What is a Legal Hold?
A legal hold is placed on data to prevent it from being deleted pursuant to the company’s involvement in current or imminent litigation or criminal cases. Often a legal hold will come into play following a “protection order” from a court or when there is an expectation of potential legal action. Specific individuals within the company may have their data placed in legal hold pending litigation; in certain cases sections of the company or the entire company may have its data placed in a legal hold to meet its legal obligations. A legal hold can apply equally to physical and electronically stored information (ESI). However, in the remainder of this article we will focus on electronic data and best practices for legal hold management software.
When do we need Legal Hold?
Legal hold is the first part of the eDiscovery process during civil litigation or criminal proceedings. When a company has a reasonable expectation that it will become involved in litigation or criminal proceedings, part of its responsibilities include saving documents that may be involved in that legal proceeding. This prevents the involved parties from (accidentally or maliciously) destroying potential evidence. In terms of digital data, a legal hold can be executed by a dedicated piece of software, or by a legal hold feature or legal compliance module in enterprise software, that retains data which has been defined as in scope and can either recover it if deleted or prevent its deletion.
Who has responsibility for legal holds?
Responsibility for a legal hold begins with the parties involved in litigation. After being informed by the court or other party, any company that is subject to litigation has a responsibility to suspend processes which would result in destruction of data and begin to hold defined data for litigation. This is also the case for individuals. An individual who possesses data that is relevant to a legal matter is dubbed a “custodian.” Custodians are placed on Legal Hold and are not allowed to delete relevant data. They are responsible for the preservation of that data and can be held liable if they don’t.
Custodians are rarely the managers of the legal hold software itself. The process of placing legal holds using software can be performed by IT professionals in conjunction with legal counsel who understand the scope of litigation and what data, devices, and persons need to have legal holds placed to meet obligations.
Legal hold best practices Best Practices for legal hold
Having automated backup software with legal hold functionality is a simple way to collect and preserve data for the purposes of litigation. This legal hold management software should preserve data in its original format and be able to present changes to the data over time upon request. With a system like that in place it is significantly easier to prove chain-of-custody and avoid spoliation sanctions or adverse inferences due to the actions (well meaning or otherwise) of a custodian.
In cases where an individual or individuals within a company are involved in litigation, those custodians should not have access to administrate the legal hold software. The custodian’s access to administer their own devices should also be scrutinized in order to prevent the appearance of, or carrying out of, malfeasance.
Several pieces of software you already own might have legal hold software management features, and these capabilities can be something you look for in future vendors. A holistic legal hold schema will likely employ synergistic legal hold features in several storage locations, such as within the custodian’s email communications, cloud storage, and on their endpoint. This ensures coverage and adequate visibility.
If you’re interested in learning more about CrashPlan’s endpoint backup solutions, request a free trial today.