- Education and Training
- Policies for Hold Triggers
- Policies for Hold Implementation
- Email Retention Policies
- ESI Maps with 26b2B ID
- Supervised ESI Destruction
- Information Governance
General. Litigation Readiness activities, which constitute the first pre-suit step of EDBP, are designed to facilitate the next four steps of EDBP: 2. Hold Notices, 3. Interviews, 4. Collections, and 5. Cooperation. These four steps occur in almost every case, even if discovery is stayed or the case is resolved early. Thus maximum efficiencies can be attained by establishing set procedures to follow for Hold Notices, Interviews, Collections and communications with opposing counsel and court. Taking the time to prepare policies and procedures for e-discovery in litigation allows an organization to avoid expensive ad hoc inventions and variations. Litigation Readiness, when done correctly, should allow for substantial savings on future litigation expenses and reduce risk. Conversely, the failure to create and implement a reasonable litigation readiness plan, including ESI retention policies and lit-hold policies, can have a detrimental effect on preservation activities once litigation strikes. This is shown in Scentsy Inc. v. B.R. Chase LLC, No. 1:11-cv-00249-BLW, 2012 WL 4523112 at *8 (D. Idaho Oct. 2, 2012). Also see: Losey, R., Oral Hold Notice Invalidated as “Completely Inadequate” such that it “Borders on Recklessness” (2012).
Education and Training. There is a rapidly growing body of legal knowledge that should be learned by any attorney or paralegal that practices in this field of law, just like any other. There are also special skills that require training. Education and training are an important part of the practice of law in general, but no where are they more important than in electronic discovery. This field is so new, and advancing so fast, that it is very hard even for specialists that do nothing but e-discovery to keep up. As a consequence, everyone in this field must be both student and teacher. We must all spend time to train and be trained.
Cybersecurity. Most law firms today are holding terabytes of client ESI in connection with litigation and investigations. Some are holding petabytes of client data. There is an enormous risk and liability involved with holding client data that the legal profession is just beginning to realize. This data has become a prime target of sophisticated computer hackers, including the Chinese government. Keeping client data secure from theft is an important ethical obligation of all attorneys. See the information resource on cybersecurity designed for attorneys, eDiscoverySecurity.com. As a best practice for most law firms, but not all, we recommend outsourcing to specialist data hosting companies, typically the larger e-discovery vendors with proven expertise in cybersecurity. See eg: The Importance of Cybersecurity to the Legal Profession and Outsourcing as a Best Practice – Part One and Part Two, (e-Discovery Team, 2014); and, Best Practices in e-Discovery for Handling Unreviewed Client Data, (e-Discovery Team, 2014).
Policies for Hold Triggers. Organizational policies and procedures should be created to govern how an organization will determine when Litigation Holds should be triggered. See The Sedona Conference® Commentary on Legal Holds: The Trigger and the Process, September 2010.
Policies for Hold Implementation. Related policies and procedures should be created for the implementation of the Holds. These written policies must be tailored to the particular needs of the organization and have built-in levels of proportionality of response. Id. The flow chart below adapted from the Sedona Commentary can be included as part of an organization’s standard policies and procedures.
Email Retention Policies. Written policies should be created or updated that are tailored to the particular needs of the organization and coordinated with the litigation hold procedures. This requires careful study before adoption and may involve different retention times for different classes of employees. See: The Sedona Conference® Commentary on Email Management, August 2007.
Maps of ESI with Rule 26(b)(2)(B. High level maps should be created that include designations of inaccessibility under Rule 26(b)(2)(B). Although detailed mapping of information systems and locations of ESI is no longer favored because of the high rate of change most organizations experience, at least some high level mapping is helpful for any complex systems. The creation of these maps is an IT function, not legal, but the designation of certain areas within the ESI storage architecture as protected under Rule 26(b)(2)(B) is an important legal service. See: The Sedona Conference® Commentary on Preservation, Management and Identification of Sources of Information that are Not Reasonably Accessible, August 2008. So too is the preparation of one or more IT representatives to provide depositions, affidavits, 26(f) conference input, and 16(b) hearing input to opposing counsel and the court.
Supervised ESI Destruction. Old ESI that is no longer needed by the organization should be purged from systems, but this must be done in compliance with existing litigation holds and in a manner that brings the process within safe-harbor protections of Rule 37, Federal Rules of Civil Procedure Great care must be taken to avoid destruction of ESI that might be subject to a litigation hold and these efforts must all be carefully documented. The destruction is guided by requirements of good faith and routine operation of an electronic information system, including objective, expert, third-party analysis.
Depending on the circumstances, typically situations involving large scale data purges, an organization may want to have a third party supervise a formal audit and certify good faith and compliance with mandated routines. These routines and retention policies should be completed and in place before the destruction of data. Outside counsel can serve as an independent auditor to certify that the ESI destroyed was not subject to holds and was otherwise carried out in good faith compliance with the law. Also see generally: The Sedona Conference® Commentary on Inactive Information Sources, July 2009.
For good suggestions on mistakes to avoid in data purges, which in turn also suggests particular procedures to follow, including creation of a log or record of what was destroyed, see the final installment to the Rambus litigation saga examining the plaintiff’s shred days before filing suit. Hynix Semiconductor Inc. v. Rambus Inc., Case No. C-00-20905 RMW, USDC ND Calif. (Sept 21, 2012).
Information Governance. This is a large catch-all type category, that includes the above policy initiatives and litigation readiness activities, and much more. It addresses a need larger than litigation readiness, one which all large organizations have, for global policies and procedures to govern all information, both paper and electronic. The policies include:
- Policies governing the retention and destruction of ESI of every form, not just email;
- IT and employee security issues;
- Information privacy and security issues;
- Employee permitted use issues.
See: The Sedona Guidelines: Best Practice Guidelines & Commentary for Managing Information & Records in the Electronic Age, November 2007; The Sedona Conference® Commentary on Information Governance (Dec. 2013) (describes eleven principles on IG practice that all organizations should strive to adhere to). Various privacy initiatives should also be considered, both corporate, employee, individual, consumer, media. Privacy compliance in turn raises serious cross-border issues since the privacy laws of the U.S. are far more lax than the rest of the democratic world, especially in Europe where privacy is considered a basic human right.
For the latest in this area see the Information Governance Initiative that was launched in 2014. Their goal is to develop best practices for information governance using an interdisciplinary approach. The IGI website contains a broad list of activities they consider to be within the scope of Information Governance:
- Information security
- Data science
- Electronic discovery
- Business management
- Business intelligence
- Records management
- Risk Management
- IT and Infrastructure Management
As you can see IGI considers Electronic Discovery to be a subset of Information Governance. In that sense Information Governance activities, which, according to IGI’s explanation, includes such things as Business Intelligence and Management, goes well beyond the scope of the EDBP. Our mission is limited to a collection of legal best practices for electronic discovery.
More detailed descriptions of best practices for Litigation Readiness will follow. In the meantime, if you have any suggestions and care to contribute to this project, or any questions (nothing case specific please), please leave a comment below.