Legal Hold Best Practices: A Process Guide

What is a legal hold?

A legal hold, or litigation hold, is a formal request issued within an organization to preserve all forms of relevant information in the face of expected or pending litigation. Litigation holds ensure that all relevant documents and data (including, for example, emails, Slack messages, Zoom recordings, collaborative documents, and more) are preserved – and not destroyed – and kept intact for the discovery process.

Why are legal holds important?

Legal holds are extremely important because their primary purpose is to preserve evidence. Additionally, the failure to properly initiate legal holds can result in negative inferences and hefty sanctions.

When is a legal hold initiated?

The need to initiate a legal hold is triggered when possible legal or regulatory action is anticipated – or a demand or letter complaint has been received. Depending on your company’s industry, region and type of business, triggering events can vary. These may include:

Anticipated litigation

• External events triggering shareholder suits
• External events triggering class action lawsuits
• External events triggering individual civil or criminal suits

Regulatory action

• Internal events
• Employee termination
• Investigations

Once a triggering event has taken place, you’ll likely receive a request from counsel to issue a legal hold and preserve data. Developing, documenting, and following a plan for preservation compliance will ensure that you mitigate the risk of spoliation.

1. Identify legal hold stakeholders by department 

Your stakeholders are the individuals who either:

• play an active role in the legal hold workflow, or 
• need to be notified at every step

These individuals tend to be gatekeepers of information, IT assets, and/or data that will be needed to ensure compliance with legal hold. Additional stakeholders may be involved for specific matters depending on scope of litigation/investigation.

Some examples of common stakeholders include:

• General Counsel/Legal
• Head of IT
• Chief Information Security Officer (CISO)
• Chief Data Security Officer (CDO)
• Human Resources
• Chief Sales Officer
• CRO
• CFO

2. Identify data sources

One of the requirements of legal hold is preserving data. In today’s working world, the sheer number of data sources that can be subject to legal hold only continues to proliferate. Access and ability to automate preservation in these sources greatly varies depending on the functionality of the application and the licensing level your organization has procured.

Here are some questions to consider:  

• What data sources do you have?  
• Where does your data sit?  
• Who is the gatekeeper of that information? (Meaning, if you needed to ask a question about the data or talk to someone regarding its preservation and collection, who would you need to speak to?)

Here are some higher-level examples of common data sources to preserve. (Note: Any data a particular employee touches could potentially be required to be held.)

3. Identify legal hold team members 

The legal hold process can be complicated. Make sure you know all the members of your legal hold team and what their core responsibilities are. This will help you to determine an internal chain of command, starting with the owner of the legal hold process.

Related resource: Check out our legal hold worksheet to organize relevant information sources at your company that may be subject to legal hold.

4. Identify custodians in a legal hold scenario

In a legal hold scenario, custodians are individuals who may have evidence related to the triggering event. Your first step? Build your list of custodians. This is key for the following reasons:

• In most cases, a legal hold notice must be sent to each custodian to inform them of their obligations (e.g., obligations to keep and not delete all emails, data, etc.). The exception is for silent holds. These may be issued for an internal investigation, and require that an employee’s data is held but that the individual not be notified (so as to not tip them off that they are the subject of an investigation). 
• Your IT team will require a list of the individuals that need data held in place or copied to a secure location. This helps the IT department know where to direct their efforts (e.g., if any hardware imaging or expanded retention policies need to be put into place on an individual basis).

5. Identify sources

As part of identifying custodians, you’ll need to pinpoint the sources those custodians use so you know which sources need to be preserved. Think broadly — most employees use applications beyond email that may need to be preserved. 

‍Keep track of which sources can be held automatically (via API integration) and which require a hold to be set manually. Sources that require a manual hold may require additional coordination with IT.

6. Create legal hold notices 

Custodians must be given a legal hold notice to inform them of their obligations. 

Legal hold notices provide an opportunity to give custodians any additional information related to the anticipated legal action, such as:

• Custodians’ data management responsibilities, such as what to keep and how long to keep it for
• Who they may or may not speak to about the action 
• Definitions of what materials may need to be preserved
• Information about the action itself

While every matter is different, some information sources are common. Save time by making basic matter notice templates that you can edit to insert unique information before sending to matter custodians. At a minimum, consider creating the following notices: 

• Notices by event type 
• Notices by lawsuit type 
• Notices by jurisdiction 
• Notices addressing privilege clawbacks 
• Notices addressing internal investigations 
• Notices addressing employee terminations 
• Notices reminding custodians periodically of their obligations 
• Notices releasing custodians from their obligations

7. Send legal hold notices to custodians  

Sending legal hold notices can be done via a manual process or automatically:

• A manual process involves logging in and sending the notice using your email. 
• An automated process uses a tool integrated with your active directory so you can email custodians all at once without having to track down email addresses. 

If you’re using a manual process, make sure you’re tracking all information related to the sent notice, including: 

• Which custodian(s) received the notice 
• The date the notice was sent 
• The date the custodian acknowledged the response (if applicable) 
• When the next reminder needs to go out to each custodian 

8. Require and track custodian acknowledgements 

In the event that your legal hold process is called into question, you may need to show that you have made reasonable efforts to comply with your preservation compliance obligations. 

Most commonly, this is done by requiring custodians to acknowledge receipt of the legal hold notice.

Develop a workflow for how your custodians can acknowledge receipt of their notice. Do you want them to simply reply to the notice and indicate acknowledgement? Or is your process more complicated?

Whatever the method, it is important that you be consistent. Stick to your workflow so that custodians learn what is expected of them and can comply accordingly.  

Tracking acknowledgements is extremely important – both to show you have made best  efforts to inform custodians, and as a way to determine which custodians may require more follow-up. 

Your process may be manual or automated:  

• A manual process involves custodians contacting the legal department using the methods defined in the legal hold notice and affirmatively stating that they received and read the notice. These acknowledgments will need to be tracked both by printing or saving the acknowledgments and  by logging the acknowledgments in a centralized tracker. 
• An automated process is much simpler. It allows custodians to acknowledge with a simple click of a button, and it tracks these acknowledgments for you.

As custodians have ongoing obligations for the duration of their attachment to a matter, you must ensure the notices are continuously available to each custodian.

9. Send automated reminders to custodians

In an ideal world, custodians would receive notices, immediately use whichever method you have laid out to acknowledge receipt, commit the contents to memory, and continuously remind themselves of their obligations under each and every legal hold notice they’ve received. 

A beautiful dream.

In the real world, custodians are busy – and human. 

They may receive hundreds of emails a day and miss the legal hold notice. Or ignore their emails. Or read and have every intention of acknowledging them later, only to forget before they have a chance to follow through. 

More challenging still, individual matters can last for years. In that time, custodians may forget they’re on hold – or assume that a matter has been resolved and that they are free from their obligations.

In addition to designing a workflow that custodians can use to acknowledge holds, you will need to develop a workflow to follow up with them and get that acknowledgment if – or when – a custodian does not acknowledge a legal hold notice in a timely fashion. 

For each notice, you will need to keep track of who has yet to acknowledge and set a legal timeline by which you send that custodian reminders to acknowledge receipt of their obligations. 

You will then need to stick to that timeline. Deviations invite errors and the potential for custodians to slip through the cracks.

Like the other steps in the hold process, this process can be manual or automated: 

• A manual process involves tracking notices sent dates in a centralized tracker, determining the date on which any unresponsive custodians should be reminded to acknowledge, reaching out to the custodian at the appropriate time with a reminder, and repeating the process until the custodian has fulfilled the acknowledgment request. 
• An automated process allows you to set defined intervals between custodian reminders. This way, the system handles the heavy lifting of emailing the custodian a reminder and tracking their acknowledgment status. 

Remember, acknowledgment reminders are not the only reminders you should be sending your custodians. At a set duration, you should consider sending your custodians a global reminder about the matters on which they remain on hold and of their obligations under each matter.

10.  Track and audit custodial process activity

Remember, in the event your company’s legal hold process is called into question, you will need to be able to show that you have done your best to comply with all legal hold obligations under applicable law.  

This requires keeping an audit log of all activity related to a matter, including:

11. Initiate a manual hold through IT  

Sending a legal hold notice is just one piece of a company’s obligation when litigation is reasonably anticipated – data needs to be held as well in order to preserve your data.

Your IT department should be able to hold the necessary data – or augment existing retention policies – to ensure the preservation of necessary data. 

Send the list of custodians subject to the hold to your IT team. For each, include:

• The custodian’s name
• The custodian’s email
• Data sources required
• Relevant dates

Once IT confirms that these holds have been placed, ask for a return report you can add to your matter file to support your audit trail.

12. Establish automatic, in-place data preservation (IPP)

In-place preservation (IPP) is the process of preserving data where it lives (as opposed to making a copy of it and storing it in an archive). 

IPP is a best practice to minimize storage costs and to limit copying data that may live in storage environments under the control of third-party vendors, not to mention access controls. 

For legal hold, IPP is the fastest way to meet your preservation compliance requirements.  

Many enterprise applications have built-in legal hold applications, including Google Vault, Microsoft 365, Slack, Dropbox, Box, and Code42. (These applications also offer modern APIs that allow you to automate creating holds and preserving data with a single click.)

Related Resource: Need a template? Here’s a free legal hold worksheet template you can download and print. 🗓️

13. Create an audit trail for reporting

We cannot overstate the importance of an audit trail. Matters are rarely stagnant. Develop an evaluation cycle for your cases at the matter level and at the overview level. You’ll want to be able to show your work in case your legal hold management is ever called into question.

14. Release custodians when matters conclude

It’s essential to establish a closing procedure for when matters conclude. Just as you’ve given your custodians a notification and informed them of their responsibilities, you will need to let them know when those responsibilities no longer apply to them.  

Additionally, you will need to work with the IT department to ensure that they are aware that any existing holds related to the closed matter should be released and that the associated data should return to the applicable normal retention schedule.

15. Follow-up with ongoing management

After your team has sent out the initial notice and placed the holds, most matters will require some kind of follow-up as litigation, regulatory examination, or investigation is initiated (or dismissed). 

Repeat the above processes as many times as necessary to ensure your custodians are well-informed, all of the necessary custodian data is held, and your obligations under applicable law are fulfilled.

16. Keep stakeholders informed

Matters are rarely static – and the same is true of a company’s workforce. Employees change their legal names, change positions, change departments, begin using new tools, and most importantly,  leave. Employment status has no bearing on an employee’s status as a custodian, so even if an employee on legal hold is terminated, the law requires that their data continues to be held.

Develop a process whereby you continuously evaluate whether terminated employees are on legal hold. This evaluation requires the legal team to be in communication with HR, whether through an alerting system or routine audits. It also requires putting a plan in place to immediately notify IT when an active custodian is terminated so that no assets are inadvertently lost. 

Even custodians who have not experienced a change in employment status are a risk. Company costs often require juggling product licenses and ensuring that only individuals who need a tool have a license to use it. Knowing what licenses your custodians have and whether those licenses are active or inactive is hugely important – don’t lose a custodian’s data simply because a license was inadvertently terminated.