Legal holds and preservation are the hot topic at most of the electronic discovery conferences these days. When faced with anticipated or pending litigation or government investigations, corporations have an obligation to preserve potentially relevant evidence, specifically preventing spoliation or the willful or inadvertent destruction or alteration of relevant documents.
What are the legal requirements associated with preserving documents required for e-discovery? How do these requirements differ from those that would normally take place during the regular course of business? Why is this important to IT staff?
Preservation Obligations & Triggers
The origin of the duty to preserve potential evidence arises from the common law and has generally been held to be an affirmative duty. That is, it is not sufficient for a company to notify all employees of imminent litigation and expect that each and every one of them will then retain and produce all relevant documents. Rather, the corporation AND its counsel have a duty to oversee compliance with any litigation hold and actually monitor all ongoing efforts to so handle such documents.
Unfortunately, the "trigger" of that duty is often unclear and may apply at any of several stages. These may include receipt of a demand letter or onset of administrative action prior to a complaint being filed, after the complaint is filed, after a "preservation letter" is sent, or after a protective order is issued. From an IT-standpoint, however, the "trigger" of the duty is the notice from the Corporate Legal Department (CLD).
The notice of what is to be preserved may vary from a common law duty to preserve all relevant information to notice of a preservation request for specific types of data, such as email stores, active files of varying types, forensic material and even archival records. Best practice is for the General Counsel (GC) to meet with IT and review the preservation request prior to sending it out so that it is clear, actionable and measurable.
Courts have been establishing rules for working with digital evidence. The Federal Rules of Civil Procedure (FRCP) have dealt extensively with electronic discovery and even go so far as to set forth in Rule a "Duty to Investigate and Disclose. Prior to a FRCP 26(f) conference, counsel shall review with the client the client's information management systems, including computer-based and other digital systems, in order to understand how information is stored and how it can be retrieved. Since this duty is triggered early, the preservation discussion serves double duty by preparing counsel for the disclosures.
Some courts have even extended this requirement under local rules. See, for instance, District of New Jersey, Local Rule 26.1(d)(1) which states, "To determine what must be disclosed pursuant to FRCP 26(a)(1), counsel shall further review with the client the client's information files, including currently maintained computer files as well as historical, archival, back-up, and legacy computer files.."
The result is that two types of proactive demands/requirements are becoming more common. The first is that under a common law theory, a duty to preserve exists even in the absence of a preservation letter or order. The second is that if working with a preservation letter or formal motion to preserve, several factors should be weighed. These factors were set out in Capricorn Power Company, Inc. v. Siemens Westinghouse Power Corporation, Civil Action No. 01-39J, 2004 WL 870659 (W.D. Pa. April 21, 2004) and include the following:
- The level of concern the court has for the continuing existence and maintenance of the integrity of the evidence in question in the absence of an order directing preservation of the evidence;
- Any irreparable harm likely to result to the party seeking the preservation of evidence absent an order directing preservation;
- The capability of an individual, entity, or party to maintain the evidence sought to be preserved, not only as to the evidence's original form, condition or contents, but also the physical, spatial and financial burdens created by ordering evidence preservation.
Once the duty to preserve has been established, the Court's authority to sanction a party for failing to preserve documents is not only inherent but statutorily defined by FRCP 37. The most severe sanctions, such as entry of default judgment or criminal punishment, are generally reserved for the intentional destruction of digital evidence. See Procter & Gamble Co. v. Haugen, 2003 WL 22080734 (D.Utah Aug. 19, 2003)
Standards for failure to preserve vary, and judges have a significant amount of discretion to levy a wide range of penalties for negligent spoliation. These may include fines, attorneys' fees and well-feared spoliation inference instruction to a jury. Illustrative is the jury charge in Zubulake V that included the following wording and resulted in a substantial finding for the plaintiff:
"[i]f you find that [defendant] could have produced this evidence, and that the evidence was within its control, and that the evidence would have been material in deciding facts in dispute in this case, you are permitted, but not required, to infer that the evidence would have been unfavorable to [defendant]."
Why such severe repercussions? Because spoliation goes to the heart of the litigation process and is considered by courts to be close to perjury. So the preservation duty must be taken seriously and must begin once litigation becomes "likely."
If we keep everything, our servers will keel over.
IT's Role in the Preservation Process
The good news is that while the duty to preserve evidence is a broad one, it does not require a litigant to keep every scrap of paper or electronic document. The bad news is that is probably DOES require an enterprise-wide assessment of all systems and software to determine what should be preserved.
Records and information management systems will comprise a key component of any such assessment and eventual preservation policy, especially where it can be used to suspend document destruction. However, the duty to preserve goes beyond documents under "records management" to include potentially relevant evidence in any format or location throughout the enterprise.
This is why the role of the IT department is a crucial component of the preservation process. Since it is the IT staff that is tasked with maintaining all enterprise-wide information, their involvement in both crafting and implementing an enterprise wide preservation solution is absolutely critical.
Given this new focus on the importance of the IT department in the preservation process, what new tools are being developed in the e-discovery market that can help IT assist in managing the process of identifying and preserving electronic content for compliance, investigation, and litigation needs? One is the concept of a preservation repository.
In essence, a preservation repository is a total enterprise solution for managing the process of identifying and preserving electronic content for compliance, investigation, and litigation needs. At its simplest, this would comprise a four step process:
- Define parameters of preservation obligation
- Collect relevant files not preserved by Records Management Systems
- Aggregate in preservation repository with Records Management functionality
- Respond to specific Discovery Request for Production
Specifically, the process works by collecting ALL enterprise documents relevant to the preservation duty and includes the following steps:
- Initiate a Preservation Obligation event by defining the scope of the preservation obligation, including parameters for preservation such as the potential custodians, date ranges and subject matters.
- Issue a preservation hold notice by first drafting a preservation notice and instructions, sending the notice via email to a defined distribution list, capturing all notice acknowledgements and putting in place a system to manage alerts and reporting.
- Identify all relevant document locations in the enterprise through a combination of custodian interviews, staff feedback, and enterprise searches.
- Conduct a network topology and business process assessment which lists key players and data repositories
- "Preserve in place" all relevant documents where possible. This includes legal holds through current record management structure and apply that policy to email archives, back-up tapes and paper repositories.
- Define preservation parameters such as file type, date range, etc.
- Move target files from existing locations to a "staging server"
- Move files from staging server to Preservation Repository
- Ensure all file moving meets evidence standards (chain of custody and authenticity, particularly dates and context).
The Preservation Framework
A preservation system allows the GC or IT to work with files, including both extracted email stores and compressed files. The system retains them in a secure, scalable repository that can be searched by both metadata and keywords. Files can be viewed in their native format and then tagged or organized into review sets.
Once reviewed, the tagged files can be exported to an evidence management system, where they can be aggregated with evidence from other sources, such as Enterprise Content Management (ECM) and email archival systems, backup tape restores, and paper scanning. These aggregated documents can then be reviewed and categorized (issue coding, privilege, etc) for production to the requesting party.
Alternatively, the organization may select files and move them to a preservation repository via standard Windows clients. They can then be reviewed with whatever other evidence management tools and techniques the legal team currently uses.
In order to configure a preservation response system and repository, the enterprise and CLD will need to rely heavily on the involvement of the IT department. Questions such as "What systems the preservation repository will support?" and "Will specific software or hardware will be required to make all the necessary data transfers and reviews?" can best be answered by the IT staff.
In addition, the IT staff is in the best position to:
- Identify relevant repositories through combination of custodian interviews, feedback, and enterprise search in collaboration with the legal team
- Perform the network topology and business process assessment
- List key players and data repositories
- "Preserve in place," where applicable, by applying existing records management policy to email archives, back-up tapes and scanned paper repositories.
The IT staff is also best suited to determine any other technical issues associated with putting a preservation repository in place, such as how the repository impacts normal destruction and preservation policies in collaboration with Records Management or Compliance.
Completing the Process
Once evidence is produced to a requesting party, it will be labeled as such with Bates labels at the page level and a Bates range at the document level, unless produced natively. These identifiers and the TIFF's produced will make their way back into the preservation repository. The GC can then re-use work product for matters involving the same custodians or subject matter and easily save tens of thousands of dollars in redundant review. The bottomline?
- Legal risk is reduced by capturing the privilege calls on particular documents so they will not be inadvertently produced in another matter;
- Cycle time for production is reduced for new matters when a good faith production can be made by pulling previously produced responsive material from the preservation repository while taking time to review new documents;
- And, once a particular matter is complete, if there are no other litigation holds or regulatory requirements for the document set or subset of the document set, the preservation repository's records management functionality can be invoked to defensibly destroy the documents.