The preservation of discoverable ESI in litigation is a core activity of any e-discovery team. It is also a key component of risk management. Obviously, if you do not preserve electronically stored information, and it is deleted, then you will never be able to find it or collect it, much less review and produce it. Just ask the Bush White House about that; they failed to preserve over five million emails. The whole nine-step e-discovery process depends upon proper preservation. So too does risk management. Unless you are the White House, your failure to preserve after notice is a sure road to sanctions. Risk control in e-discovery begins with the routine employment of effective litigation hold procedures. This is the best way to minimize the chance of inadvertent or intentional destruction of relevant electronic records.
This is a difficult task in the best of circumstances. Intel’s email preservation losses in the AMD antitrust case demonstrate that. Intel was trying to implement a very complex litigation hold procedure to preserve relevant evidence, but despite strong efforts by its team, it lost thousands of emails. The loss was caused by a number of mistakes, including design flaws in the notice and collection procedures, and the failure to suspend an automatic file deletion program for certain key witnesses. Spoliation was also caused by the simple human error of forgetting to look at a second tab of an Excel spreadsheet listing more key custodians.
Even when no human errors are made, and the system design is near perfect, spoliation can still occur for a variety of reasons. For one thing, even though a suit may already have been filed, you still may not be able to determine what ESI is relevant and should be preserved, and what isn’t. Under today’s liberal notice pleading rules in federal court, it can be difficult, some might say impossible, to know exactly what ESI should be preserved and who should be notified of the preservation obligation. Pleadings can be so vague that the scope of a litigation hold is frequently a guessing game, especially at the beginning of a case when the duty to preserve is triggered.
The typical analysis to determine preservation scope is threefold: (1) what is the subject matter of the discoverable ESI that should be preserved; (2) who are the witnesses and custodians who may possess or control the discoverable ESI; and (3) what is the time frame of the discoverable ESI. In many lawsuits, it is not obvious from the pleadings what the dispute is really all about and what subjects could be relevant. In fact, most disputes usually morph a few times and develop new issues as the facts and law are better understood by the parties and the court.
This kind of subject matter and issue determination must be performed right after a suit has been filed. At this point, the defense lawyers may know little or nothing about the case beyond what is stated in a complaint. Even worse, the preservation duty may be triggered even before a complaint has been filed, when it is reasonably certain that litigation is likely. At that point, it frequently requires a crystal ball to try to guess all of the issues in a case. It is often just as speculative and risk filled to try to determine who the witnesses may be in the case, and what additional employees or third parties may be custodians of discoverable information, even though not direct witness. Even the time component may be vague, and you may not be sure how far back in time you should go, or how far forward.
You could say why not just call opposing counsel and find out, but that presupposes a knowledgeable and cooperative adversary. In reality, it rarely works that way. If and when they do return your call, which may be days or weeks later, and you are in fact given “advice,” it is often deliberately overly burdensome and oppressive, and you are sorry you asked. Gamesmanship is still very much alive and well in the adversary system.
In view of the importance of proper preservation to facilitate justice and avoid sanctions, and the inherent difficulties of guesstimating scope of discoverability at the beginning of a case, the development of good preservation protocols is a prime directive of every e-discovery team. Internal corporate teams must try to set up systems that will mitigate against these inherent uncertainties and risks. But does this mean it is the first thing a new team should focus on? Should the team begin its work by developing final protocols in this area? Should the top priority be development of procedures for rapid response to litigation by preservation notices, suspension of automatic file deletion programs, and the like?
No! The development of formal hold systems is important, but the first task of a team must be to self-organize. You have to have a team before you can play the game, much less win it. This means finding the right team players. It also means having them come together and attain a certain level of training and cohesion. Only then can they take on a play as complicated and important as litigation holds. The team must also secure adequate funding and senior management support for the team mission. It has to be a team of winners with a promising future, not a dead end. Only after these preliminary organizational steps have been taken can the team function effectively. Recruiting the right team members is more difficult than most people think. So too is securing upper management buy-in and budget approvals.
Team staffing requires careful selection of compatible people from three different sectors: law, IT, and management. The three-part nature of the ideal team is shown in the diagram to the left by IBM, with management referred to as “business.” IBM consultants, like almost everyone else in the field, advocate for internal e-discovery teams. The IBM white paper The Impact of Electronically Stored Information on Corporate Legal and Compliance Management, advises companies to:
Have a plan and a process for discovery of ESI that you can improve over time. Understand your end-to-end process from discovery to production and the implementation of “holds.” This encompasses methods and practices that make sense for your organization, understanding where technology is needed to facilitate or improve process efficiencies or quality of results, and identifying which specific technology capabilities are required to make your end-to-end process effective. It is best accomplished through a cooperative effort among legal, IT, and the line of business (LOB) organizations (see above figure).
You can have a team with just lawyers and techs. The first e-discovery team by Cisco in 2001 started that way. But today, most agree you should also have a management/business component in the core team. They can come from one or more of several different departments, including records management, HR, Finance, Risk Management, Compliance or Operations. There are many different variations. It all depends on the particular organization, its structure and corporate culture. IBM explains that the line of business members are needed to assist legal and IT to “set and manage the business priorities; establish the policies and best practices; and, enforce the organizational compliance.”
The culture of business, law and IT are very different. That is why careful selection of candidates from each sector is important. Not all in-house lawyers are cut out to work with computer techs. He or she may be a good lawyer, but computer-phobic. They went to law school precisely because they hated computers, math and science. The same applies to IT personnel. Many dislike lawyers, or are not comfortable with any kind of people activities. They would rather work on code for hours than attend a meeting. That is, after all, why most of them went into that field. Management types drafted into this project may have similar prejudices and see this as a dead-end assignment. They hear that it has something to do with records management, lawyers and IT, and their eyes glaze over.
So, believe me, finding the right people for an e-discovery team is not easy. You should not simply pick the people who appear to have some time right now to work on this. Their aptitude and cultural readiness is more important. Most companies do not have interdepartmental teams, so there will be little precedent for this kind of cooperative endeavor, and high turnover at first is not uncommon. For all of these reasons, significant time has to be spent on education at the beginning of the group’s existence. That is why my involvement in a team is usually front loaded, and my time lessens as the team self-organizes and becomes fully functional.
At the beginning, it is important to be sure everyone has a rudimentary understanding of the e-discovery process and the mission and future tasks of the team, including the need to design and implement good preservation protocols. These protocols and other projects will allow the team to better manage the high risks of litigation. They will also save the company boatloads of money, as I have previously blogged about, from reduced e-discovery costs.
The first members of a team typically consider whether additional team members are needed. There should be at least two representatives from each of the three sectors, and frequently more than that, depending on the size of the organization, its history, and the complexity of the organization. A team needs enough members to accomplish its goals, but not so many as to become cumbersome and unworkable. If a team must have many members due to the complexity of the organization, then it usually breaks down into sub-groups. When that happens, the initial education, communication and cohesion process becomes much more challenging.
After a team is fully formed and operational, and everyone is fully briefed and understands its missions and upcoming activities, one of its first tasks is to address litigation hold and collection procedures. Still, at this point, you are not yet ready to design final preservation and collection procedures. For most teams, that is still a year or so away. Instead you create interim protocols.
Some companies have some kind of identification, preservation and collection system in place, even if it is not in writing. Typically, it involves preserving computer files by telling employees to look through their computers for relevant files, and when found, save a copy onto a central location, usually a server. When there is already some kind of system like this in place, the team begins by studying the current procedures and looking for areas that need improvement. Usually existing systems fail to cover all ESI, fail to preserve metadata, fail to authenticate with hashing, and are otherwise of questionable legal validity. They are also usually not well documented, hard to follow, and fail to address many common contingencies.
More often than not, there are no protocols at all. Lit-holds have only been dealt with on an ad hoc basis by a number of different people, each with their own ideas on how to go about it, and what the law requires. There you basically start from scratch. But whether you already have written procedures in place, or are designing them for the first time, in either case you are only going to be able to create interim preservation procedures. Final procedures come much later in the work of the e-discovery team.
The procedures, even the interim procedures, must comply with the current laws. For instance, it is probably not legally sufficient to simply send employees an email telling them not to alter or destroy relevant files, and then hope for the best. Much more follow-up is required. Otherwise, if a mistake is made, and ESI is destroyed or altered, the company could face severe sanctions. See Cache La Poudre Feeds, LLC v. Land O’Lakes Farmland Feed, LLC, 2007 WL 684001 (D.Colo. March 2, 2007) and my prior blog on this case. For this reason, as a best practice, many companies are now moving to automated systems that supplement employee compliance. Also, as Zubulake V teaches, reasonable lit-hold procedures should include direct interviews with the key players in litigation. Zubulake v. UBS Warburg LLC, 229 F.R.D. 422 (S.D.N.Y.2004). Also see the Duties blog page above.
The hold procedures, even the interim procedures, must also be designed to cover all potentially discoverable information maintained by the organization, even the PST files that some pack-rat employees may have all over the place. Sometimes the preservation obligation may include back-up tapes, sometimes not. It depends on the computer systems and the particular case. Most of the time it will not be required. The hold and collection procedures must also be capable of preserving at least some of the ESI metadata. In some instances, it may not be acceptable to have employees copy files to a centralized repository, as that act in itself will change the file date metadata.
As this work begins, the team will become painfully aware of a number of deficiencies in existing systems, including problems with permitted computer use policies, retention policies, and computer systems. There is usually a lack of information about exactly what information the organization has, and where it is all located. [It is, in effect, a lack of system metadata, data-about-data.] Most companies have only a vague idea of what they know, and who or what knows it. Few have complete, up-to-date knowledge of where all of their electronic information is stored. If you do not know what information you have, nor where it is all located, how can you possibly preserve it, much less produce it as required by law?
This common deficiency must be addressed early on by the team. They must take a complete inventory of existing ESI and map it. Then they need to classify the ESI accessibility according to Rule 26(b)(2)(B). When the team looks, they always find that the organization has far more information stored in its systems than management realized, and that much of it is unneeded and should have been destroyed long ago. So then the team works on rehabilitating the organization’s overall electronic records management, and moves on to destruction of unneeded ESI according to Rule 37(f).
The many deficiencies in existing systems, coupled with the stringent requirements of the law, end up forcing the team to design hold procedures that are difficult to follow, time consuming, expensive, and disruptive. That is because they must work with what they have, and what they know. Frequently it is chaotic. For instance, each employee may or may not have their own email archives, PST files. These files may be located on desktop PCs, laptops, thumb-drives, or CDs kept at home. Some employees may have multiple PST files, all of which now need to be searched and protected from alteration. Some may have none, but they may use their personal email accounts for work from time to time. The process of studying current practices and computer storage systems, and trying to design standard hold procedures that will preserve all discoverable ESI, will inevitably highlight the need to change existing systems so that better, more efficient, hold procedures can apply.
The team will not want the stop-gap procedures to be permanent. They are, after all, the people who must follow these protocols and implement the lit-holds. Most teams will recommend adjusting future IT purchases to include preservation criteria, typically adding or improving archiving and indexing software. It may also mean purchasing new software specifically designed to implement and manage litigation holds. The process usually requires a radical overhaul of existing document retention policies and practices, and a tightening of permitted computer usage.
After the new policies and systems are in place, the team can then design a final protocol for preservation and collection. It will be far better than the patchwork program first developed, and far less likely to fail and expose the company to sanctions as in the Intel case. It will also be far easier for the now matured team to operate, and to realize significant cost savings in the subsequent steps of ESI collection, analysis, review and production.