For many legal teams, managing legal holds is a manual, error-prone process. It’s a struggle to keep track of the ever-growing list of custodian notifications, reminders, acknowledgments, and data that your company must preserve, not to mention all the back-and-forth with IT to preserve data across multiple applications. And there’s always the risk that something slips through the cracks that could put your company at risk of costly sanctions, or worse.
Enter the DISCO Legal Hold Playbook, a guide to implementing legal hold software and scalable processes to make your life easier. Here are a few takeaways from this interactive guide to implementing legal hold software and the repeatable processes that support it for your organization:
Building – and automating – your legal hold workflows
Before your legal team creates a hold, they must understand your stakeholders, what data you have, and in which applications. You’ll need to identify the custodians involved in your legal hold: anyone who may have evidence related to the triggering event. Modern legal hold software should allow you to identify and select these custodians quickly, systematically require and track acknowledgments from recipients, and even send custodians automated reminders.
Preserving data where it lives
Once you’ve identified your custodians and what data is subject to preservation requirements, comes the fun part: preserving the data itself. Understanding where your data sits and that retention schedules for each data type can vary – for example, Slack data may be held for 30 days by default – can help you develop suitable data preservation approaches for your organization. Keeping up with this information can be overwhelming, but successfully reducing compliance risk requires sound data preservation techniques, especially with in-place preservation (IPP).
IPP is simply preserving data where it lives instead of making a copy of it and storing it in an archive. IPP minimizes storage costs and limits the copying of data that may live in storage environments under the control of third-party vendors. Legal hold solutions that offer IPP can reduce hefty spoliation risks. In certain data sources, IPP may not be an option. Part of any legal hold playbook needs to account for this by having a plan to trigger collecting certain data for preservation when necessary. Some common data sources that many organizations need to collect to preserve are laptops, cell phones, and on-prem servers.
Defensibility: it starts with audit logs
Reviewing and exporting complete audit trails with extensive reporting at any time is paramount to supporting defensible preservation compliance. Once you have sent custodian reminders and have collaborated with IT to have your data securely preserved, you should also be able to access in-depth reporting and auditing of those events. Look for software that offers comprehensive audit logs of all activity.
Wrapping up: releasing custodians and closing a matter
All things must come to an end, and so do legal holds. Keeping stakeholders informed is imperative when nearing the end of the legal hold process. Employees change their legal names, positions, departments, and most importantly, leave organizations. Efficiently closing a matter allows the organization to return data to normal retention (if the custodian is not on other overlapping holds) and reduce the cost and risk of data sprawl.
Remember, managing legal holds is an ever-evolving process. Keep evaluating your legal hold custodians and matters to protect against noncompliance and other costly risks. With the right litigation hold software (we’re partial to DISCO Hold), you, too, can defensibly and efficiently manage legal holds.
So, don't let legal holds hold you back – check out The Legal Hold Playbook and level up your legal hold process today.