Legal Hold Best Practices: A Process Guide | DISCO
Back to Blog Posts

Legal Hold Best Practices: A Process Guide

Industry & Legal Education
Estimated Read Time: 10 minutes
By: 
DISCO
Posted: 
April 2, 2025
social link
social link
social link

https://www.csdisco.com/blog/legal-hold-best-practices-guide

avatar image 3avatar image 1avatar image 2
Get the very best in litigation technology and expert partnership
Talk to sales

Congratulations on taking the first step toward facilitating your legal team’s ability to quickly and effectively respond to legal hold requests while maintaining compliance and defensibility. In this article, you’ll learn litigation hold best practices you can apply to a step-by-step process for an efficient, repeatable legal hold process.

16 steps for a fully compliant, defensible litigation hold

To begin blocking and tackling a legal hold, it’s critical you understand:

  • Who your stakeholders are in each department
  • What data you have
  • Where that data lives (i.e., in which applications)
  • The roles and responsibilities for each legal team member

2. Identify data sources

One of the requirements of legal hold is preserving data. In today’s working world, the sheer number of data sources that can be subject to legal hold only continues to proliferate. Access and ability to automate preservation in these sources greatly varies depending on the functionality of the application and the licensing level your organization has procured.

Here are some questions to consider:  

  • What data sources do you have?  
  • Where does your data sit?  
  • Who is the gatekeeper of that information? (Meaning, if you needed to ask a question about the data or talk to someone regarding its preservation and collection, who would you need to speak to?)

Here are some higher-level examples of common data sources to preserve. (Note: Any data a particular employee touches could potentially be required to be held.)

Email applications

  • Outlook
  • Gmail

Cloud storage applications

  • Dropbox
  • Box
  • OneDrive
  • Google Drive
  • SharePoint

Productivity applications

  • Microsoft 365
  • Google Workspace
  • Asana
  • Trello

Collaboration applications

  • Microsoft Teams
  • Google Chat
  • Slack
  • Discord
  • Mattermost

Related reading: How to handle collaborative data in ediscovery.📚

Meeting software

  • Zoom
  • Google Meet
  • Microsoft Teams
  • Skype
  • Fuze

Related reading:How to handle virtual conferencing data in ediscovery.📚

Network drives

  • Private drives
  • Shared drives

Cloud backup & storage solutions

  • Code42
  • Isilon
  • NetApp

Physical infrastructure

  • Company-issued computers 
  • Company-issued cellphones 
  • Shared file systems and drives

Your organization may also employ enterprise technology management applications to oversee physical infrastructure and hardware as well, such as:

  • Oomnitza
  • Teqtivity

Related Reading: Check out our free ebook on handling complex data types for ediscovery. 📚

5. Identify sources

As part of identifying custodians, you’ll need to pinpoint the sources those custodians use so you know which sources need to be preserved. Think broadly — most employees use applications beyond email that may need to be preserved. 

‍Keep track of which sources can be held automatically (via API integration) and which require a hold to be set manually. Sources that require a manual hold may require additional coordination with IT.

8. Require and track custodian acknowledgements 

In the event that your legal hold process is called into question, you may need to show that you have made reasonable efforts to comply with your preservation compliance obligations. 

Most commonly, this is done by requiring custodians to acknowledge receipt of the legal hold notice.

Develop a workflow for how your custodians can acknowledge receipt of their notice. Do you want them to simply reply to the notice and indicate acknowledgement? Or is your process more complicated?

Whatever the method, it is important that you be consistent. Stick to your workflow so that custodians learn what is expected of them and can comply accordingly.  

Tracking acknowledgements is extremely important – both to show you have made best  efforts to inform custodians, and as a way to determine which custodians may require more follow-up. 

Your process may be manual or automated:  

  • A manual process involves custodians contacting the legal department using the methods defined in the legal hold notice and affirmatively stating that they received and read the notice. These acknowledgments will need to be tracked both by printing or saving the acknowledgments and  by logging the acknowledgments in a centralized tracker. 
  • An automated process is much simpler. It allows custodians to acknowledge with a simple click of a button, and it tracks these acknowledgments for you.

As custodians have ongoing obligations for the duration of their attachment to a matter, you must ensure the notices are continuously available to each custodian.

9. Send automated reminders to custodians

In an ideal world, custodians would receive notices, immediately use whichever method you have laid out to acknowledge receipt, commit the contents to memory, and continuously remind themselves of their obligations under each and every legal hold notice they’ve received. 

A beautiful dream.

In the real world, custodians are busy – and human. 

They may receive hundreds of emails a day and miss the legal hold notice. Or ignore their emails. Or read and have every intention of acknowledging them later, only to forget before they have a chance to follow through. 

More challenging still, individual matters can last for years. In that time, custodians may forget they’re on hold – or assume that a matter has been resolved and that they are free from their obligations.

In addition to designing a workflow that custodians can use to acknowledge holds, you will need to develop a workflow to follow up with them and get that acknowledgment if – or when – a custodian does not acknowledge a legal hold notice in a timely fashion. 

For each notice, you will need to keep track of who has yet to acknowledge and set a legal timeline by which you send that custodian reminders to acknowledge receipt of their obligations. 

You will then need to stick to that timeline. Deviations invite errors and the potential for custodians to slip through the cracks.

Like the other steps in the hold process, this process can be manual or automated: 

  • A manual process involves tracking notices sent dates in a centralized tracker, determining the date on which any unresponsive custodians should be reminded to acknowledge, reaching out to the custodian at the appropriate time with a reminder, and repeating the process until the custodian has fulfilled the acknowledgment request. 
  • An automated process allows you to set defined intervals between custodian reminders. This way, the system handles the heavy lifting of emailing the custodian a reminder and tracking their acknowledgment status. 

Remember, acknowledgment reminders are not the only reminders you should be sending your custodians. At a set duration, you should consider sending your custodians a global reminder about the matters on which they remain on hold and of their obligations under each matter.

10.  Track and audit custodial process activity

Remember, in the event your company’s legal hold process is called into question, you will need to be able to show that you have done your best to comply with all legal hold obligations under applicable law.  

This requires keeping an audit log of all activity related to a matter, including:

Custodian selection 

  • Custodian type 
  • Types of sources on hold and date(s) those sources were held 

Notice creation 

  • Edits and reviews done on each notice 
  • Notice sent date and content

Dates on which custodians are released from their obligations 

This is a famously tedious task to perform manually. Consider legal hold software that will automate and keep these records for you.

11. Initiate a manual hold through IT  

Sending a legal hold notice is just one piece of a company’s obligation when litigation is reasonably anticipated – data needs to be held as well in order to preserve your data.

Your IT department should be able to hold the necessary data – or augment existing retention policies – to ensure the preservation of necessary data. 

Send the list of custodians subject to the hold to your IT team. For each, include:

  • The custodian’s name
  • The custodian’s email
  • Data sources required
  • Relevant dates

Once IT confirms that these holds have been placed, ask for a return report you can add to your matter file to support your audit trail.

12. Establish automatic, in-place data preservation (IPP)

In-place preservation (IPP) is the process of preserving data where it lives (as opposed to making a copy of it and storing it in an archive). 

IPP is a best practice to minimize storage costs and to limit copying data that may live in storage environments under the control of third-party vendors, not to mention access controls. 

For legal hold, IPP is the fastest way to meet your preservation compliance requirements.  

Many enterprise applications have built-in legal hold applications, including Google Vault, Microsoft 365, Slack, Dropbox, Box, and Code42. (These applications also offer modern APIs that allow you to automate creating holds and preserving data with a single click.)

Related Resource: Need a template? Here’s a free legal hold worksheet template you can download and print. 🗓️

13. Create an audit trail for reporting

We cannot overstate the importance of an audit trail. Matters are rarely stagnant. Develop an evaluation cycle for your cases at the matter level and at the overview level. You’ll want to be able to show your work in case your legal hold management is ever called into question.

14. Release custodians when matters conclude

It’s essential to establish a closing procedure for when matters conclude. Just as you’ve given your custodians a notification and informed them of their responsibilities, you will need to let them know when those responsibilities no longer apply to them.  

Additionally, you will need to work with the IT department to ensure that they are aware that any existing holds related to the closed matter should be released and that the associated data should return to the applicable normal retention schedule.

15. Follow-up with ongoing management

After your team has sent out the initial notice and placed the holds, most matters will require some kind of follow-up as litigation, regulatory examination, or investigation is initiated (or dismissed). 

Repeat the above processes as many times as necessary to ensure your custodians are well-informed, all of the necessary custodian data is held, and your obligations under applicable law are fulfilled.

16. Keep stakeholders informed

Matters are rarely static – and the same is true of a company’s workforce. Employees change their legal names, change positions, change departments, begin using new tools, and most importantly,  leave. Employment status has no bearing on an employee’s status as a custodian, so even if an employee on legal hold is terminated, the law requires that their data continues to be held.

Develop a process whereby you continuously evaluate whether terminated employees are on legal hold. This evaluation requires the legal team to be in communication with HR, whether through an alerting system or routine audits. It also requires putting a plan in place to immediately notify IT when an active custodian is terminated so that no assets are inadvertently lost. 

Even custodians who have not experienced a change in employment status are a risk. Company costs often require juggling product licenses and ensuring that only individuals who need a tool have a license to use it. Knowing what licenses your custodians have and whether those licenses are active or inactive is hugely important – don’t lose a custodian’s data simply because a license was inadvertently terminated.

DISCO

DISCO provides best-in-class software and services that span the entire dispute resolution process. Law firms, in-house legal departments, legal service providers and government agencies are able to leverage our scalable, integrated solutions to easily collect, process, and review the potentially relevant data across complex disputes. Our world-class professional services and client experience teams ensure that your organization can optimize the technology and focus on what matters most.

avatar image 3avatar image 1avatar image 2
Get the very best in litigation technology and expert partnership
Talk to sales
Webinar: Using Generative AI for Document Review

In this session, hear from DISCO AI experts Dr. Robert Harrington and James Park on using generative AI for doc review.

View more resources
0%
100%