With so much to juggle in response to the global pandemic, legal holds may be the last thing on an individual’s mind. But it is important that law departments remain mindful of and vigilant concerning existing legal holds and be thoughtful and proactive about information that may be responsive or relevant to future litigation arising out of the pandemic.
Legal holds typically take the form of written instructions to employees that a lawsuit or investigation has commenced or is anticipated and instructs the employees—often referred to as document “custodians” in this context—to preserve relevant data.
A legal hold usually includes
- a brief description of the dispute or investigation;
- a list or description of the types of data, communications, information, and documents relevant and responsive to the legal hold (responsive data);
- the locations or sources of potential data;
- ramifications for failing to preserve responsive data, which may include financial or other judicial sanctions against the company; and
- contact information if a custodian has questions concerning preservation.
Depending on the nature of the dispute or investigation, the hold may also be distributed beyond company employees, such as to directors, board members, contractors, or third-party vendors, if they have responsive data. Legal holds should also be shared with the company’s information technology professionals or vendors so that automatic delete features on relevant data sources— such as emails or shared files—are suspended in order to preserve the responsive data.
Data Loss Concerns with Personal E-mail, Shared Devices
For existing legal holds, and where the responsive data has not yet been collected forensically, there may be increased dangers of inadvertent spoliation where custodians are operating remotely. Devices on which data, communications, information, and documents relevant and responsive to the legal hold (responsive data) reside may inadvertently be damaged or lost, or—where devices are shared among household members— responsive data may be inadvertently deleted, comingled, or moved.
In a recent Covid-19 related alert from the New York Department of Financial Services, the regulator flagged its own data loss concerns, including that employees, in attempting to remain productive, might move to “personal accounts and applications, such as email accounts.”
This may create collection complications down the road, where custodians forget they conducted work or engaged in communications responsive to a litigation document request or regulatory subpoena offline and outside of their company email and network. Those temporary and seemingly expedient workarounds now, may create complications later when it is time to collect responsive data.
Likely, such conduct will at a minimum require collection from additional devices not previously anticipated for search and collection. This may present the need to collect from personal email accounts or mobile phone text or application files—all of which are likely to include personal communications—and in some cases cannot be readily culled on the device or in cloud-based platforms prior to collection and without some degree of search and review.
Some Safeguards for Proper Retention
Legal departments might consider some of the following safeguards to help ensure proper retention of responsive data subject to a legal hold:
- Regularly reminding data custodians subject to legal holds of the existence and contours of the hold;
- Encouraging custodians to limit the extent to which they communicate or generate work product on personal devices or accounts (such as text messages, social media applications, or third-party, personal email) and to instead keep all relevant communication and work product in the company’s authorized email and system networks;
- Conducting training or circulating guidance concerning personal listening devices in custodians’ homes such as Google Dot or Amazon’s Alexa, which might inadvertently record discussions concerning responsive data;
- Discouraging storage of responsive data subject to a legal hold on personal devices;
- Where personal devices, applications, or email must be used, instructing on proper migration of the responsive data as soon as possible to the company’s network; and
- Executing early collection of response data, including remote collection from mobile devices, applications, or third-party email accounts to ensure preservation of responsive data and mitigate against unintentional loss. Many vendors can send individual custodians cell phone collection kits or collect from cloud-based personal email accounts and web-based applications remotely.
Implementing a Legal Hold
The requirement that potential litigants implement legal holds when they reasonably anticipate litigation (F.R.C.P. 37(e)) may mean that disputes arising as a result of the global pandemic—for example, concerning payment of rent, supply chain delays, or a contract that is no longer being performed—may require the implementation of a legal hold while employees are working remotely.
What gives rise to reasonable anticipation of litigation, short of being served with a complaint, is often fact specific and may depend on the nature of the dispute, the parties’ relationship, and the tenure and tone of communications concerning the dispute. Overt threats to litigate may trigger a potential defendant’s obligations well before an actual summons and notice is served.
The legal hold may call for the retention of more common data sources, such as emails, hard-copy documents, or system files, but it might also require the retention of data like text messages, social media posts or communications, Internet of Things data, geolocation or biometric data, or any other data source or medium that could be relevant to prosecuting or defending the litigation.
In addition to the steps listed above for existing holds—many of which are equally applicable when setting up a new legal hold in this remote work-place environment—legal departments might consider taking the following actions if litigation is reasonably anticipated at this time:
- Implementing and disseminating a written legal hold that explains the contours of the pending or anticipated litigation and the types of responsive data that must be preserved, including flagging all potential locations or sources of the information; and
- Turning off or suspending auto-delete features in the email and files of custodians with responsive data and suspending other document retention/destruction policies that impact relevant information.
This column does not necessarily reflect the opinion of The Bureau of National Affairs, Inc. or its owners.
Samantha V. Ettari is a special counsel in the Litigation Group at Kramer Levin Naftalis & Frankel LLP. In addition to litigating false advertising, bankruptcy, and commercial disputes and advising clients on data, privacy, and cybersecurity issues, she also serves as the firm’s eDiscovery counsel, advising clients on domestic and cross-border discovery.