Top 10 Questions on the Ethics of Legal Holds – Part 2

This week’s blog contributors are Barry Schwartz, Esq., CEDS and Brian Schrader, Esq.

As promised in our blog on Tuesday, here is part 2 of the top 10 questions on the ethics of legal Holds.  If you’d like to replay our webinar on the ethics of legal hold, you can do so here.

Is it a good strategy to collect data from all employees exiting the company even if they are not on a legal hold?

We also get this question frequently, and in fact, it has been the subject of a prior blog.  What happens if Mary leaves a company and six months later we find out she was an integral part to a lawsuit, and we didn’t do anything to preserve her data?  As is often the answer in the legal arena, this falls to a test of reasonableness. Was it a good or bad decision not to include her? Was your decision reasonably based on what you knew at the time?  No one is perfect, and no one expects perfection. You must balance risk versus reward.

If I am in a company that has a lot litigation, and I’ve got certain people, managers, or executives who are regularly involved in litigation, I may want to preserve their data as they exit the company for a set period of time to make sure the information was not important or relevant to any ongoing or anticipated litigation. On the other hand, if you are in an organization with 100,000 employees and frequent turnover, that may not be realistic or economically feasible, so it comes down to what a reasonable person would do.  

It’s more important that you have a defined process, that you have taken time to look at what your obligations are and how you will handle exiting employees to be able to show that you are routinely making reasonable decisions.  In most organizations this area is a black hole, and they are not looking at this issue at all and are caught off guard.  If you put in a process where you evaluate employees, and look at key employees, especially under the fairness and general balancing approach reflected in the upcoming Federal Rules amendments, you will be able to show the court that you had a reasonable, defensible process.  Again, courts do not expect perfection – they expect a reasonable, thoughtful approach.

How important are custodian questionnaires, and should they be used in every matter, or only larger matters?

Custodian questionnaires are one of the most useful, yet underutilized and often underappreciated tools in the discovery process.  We cannot recommend enough that you should almost always issue custodian questionnaires, regardless of the size or type of litigation. Custodian questionnaires are often used to ask custodians where and how they create and store ESI, but they can be so much more useful than that.  

You can use them to ask custodians whether anyone else should be considered a custodian, and by doing so, help bolster the defensibility of your custodian identification process. You can ask custodians factual questions as well – it’s not just about finding data – it’s a questionnaire, so ask anything you’d like, and don’t worry, it’s all privileged.  

Some people look at the custodian questionnaire as a burden; we tell our clients to look at the custodian questionnaire as one of the best tools they have and, especially in cases with larger numbers of custodians, there is nothing more efficient and cost effective than a custodian questionnaire to aid in the fact-finding and custodian and ESI identification process.

May custodians be released after all data has been collected from them?

No, you shouldn’t release custodians in the middle of a case unless you have an agreement from opposing counsel or a court order.  You never know when something in a lawsuit will take a left-hand turn or some entirely new (but related) aspect may arise, and if you’ve released your custodians because you thought you had everything collected, you’ll be caught in a pretty hard spoliation argument.  

Legal hold obligations don’t just happen at the start of a litigation; those obligations generally continue throughout pendency of the case.  While releasing custodians won’t necessarily result in sanctions, as the party seeking sanctions (especially under the pending rule amendments) still would have to prove that relevant data was lost, releasing custodians early, without an agreement or court order, would be an incredibly risky move.  

If a company has third party vendors, is it the vendor’s responsibility to distribute and maintain the legal holds for its relevant employees or does the company need to track these as well?

While we haven’t seen a case on point, based on the reasoning in available case law, there is no delegation of the legal hold responsibility.  Thus, it would come down to you working with the third party as to what they are going to do and how they are going to do it.  There’s nothing that says you cannot issue individual notices to the individual employees (or contractors, etc.) of that third party, but we cannot image doing so in a vacuum.  We wrote a blog post specifically talking about legal hold obligations when it comes to third parties: http://blog.biaprotect.com/post/98770710942/dont-forget-third-parties-when-issuing-legal.

Does each legal hold stand on its own, or are there overlapping concerns?

Generally speaking, Courts will look at each legal hold process on its own, but there can be exceptions, especially where cases are arguably related.  For example, the U.S. District Court for the Western District of Louisiana recently found in In re: Actos (Pioglitazone) Products Liability Litigation that a previous legal hold that arose nearly a decade before (and was still active) was related enough, and the legal hold broad enough, as to cover materials that should have been preserved for the new litigation, and thus, found spoliation of evidence.  In another case, In re: Ethicon, Inc. Pelvis Repair Systems Product Liability Litigation, the court found a similar prior legal hold had been put in place, but because that prior legal hold was much more narrowly scoped, the sanctions were not as severe.

When I release custodians from a legal hold in one case, what happens if they are on other legal holds?

While there’s no clear cut obligation to do so, we recommend to our clients that, in the release notice, they remind the custodian of any other legal holds they might be on that are still active.  Indeed, in our TotalDiscovery solution, you can do that automatically as part of that process.

One of the reasons we developed our educational series of programs, was to encourage stakeholders to stay continually educated and to ask questions.  Those questions generally lead to better understandings and processes. If you have questions that you don’t see answered in our blogs, and you’d like our help, write us at [email protected].  Speaking of education: join us next month on November 19th at 1:00 PM/ET when the topic will be the eDiscovery Project Manager with Barry Schwartz, Esq., CEDS and Adam Feinberg, CCFS, CEDS. You can register for that program here.

Top 10 Questions on the Ethics of Legal Holds – Part 1

This week’s blog contributors are Barry Schwartz, Esq., CEDS and Brian Schrader, Esq.

Our October Knowledge Leadership Series webinar featured our most requested topic, Risks and Responsibilities: The Ethics of Legal Holds. The webinar attendees asked some great questions on a variety of topics, and we thought we would share our answers to the top 10 questions and concerns they raised, as we know most of our readers are probably asking many of the same questions and facing many of the same issues themselves.  We’ve summarized the questions and answers below in a two-part blog. Look for Part 2 on Thursday! If you’d like to hear the entire webinar, you can replay it here.

Is it necessary to put all employees on notice of the issuing of a legal hold in addition to key custodians specifically?  

No. In fact, you should never just blanket all employees with a legal hold notice. If everyone gets a notice every time your company is sued, regardless of their individual involvement or relevance to the lawsuit, then very quickly you’ll see a “boy who cried wolf” mindset develop where those notices are simply ignored.  Indeed, that could be harmful not only to the effectiveness of your legal hold process, but it could be used by your opposition to show that the entire process was seriously flawed.

If you feel you need to let your employees know that there is a lawsuit pending to quell any internal rumor mongering, then by all means communicate that message to your employees as you see fit, but don’t make that announcement part of your legal hold process.  

Does an intranet posting of a Legal Hold suffice?

No. An internet or intranet notice, by itself, is not sufficient.  That would be akin to posting a memo on an employee bulletin board, and courts have found that is insufficient on its face.   You must directly notify the custodians, and you must get some form of acknowledgement from your custodians that they understand their obligations.    

When a company has a document destruction policy keeping everything for at least 10 years, does the importance of a document hold decrease?

No. You cannot rely on your document retention policy and simply ignore your legal hold notification responsibilities, and courts have repeatedly rejected a party’s deferral to their document retention policy as a defense against spoliation claims.  The point is that even where the general practice or policy might be to essentially store everything forever, it’s not the same as specifically instructing custodians that they cannot destroy data – that they specifically have an obligation to preserve data.

Are there any recommendations on triggers tied to severity? Specific to claims typically w/insurance coverage - whether work comp, auto accident, CGL, etc.?

That’s a tough one to answer because if you have a claim of say $5,000, and you don’t believe it warrants a legal hold, and that claim later mushrooms to a bigger claim and you didn’t issue a hold, you’re left standing with a lot of exposure for failure to issue a legal hold.  So the question becomes how much risk are you willing to assume?  

There’s no bright line rule to the triggering event.  The standard is: what would a reasonable person do? The issuance of the legal hold, and even the actual collection process itself, is something we continually remind our clients is the cheapest thing they will do in any litigation.  So, we always recommend that, when in doubt, default to issuing a legal hold notice.  Look at it as an insurance policy: yes it costs you something now, but if called to the carpet, it will protect you later and probably save you vast multiples of what it cost you to issue the hold. Sure, under that policy, you may issue a legal hold when you didn’t need to, but the costs of that are a heck of a lot less than the potential case ending sanctions you’ll face if you made the wrong choice.

Many times you don’t want to give notice throughout an organization that you are going to file a lawsuit - how do you balance the requirement to issue a legal hold without disclosing that a lawsuit is on the verge of being filed?

First, as we addressed earlier, you really should never be issuing a legal hold “throughout an organization.” That said, there comes a point where your legal obligations are going to trump your desire for secrecy.   Strategy and secrecy concerns are not a defense for failing to issue a legal hold.  Once you have made the decision to file a lawsuit or you know there’s a reasonable anticipation of litigation, your obligation to issue the legal hold starts, and there’s little or no excuse courts will accept to override that obligation.

Although we’ve never seen a case on point, based on a multitude of cases that have rejected all sorts of defenses or excuses for not issuing a legal hold, avoiding issuing a legal hold notice to protect a corporate secret would likely be rejected outright.  By all means, tell the custodians the nature and secrecy of the topic and instruct them to keep the matter confidential – you even could do that directly in the legal hold notice itself – but don’t wait to issue the legal hold notice.  

If a custodian is a board member who is not part of your organization and they use webmail, like Gmail or Yahoo, does the opposing party have to engage with the board member directly or would our organization be “accountable” for preserving and collection information from the board member’s personal accounts?

You would likely be held responsible for the preservation of the data, even if in a personal account.  The legal hold obligations apply to anything in a party’s “possession, custody or control…” - which casts a pretty wide net. As we discussed in the presentation, in the case Haskins v. First American Title Insurance Co., Civil No. 10-5044 (D.N.J. 2012) the Court held that defendant had to assert a litigation hold on its present and former independent title agents, as the defendant had clear (and contractual) control over the data held by that third party.

So, whether you would consider a board member a “third party” or not doesn’t really matter.  In that relationship, even if the company doesn’t technically have possession of the data in question, they’d likely have control over that data either by contract or operation of common law.  Thus, a court is likely to find that the company held the obligation to ensure any potentially relevant data was preserved.

That said, from a practical perspective, you’d most likely want to keep those individuals within your overall discovery scope.  While directors could clearly be individually subpoenaed, it would be much more effective and likely strategically important for you to retain control and oversight of that process.

How often does BIA suggest custodians be reminded that they are on a legal hold?

Generally speaking, monthly or quarterly reminders are usually appropriate.  With solutions like our TotalDiscovery software, we see clients actually create different reminders for different subgroups – oftentimes reminding primary custodians monthly and secondary or edge-case custodians quarterly.  Clearly a monthly reminder would be the most defensible, but like most other things in eDiscovery, it really depends on the nature of the case, the claims, and the relative involvement of the various custodians.  

One of the reasons we developed our educational series of programs, was to encourage stakeholders to stay continually educated and to ask questions.  Those questions generally lead to better understandings and processes. If you have questions that you don’t see answered in our blogs, and you’d like our help, write us at [email protected].  Speaking of education: join us next month on November 19th at 1:00 PM/ET when the topic will be the eDiscovery Project Manager with Barry Schwartz, Esq., CEDS and Adam Feinberg, CCFS, CEDS. You can register for that program here.

The Information Governance Professional Certification and the eDiscovery Professional

There is no shortage of articles about the increased importance of information governance and its effect on the communities of practice of legal, risk, privacy, security, IT and RIM.  There are many definitions describing the practice of information governance, but simply put, information governance is described as the activities and technologies that are used to help organizations maximize the value of its information assets, while minimizing associated risks and costs associated with those assets.  One of those identified risks is regulatory investigation, litigation, and eDiscovery.

This week our blog takes a look at the IGP (Information Governance Professional) certification, and its relevance to our work in eDiscovery.  Coming from a background of managing discovery in a corporate environment, I viewed this certificate as one that was worth pursuing for several reasons:  (1) The demand for IGP in job descriptions such as legal analysts is increasing, (2) our clients are telling us that the strategic planning of governance initiatives in their organizations includes plans for preservation, hold and ESI workflows, and (3) there are industry predictions that eDiscovery will eventually become a discipline of information governance.  ARMA describes the IGP candidate as someone who has earned the only certification “that demonstrates he or she has the strategic perspective and the requisite knowledge to help an organization leverage information for maximum value while reducing the costs and mitigating the risks associated with using and governing this important asset,” which describes most of us who work with eDiscovery projects. 

When my company offered to sponsor our education and testing, I took advantage of it.  After earning the IGP credential (yippie I passed!), I am even more convinced that this was a worthwhile educational and professional pursuit, and highly recommend it to others in our industry because it intersects all of the processes and duties we perform on a daily basis.  Those of us who have IT security and eDiscovery certifications will find that this certification adds value, intersects, and compliments those certifications. 

The IGP tests knowledge in each of the following areas:

·         Managing Information Risk and Compliance - understanding and mitigating information-related risks through such activities as researching and monitoring legal, regulatory and industry-specific compliance requirements; and creating and monitoring internal policies and procedures. The IGP collaborates with stakeholders to determine acceptable risk levels, and then designs and implements methods for measuring and monitoring the effectiveness of the organization’s plan to mitigate its risk.

·         Developing IG Strategic Plan - developing a strategic plan that demonstrates an in-depth understanding of the organization’s business goals, corporate culture, financial resources, and commitments.

·         Developing IG Framework - establishing the parameters of the organization’s IG efforts, including developing policies and standards the organization should meet; defining the authority, roles, and responsibilities the organization must establish; designing IG program communications and training; and developing audit and enforcement mechanisms to ensure the IG program can be measured, controlled, and improved.

·         Establishing the IG Program - determining the IG program scope and goals, such as identifying specific program components, acquiring a mandate from executive leadership, establishing reporting requirements, assigning specific roles and responsibilities, establishing specific program metrics and desired outcomes, and implementing and managing the IG program.

·         Establishing IG Business Integration and Oversight - aligning the IG strategy and program to enhance business goals, needs, and objectives. The IGP works closely with business units to determine steps for implementing the IG program in their divisions and for ensuring it is monitored and audited periodically to confirm the business is complying with changing laws and to confirm the IG program does not impede the business goals.

·         Aligning Technology with the IG Framework - partnering with IT leadership to understand the organization’s technology landscape, the ways technology is used by the business, and how to align the IG and Technology teams’ strategies and operations, including hardware, software, and data lifecycle management. The IGP also evaluates technology trends that affect IG and partners with IT to assess opportunities and threats.

In the next few weeks, we’ll look at the relationship of our work in eDiscovery to each of these six areas.

This week’s blog is from BIA President Brian Schrader

Unless you have been stranded on a desert island for the past several years, you’ve undoubtedly seen countless articles, whitepapers and even court opinions discussing how Technology Assisted Review (TAR) has changed – and...

BIA Begins 4th Year of Webinar Series Time flies when you’re having fun! On February 19th, we kick off our webinar series for 2015 with guest speaker and national expert Craig Ball, Esq. (details...

Our team just had a great experience at LegalTech in New York where we talked about our solutions for eDiscovery problems with visitors to our booth. We’re excited to be back here blogging about what’s new, and sharing tips and best practices with all of you. So, what’s new?

BIA announced the...

The Blurred Line ...

41 years ago today, I took my first steps into a law office that would define my lifelong profession AND passion.  I still feel I was fortunate to have walked off the elevator by happenstance into a law firm … but perhaps it was merely the course I was always meant to take.  I woke up this morning with the same excitement I did 41 years ago as I read news feeds and blogs about the industry.  I so get a kick out of people asking me to share what “life” was like back in the good old bad old days of legal environments.  Most typewriters did not plug into the walls, we took shorthand still even though Dictabelts were becoming more common in law firms, we made carbon copies of everything we did that included a yellow file copy and a green reading copy, we sent everything certified mail because there was no FedEx, no internet, no email.  We called the main switchboard at the courthouse because there were no direct dial numbers.  Key exhibits were typed on lists and you learned to recall where they were located by memory.  There was virtually no technology or automation.  The first automations I recall were MagCards and Lexitron introducing first machines where you could edit before you printed.  Depositions were taken by court reporters using shorthand, and then dictated for a typist to transcribe.  I think we were more efficient first-time drafters in those days because it took too long to retype something to add a missing comma (not to mention erasing carbon copies if you made an error).  41 years later this is still the passion of my life, technology has made so many things possible that we never conceived when I first began.  I have worked in nearly every conceivable position from the front desk, to the records room, to secretarial positions, to legal research assistant, to paralegal, to case management, to project manager, to mass litigation manager, to department manager, to start-up entrepreneur, and now am in the consulting end of litigation for BIA, an eDiscovery and technology company, which utilizes every single bit of that acquired knowledge and history of the profession.  It is an industry that is as familiar to me as the layout of my home.  I am one of the fortunates who can say that the line between recreation and avocation is blurred because I so love my industry and watching where it will go next, and I know that this is what defines a career.  It is the passion for what you do over the monotony of feeling you have to do something.  You wake up every day thrilled that this is your contribution.  I cannot wait to see what happens over the next several decades of this magnificent industry.  

This week’s blog contributor is Barry Schwartz, Esq., CEDS. Barry is VP of Advisory Services for BIA.

Today, one can get lost with the ever-growing list of acronyms associated with “bring your own device” (see table of acronyms below). Regardless of your BYOD implementation choice, one...

A Legal Event Response Team is a group of key individuals, both inside and outside of an organization, that is tasked with preparing for, evaluating and managing an organization’s response to legal events, including litigations, regulatory investigations and other similar actions. The Team is...

From desktop computers to mobile devices, most organizations have clear procedures for recycling and redeploying digital assets when an employee leaves the organization. Many organizations also have clear procedures for business continuity measures such as how an exited employee’s emails should be...

You may have seen information in the media about a security vulnerability in Unix called “Shellshock Bash” that has the potential for very broad impact across the internet.

Quick Summary: TotalDiscovery is NOT vulnerable and your information is secure.

As with any potential security risk, we...

This week, we welcome guest blogger Simeon D. Rapoport, Vice-President and General Counsel for iBridge, a BIA TotalDiscovery partner.

In the legal realm, large firms are currently facing a major “watershed” moment with reference to the way they service eDiscovery tasks charged by...

One of the most frequent questions BIA answers from people who attend our educational programs deals with the challenges of getting IT, Legal, Governance and Risk speaking the same language, and on the same page to discuss the corporate policies and procedures behind complying with the legal...

While Engelbert Humperdinck may not be a modern day top ten superstar, his chart-topping 60’s hit “Please Release Me” does come to mind when answering one of our “Top 10” most asked Legal Hold questions… When can custodians be released from their obligations, and how best to do so?

Let’s...

One common question we encounter is this: When collecting data from custodians, is it necessary to image their entire hard drive? In most cases, our answer is a clear and resounding: No!

Adam Feinberg, CCFS, CEDS, BIA’s Senior Vice President of Professional Services and one of...

BIA June Knowledge Leadership WebinarSM Announced “Medical-Grade eDiscoverySM: ESI in Life Sciences Mass Torts”

NEW YORK, DATE -- Business Intelligence Associates, Inc. (BIA), a leader in data preservation and eDiscovery software and services, announced the debut of the first webinar in its “Medical-Grade eDiscoverySM” educational series on June 19th. 

  “As a result of numerous requests, BIA’s Knowledge Leadership team has produced a specialized year-long webinar series devoted to managing discovery in biotech, pharmaceutical and life sciences actions,” said Robin Thompson, VP of Marketing and manager of the educational series of programs for BIA.  “We are thrilled to have Mary Novacheck, Mike Hurwitz and Greg Jackson who are partners with the nationally honored firm of Bowman and Brooke, joining BIA’s Barry Schwartz, who is an attorney and VP of BIA’s Advisory Service group, as they discuss this topic,” added Thompson.   

  BIA’s Knowledge Leadership Webinars are broadcasted live the Third Thursday of each month at 1 pm Eastern.  BIA’s Knowledge Leadership program is entering its third year of providing education across critical eDiscovery related topics to all stakeholders.  “When we planned this series, we wanted to carve out a routine time each month so that our attendees could grab their lunch (or breakfast depending on which coast they join us from), and enjoy current, relevant education from the leading experts in our industry,” added Thompson.    

  “BIA has several life sciences clients who benefit from our expertise in the field.  Bowman and Brooke will discuss some of their nuanced approaches to managing this type of litigation.  Through our presentation we expect to identify several eDiscovery best practices tailored to life sciences litigation,” added Barry Schwartz, Esq., CEDS.

    About this Program:

  Date:       Thursday, June 19, 2014

Time:      1 pm Eastern / 10 am Pacific

Venue:   ReadyTalk Webinar Platform

  Register by clicking HERE

  Managing discovery for medical device, pharmaceutical and life science matters requires special processes, protocols and experience! BIA has assembled one of the most experienced panels of experts in managing discovery for these types of matters to give you the most current information on managing this challenging litigation. Highlights include:

1. Early analysis, preservation and collection of potentially discoverable ESI;

2. Consistency of productions in all Courts and Cases;

3. Posture Court Orders/Judicial Interventions in the earliest cases to set the tone;

4. Use of multiple court forums to your advantage; and

5. Discovery coordination.

  About BIA

BIA is a leader in the legal information management industry, with over a decade of experience helping companies and their law firms successfully manage documents and data for lawsuits, regulatory matters and internal investigations in defensible and cost-effective ways.  BIA offers the only secure cloud-based, integrated legal data preservation system: TotalDiscovery, a web-based software solution that includes complete legal hold management and data preservation connectivity to many enterprise systems to ensure a legally defensible method for preserving and analyzing critical documents and data.  With no software to install or hardware to provision, TotalDiscovery can be used immediately, with no extensive training or configuration required.  TotalDiscovery was designed for use by both Legal and IT for all types of situations, from small internal issues to large complex lawsuits and regulatory matters.  With its powerful enterprise-class features, instant availability, expert workflow, unique flat-fee licenses, and no up-front costs, BIA’s TotalDiscovery is the future of legal information management.  Find out more at www. biaprotect.com.

Wow, for a short month, February sure was a busy month for the TotalDiscovery development team. This post will be a summary, and soon I’ll be posting more details on the items that need it. Here’s the quick list:

In-app notification.

Legal Hold History.

Custodian Questionnaire Stop Question