling. This is not satisfactory. From what you have described to me, you are not doing what you should be doing. First of all, you do not rely on a defendant to search their own e-mail system. Okay? There needs to be a lawyer who goes and makes sure the collection is done properly. So both as to the two directors who already have produced — we don’t rely on people who are defendants to decide what documents are responsive, at least not in this Court. And you certainly need to put somebody on a plane to go out and see Mr. Smith.

In this exchange, the Judge clearly states; we don’t rely on people who are defendants to decide what documents are responsive. Custodial self-discovery is like the wolf guarding the chicken coop.

Relying on litigants to find, protect and eventually turn over potentially responsive ESI can be problematic. Most of them will attempt to do what’s right; to the best of their understanding (less than 23% have a good understanding). Those few that could have something to hide may find ways to do a subpar job in the discovery process. If I am the opposing counsel, I am going to want to know if self discovery was relied on.

Effective Records Management Greatly Benefits the Legal Dept for eDiscovery

Bill Tolson eDiscovery, records retention , , , , , , , , , , , , ,

Many (but not all) corporate legal types consider ESI retention management as the legal hold process. Not a bad thought but really falls short of a true corporate definition of the term. To records managers ESI retention management refers to the systematic retention and disposition of the organizations electronic business records; either for the day to day running of the business, regulatory compliance or litigation support. And in this case I believe the records managers are right.

ESI retention management, also known as records management, needs to be better understood by corporate legal because the proper management and deletion of electronic business records have a direct relationship to the corporate legal department for both legal holds and eDiscovery.

A properly managed ESI records management system allows legal to quickly find and place on legal hold, all archived potentially responsive electronically stored information thereby reducing the risk of spoliation; destruction of evidence. A centralized ESI management system will also act as a on-going collection point so that when eDiscovery starts, the collection phase is already taken care of for that ESI already under management. Because the archive acts as an on-going collection point, the legal department can quickly search the ESI archive for responsive ESI and begin their culling and review responsibilities almost immediately; without the need to spend days or weeks trying to find/collect potentially responsive ESI.

A Proper Legal Hold Requires More Than Just an Email to a Few Employees

Bill Tolson eDiscovery , , , , , , , , , , , ,

In the recent case; Jones v. Bremen High School Dist. 228, 2010 WL 2106640 (N.D. Ill. May 25, 2010), one of the discovery points made in the decision was what is the appropriate legal hold process to meet an organization’s legal hold responsibilities.

The court determined that the defendant breached its duty to preserve by failing to immediately issue a litigation hold to “all employees who had dealings with plaintiff” and by relying on only a few individual employees to identify and preserve responsive email. The Judge stated:

It is unreasonable to allow a party’s interested employees to make the decision about the relevance of such documents, especially when those same employees have the ability to permanently delete unfavorable email from a party’s system.  As one court has noted, “simply accept [ing] whatever documents or information might be produced by [its] employees,” without preventing defendants from clearing the hard drives of former employees, was improper.  Most non-lawyer employees, whether marketing consultants or high school deans do not have enough knowledge of the applicable law to correctly recognize which documents are relevant to a lawsuit and which are not.  Furthermore, employees are often reluctant to reveal their mistakes or misdeeds.

The court also rejected defendant’s argument that placing a proper litigation hold would have resulted in burden to the defendant and noted the troublesome nature of defendant’s failure to produce the document retention policy posted on the district’s website.   The court then determined that plaintiff had been harmed by the delayed production of documents as well as the possibility that emails had been permanently deleted.

This case again highlights the need to comprehensive and tested litigation hold policies. A comprehensive Information Management solution should include central control of all ESI and the ability to search for the responsive ESI and place a secure litigation hold on it immediately.

The full case review can be viewed at eDiscoverylaw.com

Backups are an effective eDiscovery resource, if it’s the right backup

Bill Tolson eDiscovery, Technology , , , , , , , , , , , , , , , , ,

I have always been told relying on backups for eDiscovery purposes is a costly and time consuming mistake.

Searching through backup tapes or even a disk-based backup for eDiscovery is difficult. Imagine restoring 22 200 GB backup tapes of your employee workstations and

Consider an eDiscovery request which asks for any files on 73 custodian workstations which contain the terms “Mimosa” and “Iron Mountain” that were created or accessed between Feb 19 2008 and June 3 2010, all the while meeting a 30 day deadline from the court to produce. How would you quickly determine what if any responsive content exists on those 73 custodians laptops/desktops?

The scenario I laid out above is not a corner-case, made-up situation. I have seen this many times. Many of you will recognize a situation very close to this.

Now consider one additional requirement to the above scenario… you must insure any responsive ESI on those workstations are secure and not deleted (litigation hold) by the custodian starting right now.

Active content on custodian workstations and laptops is the single biggest risk when facing litigation hold and eDiscovery responsibilities for most organizations. The usual processes most organizations follow for custodian resource collection is either:

  1. Custodian led collection: the organizations legal department sends out a detailed email to all custodians’ involved asking them to search for specific content on their system (including any PSTs) and forward any results to the legal department. Many opposing counsel’s have a problem with this process

or

  1. The legal department creates collection teams which consist of a legal department employee and an IT employee to visit each custodian’s workspace to look for responsive ESI, usually including the imaging of the custodian’s hard disks. This imaging of the custodian’s hard disk takes hours and then has to be filtered somewhere else to look for responsive content.

What if you could utilize your centrally managed custodian workstation/laptop backup process for eDiscovery purposes?

Iron Mountain has addressed this major eDiscovery risk and cost with its newly announced Connected® Classify & Collect, a solution which simplifies the collection process for distributed PC ESI to comply with a legal hold request as well as discovery. The Connected Classify & Collect offering helps businesses to quickly find relevant data on laptop and desktop computers to meet litigation and compliance requirements.

The Connected® Classify & Collect offering makes laptop and desktop data easily visible, searchable and usable. It also protects data and prevents accidental deletion to support eDiscovery or internal investigations. Its enterprise-class data-classification capabilities give administrators visibility into vast amounts of data stored on enterprise PCs and allow them to lower eDiscovery costs by quickly collecting relevant information to be used for early-case assessments and first-pass reviews.

An interesting twist to this capability is the fact that even if the custodian is disconnected from the network, Classify & Collect can discover against the existing centrally managed backup of each custodian’s workstation or laptop. The next time the custodian connects to the network, additional searching will be accomplished automatically in the background on the custodian laptop.

Additionally, the Connected Classify & Collect offering helps businesses establish a thorough and defensible collection process with its ability to track all activities, including the search terms and documents returned to support internal reviews.

Eight Tenets for Building Effective Records Retention Policies

Bill Tolson eDiscovery, records retention , , , , , , , , , ,

Corporate records retention policies for many companies are afterthoughts with little understanding of how the company truly uses its documents/records/ESI. In my experience, many companies leave the decision of whether to keep records and for how long to their employees. This strategy is dangerous and costly when litigation is potentially possible. Allowing your employees total control over records and ESI drives the cost of eDiscovery up because you greatly multiple the number of possible storage ares you must check for responsive records. It also increases the risk of spoliation when a litigation hold is required.

So to lower your cost and risk during eDiscovery, creating and enforcing effective records retention policies is a great first step to take.

Building effective records retention policies for eDiscovery preparedness, storage management, regulatory requirements etc. is not an exercise that should be done by a single individual or department. Put a cross departmental team together to fully understand how your organization uses and discards records.

The Eight Tenets:

  1. Understand any and all regulatory retention requirements you may have. Every organization will have federal or state retention requirements. The most obvious is the HR related regulations.
  2. Understand how and why your employees use data. You don’t want to create policies that make employees less productive or take away their ability to use and reference the data the need for their jobs.
  3. Create a common sense retention schedule. Don’t create an overly complex schedule that employees will quickly find ways to work around or ignore. Keep in mind the 5 second rule: If it take employees more than 5 seconds to decide how long to keep a record/document, they will almost always choose the longest retention period available.
  4. Build in a ESI litigation hold process…and test it.
  5. Train your employees on the new policies and insure they understand why the policies were created.
  6. Enforce the retention policies with audits and punishments if not followed. This step is important in litigation to be able to show the Judge of your “good faith intent” to insure ESI is not recklessly destroyed.
  7. Insure the language of the poplicy stands up to scutinity in the event of litigation by having your external counsel review the policies annually.
  8. And lastly, document everything you have done.

Depending on the size and complexity of your infrastructure, an ESI archive may be appropriate.

Manual Litigation Holds are Risky

Bill Tolson eDiscovery , , , , , , ,

In the case Pinstripe, Inc. v. Manpower, Inc., 2009 WL 2252131 (N.D. Okla. July 29, 2009), the defendant ran afoul of the litigation hold requirement by relying on a manual form of placing litigation holds, e.g. send litigation hold notices out to affected custodians.

The risk in this process is that 1. you have to send the notice out to all potentially affected custodians and 2. you have to be sure they read and understand the notice.

Many companies lose litigation before it really starts because they can’t effectively stop deletions of potentially responsive ESI.

The only way to insure you can stop ESI deletions when the litigation hold requirement is triggered is to take the management of ESI away from the individual custodians and centrally control it via an archive that captures and secures everything for some period of time.

With this strategy, the ESI can be managed and secured centrally which also allows for instantaneous placement of litigations holds on all potentially responsive ESI.

The key here is to use an ESI archiving system that captures a full ESI data set meaning for example not just email messages but also their attachments, calendar entries, task lists, contacts and attributes.

Also, for those of you that have SharePoint systems, be aware that SharePoint manages many more data type than just a record or document. Make sure you can capture and hold anything the eDiscovery request could ask for in a given ESI system.