Litigation Readiness

  • Education and Training
  • Cybersecurity
  • Policies for Hold Triggers 
  • Policies for Hold Implementation
  • Email Retention Policies
  • ESI Maps with 26b2B ID
  • Supervised ESI Destruction
  • Information Governance
  • Privacy

General. Litigation Readiness activities, which constitute the first pre-suit step of EDBP, are designed to facilitate the next four steps of EDBP: 2. Hold Notices, 3. Interviews, 4. Collections, and 5. Cooperation. These four steps occur in almost every case, even if discovery is stayed or the case is resolved early. Thus maximum efficiencies can be attained by  establishing set procedures to follow for Hold Notices, Interviews, Collections and communications with opposing counsel and court. Taking the time to prepare policies and procedures for e-discovery in litigation allows an organization to avoid expensive ad hoc inventions and variations. Litigation Readiness, when done correctly, should allow for substantial savings on future litigation expenses and reduce risk. Conversely, the failure to create and implement a reasonable litigation readiness plan, including ESI retention policies and lit-hold policies, can have a detrimental effect on preservation activities once litigation strikes. This is shown in Scentsy Inc. v. B.R. Chase LLC, No. 1:11-cv-00249-BLW, 2012 WL 4523112 at *8 (D. Idaho Oct. 2, 2012). Also see: Losey, R., Oral Hold Notice Invalidated as “Completely Inadequate” such that it “Borders on Recklessness” (2012).

Education and Training. There is a rapidly growing body of legal knowledge that should be learned by any attorney or paralegal that practices in this field of law, just like any other. There are also special skills that require training. Education and training are an important part of the practice of law in general, but no where are they more important than in electronic discovery. This field is so new, and advancing so fast, that it is very hard even for specialists that do nothing but e-discovery to keep up. As a consequence, everyone in this field must be both student and teacher. We must all spend time to train and be trained.

Cybersecurity 2Cybersecurity. Most law firms today are holding terabytes of client ESI in connection with litigation and investigations. Some are holding petabytes of client data. There is an enormous risk and liability involved with holding client data that the legal profession is just beginning to realize. This data has become a prime target of sophisticated computer hackers, including the Chinese government. Keeping client data secure from theft is an important ethical obligation of all attorneys. See the information resource on cybersecurity designed for attorneys, As a best practice for most law firms, but not all, we recommend outsourcing to specialist data hosting companies, typically the larger e-discovery vendors with proven expertise in cybersecurity. See eg: The Importance of Cybersecurity to the Legal Profession and Outsourcing as a Best Practice – Part One and Part Two, (e-Discovery Team, 2014); and, Best Practices in e-Discovery for Handling Unreviewed Client Data(e-Discovery Team, 2014).

Policies for Hold Triggers. Organizational policies and procedures should be created to govern how an organization will determine when Litigation Holds should be triggered. See The Sedona Conference® Commentary on Legal Holds: The Trigger and the Process, September 2010.

Policies for Hold Implementation. Related policies and procedures should be created for the implementation of the Holds. These written policies must be tailored to the particular needs of the organization and have built-in levels of proportionality of response. Id.  The flow chart below adapted from the Sedona Commentary can be included as part of an organization’s standard policies and procedures.

Email Retention Policies. Written policies should be created or updated that are tailored to the particular needs of the organization and coordinated with the litigation hold procedures. This requires careful study before adoption and may involve different retention times for different classes of employees. See: The Sedona Conference® Commentary on Email Management, August 2007.

Maps of ESI with Rule 26(b)(2)(B. High level maps should be created that include designations of inaccessibility under Rule 26(b)(2)(B). Although detailed mapping of information systems and locations of ESI is no longer favored because of the high rate of change most organizations experience,  at least some high level mapping is helpful for any complex systems. The creation of these maps is an IT function, not legal, but the designation of certain areas within the ESI storage architecture as protected under Rule 26(b)(2)(B) is an important legal service.  See: The Sedona Conference® Commentary on Preservation, Management and Identification of Sources of Information that are Not Reasonably Accessible, August 2008. So too is the preparation of one or more IT representatives to provide depositions, affidavits, 26(f) conference input, and 16(b) hearing input to opposing counsel and the court.

Supervised ESI Destruction. Old ESI that is no longer needed by the organization should be purged from systems, but this must be done in compliance with existing litigation holds and in a manner that brings the process within safe-harbor protections of Rule 37, Federal Rules of Civil Procedure Great care must be taken to avoid destruction of ESI that might be subject to a litigation hold and these efforts must all be carefully documented. The destruction is guided by requirements of good faith and routine operation of an electronic information system, including objective, expert, third-party analysis.

Depending on the circumstances, typically situations involving large scale data purges, an organization may want to have a third party supervise a formal audit and certify good faith and compliance with mandated routines. These routines and retention policies should be completed and in place before the destruction of data. Outside counsel can serve as an independent auditor to certify that the ESI destroyed was not subject to holds and was otherwise carried out in good faith compliance with the law. Also see generally: The Sedona Conference® Commentary on Inactive Information Sources, July 2009.

For good suggestions on mistakes to avoid in data purges, which in turn also suggests particular procedures to follow, including creation of a log or record of what was destroyed, see the final installment to the Rambus litigation saga examining the plaintiff’s shred days before filing suit. Hynix Semiconductor Inc. v. Rambus Inc., Case No. C-00-20905 RMW, USDC ND Calif. (Sept 21, 2012).

Information Governance. This is a large catch-all type category, that includes the above policy initiatives and litigation readiness activities, and much more. It addresses a need larger than litigation readiness, one which all large organizations have, for global policies and procedures to govern all information, both paper and electronic. The policies include:

  • Policies governing the retention and destruction of ESI of every form, not just email;
  • IT and employee security issues;
  • Information privacy and security issues;
  • Employee permitted use issues.

See: The Sedona Guidelines: Best Practice Guidelines & Commentary for Managing Information & Records in the Electronic Age, November 2007; The Sedona Conference® Commentary on Information Governance (Dec. 2013) (describes eleven principles on IG practice that all organizations should strive to adhere to). Various privacy initiatives should also be considered, both corporate, employee, individual, consumer, media. Privacy compliance in turn raises serious cross-border issues since the privacy laws of the U.S. are far more lax than the rest of the democratic world, especially in Europe where privacy is considered a basic human right.

For the latest in this area see the Information Governance Initiative that was launched in 2014. Their goal is to develop best practices for information governance using an interdisciplinary approach. The IGI website contains a broad list of activities they consider to be within the scope of Information Governance:

  • Information security
  • Data science
  • Electronic discovery
  • Business management
  • Compliance
  • Business intelligence
  • Analytics
  • Records management
  • Finance
  • Audit
  • Privacy
  • Risk Management
  • IT and Infrastructure Management

As you can see IGI considers Electronic Discovery to be a subset of Information Governance. In that sense Information Governance activities, which, according to IGI’s explanation, includes such things as Business Intelligence and Management, goes well beyond the scope of the EDBP. Our mission is limited to a collection of legal best practices for electronic discovery.


More detailed descriptions of best practices for Litigation Readiness will follow. In the meantime, if you have any suggestions and care to contribute to this project, or any questions (nothing case specific please), please leave a comment below.


3 thoughts on “Lit-Readiness

  1. Ralph,
    I recommend that EDBP emphasize lawyer/law firm and client security and information privacy issues in a preemptive and separate fashion in the EDBP model, as I feel it is the cornerstone of the attorney client relationship and the ability of counsel to effectively represent their client. In a lawyer-centric model it seems to me that it would be most important prelitigation to (1) ensure that the Law firm’s information managment and security systems are absolutely current and that lawyers are following them (BYOD comes to mind); (2) identify significant confidentiality and privilege issues viz-a-viz this particular client and this particular case; (3) determine potential challenges to security (i.e., will there be e-mail communication with the client; will mobile devices be in play); and (4) ensure that the lawyer’s staff and the client understand the need to safeguard confidences and privileged matter and know how that will be done. All this is done before addressing “IT and security issues” and specific “Information privacy issues”.

    Here is my view based on current lawyer (and judge) engagement in and understanding of eDiscovery: THEY DO NOT REALIZE ALL THE RAMIFICATIONS OF USE OF TECHNOLOGY BY THEMSELVES, LET ALONE THEIR CLIENTS. Even so-called sophisticated lawyers are getting into trouble with inability to safeguard client confidences (including trade secrets and irrelevant sensitive information as well as the privileged stuff). Why is it important for lawyers to understand information technology and to remain current in how people create, store and share information? The answer to this question is much more fundamental to law practice that most lawyers realize. The truth is, knowing the culture and devices that make up current information technology is involves efficiency, effectiveness, and power; but the more fundamental requirement for knowing these things is the ability to maintain your confidences and the clients’ confidences. It is all about security and proper procedures.

    For the legal community, privacy and confidentiality are not mere buzzwords. They are the cornerstone of the attorney-client relationship and necessary for the preservation of privilege as well as the trust of clients. The trust in the attorney-client relationship is not just about compliance with ethical standards; it is a measure of trust that is needed to build a relationship with an individual. For a firm, such trust may be even more important to survival than success or failure in a given case. In the current times, understanding technology and knowing the measures needed to protect privacy and confidentiality go to the very essence of the attorney-client relationship.

    Thus, it is up to the attorney to have a discussion with his or her own staff and with the client to plan on how security will be achieved. I feel this should be clear in the EDBP as a requirement at the outset of the case, whether the client is an individual in a divorce case or an organization in a big commercial case.

    The question still remains: How can the attorney properly advise the client of how to secure information if the attorney does not understand how to do it? But that is beyond the EDBP. It is the education gap about which you have eloquently blogged.

  2. From an email by a practicing attorney Manhattan:

    Litigation Readiness
    1. “Email Retention Policies” seems too limiting in light of the growth of social media and mobile applications as communication vehicles (before you know it, I think we’ll be thinking of email like we think of postal mail). Maybe use “Data Retention Policies” or “Electronic Communication Policies” or “Records Retention Policies”
    2. You may want to consider combining “Email Retention Policies” with “Information Governance”
    3. I don’t understand the “ID” reference under ESI Maps
    4. I don’t understand the “Certifies” reference under 37e Destruction
    5. Maybe add having a “Multi-disciplinary Team” lined up to address the issues (although I think that would/could be covered under “Information Governance”)
    6. Under “Notify” I would add Legal (as in in-house counsel)
    7. I suggest changing “Cross-Border Issues” to “Cross-Boarder/Privacy Issues”

  3. Ralph,

    This is a wonderful tool. Since I have focused my practice on the proactive Litigation-Readiness part, I would suggest that section be modified slightly. First, making it larger and/or more prominent in the diagram would help show how significant it is to the whole process. Those items listed in that section are fundamental and the necessary foundation to achieve good E-Discovery results. Can you imagine how different the E-Discovery process becomes when there has been no Information Governance? It becomes a reactive exercise of desperation. Secondly, I would take your list of Pre-Suit Activities and modify them slightly: Policies for Hold Triggers and Implementation; Information Retention and Privacy Policies; Information Governance; Cloud Governance; ESI Maps;Certified Destruction

    Privacy rules are evolving all the time and warrant being mentioned during this phase. Considering privacy protection issues early and often is important, especially when global and cross-border issues may be present.

    Email Retention Policies are important but I believe changing the description to “Information Retention Policies” is more accurate and helpful. Email is shrinking as a method of communication in the corporate world. Internal Wikis and Social Media style applications, as well as text and instant messaging applications are expanding. These are repositories that will certainly be the target of discovery and yet they are often missed or under-estimated as a part of ongoing corporate Information Governance practices. The earlier they are considered in the process, the better.

    The reason I added Cloud Governance, a term I have used with my clients, is because there are often special considerations and procedures necessary to secure and review data.

    If you feel there my suggestions are worthy of inclusion, I would be happy to elaborate.

Please leave a comment and help improve EDBP