Forensic, General & Medical
Expert Witnesses

Seven Questions Every CIO Should Be Able to Answer about eDiscovery and Legal Holds


     By General System Dynamics eDiscovery, Legal Hold Processing and Data Storage Management Expert Witness

PhoneCall Brian J. Greenberg at (312) 380-6043


eDiscovery & Legal Holds are increasingly showing up on the radars of CIO's and IT Managers. Since the new Federal Rules of Civil Procedure (FRCP) came about, internal legal counsel and IT departments have had to start a new dialogue as to what responsibilities, and capabilities an organization has in regards to preserving data required for legal discovery. Even more challenging are the tasks IT staff are being asked to perform in terms of actually doing the electronic preservation.
What we have seen in recent years is where the necessity of data preservation is driving organizations to create new processes and procedures as well as vendors to develop new technologies that allow companies to preserve data in systems that otherwise never had been designed to conduct legal holds. Considering the scores of systems that we find throughout a company, to discuss the risks and challenges of data preservation of each type of system would be far too much to encompass in just one article. However, I will cover the most common and important aspects of data preservation and electronic discovery that companies have to address with particular emphasis on backup systems. Backup systems, as you will see, pose some of the most significant challenges and risks, in both financial and legal spaces when it comes to managing legal holds. Effective solutions for managing legal holds is currently provided by only a couple vendors for this complex and all too often, over-looked high risk area.

Seven questions every CIO should be able to answer about eDiscovery and legal holds:

1. Do you have a clearly defined and well documented process for executing legal holds?
2. From the moment of a hold notification, does your organization have the tools, technologies, knowledge and processes in place in order to hold all relevant data in all data storage areas? e.g. email, files, network drives, hard drives, backup tapes, voice mail, instant messages, etc.
3. Are you able to account for and calculate the cost of data preservation for each legal hold? e.g. data storage costs, duplication costs, migration costs, staff hours, consulting services, etc.
4. Are you able to manage the data of multiple legal holds and identify all shared/overlapping data also called "cascading legal holds"?
5. Are you able to reduce risk of over exposure by filtering out non-relevant data from your legal holds in your legal hold process?
6. Are you able to safely manage the release of a legal hold by the extrication of non-shared vs. overlapping data of from a collection of legal holds without effecting the reliability of all other legal holds?
7. Do you have the technology and processes to migrate electronically stored information (ESI) to external counsel or discovery vendor without risking over exposure of information or the sacrifice of operational reliability?

1. Do you have a clearly defined and well documented process for executing legal holds?

Having a clearly defined and well documented process for executing legal holds will determine how successful or not you will be at mitigating both the financial and legal risks inherent with the electronic discovery of electronically stored information. A recent article from Inside Counsel states:

Experts agree that regardless of the size of the case, careful planning lessens the chances of an attorney being forced to argue the degree of negligence committed and the type of sanctions to be imposed. [...] "Use of a written litigation hold memorializes the date of the hold, who initiated the hold, a description of the information to be preserved, and the custodians who received the written litigation hold communication," says Jennifer Young, a partner at Milberg. "Documentation of these details may be important if preservation efforts are ever challenged."
Kozubek, Michael. Data Preservation Policies Scrutinized by Two Courts. [Online] Available http://www.insidecounsel.com/Issues/2010/May-2010/Pages/Data-Preservation-Policies.aspx, May 1, 2010.
Organizations that are not prepared will incur enormous costs that come in the form of legal fines, legal services fees, data storage costs, data preservation costs and electronic discovery costs. Create the process, document it and most importantly, test it. Ensure there are no kinks in the process so that when a legal hold does happen, there are no hiccups that may result in financial penalties. And like a disaster recovery plan, keep it up to date and regularly test the process. Systems change, migrate and get upgraded. Ensuring that you keep your legal hold process up to date in conjunction with the changes of your information systems will guarantee success for your organization.

2. From the moment of a hold notification, does your organization have the tools, technologies, knowledge and processes in place in order to hold all relevant data in all data storage areas? e.g. email, files, network drives, hard drives, backup tapes, voice mail, instant messages, etc.

Data preservation is a tricky business made all the more complicated by the myriad of information systems that exist in most corporations:

Email systems: Exchange, Apple Mail, Sendmail, GMail, Lotus Notes, Bloomberg Mail, Eudora, FirstClass, Novell, Postfix, qmail, etc.
Databases: Oracle, Sybase, MySQL, DB2, Informix, SQLServer, PostgreSQL, BigTable, BerkelyDB, etc.
Instant Messaging: Jabber, IBM/Lotus, Apple iChat, Meebo, Yahoo, AIM, Microsoft, GoogleTalk, etc.
Backup Technologies: NetBackup, TSM, Amanda, NetWorker, CommVault, Bacula, BackupExec, Avamar, etc.
Network Storage Systems: SAN, NAS, CAS, gfs, etc.
Desktop and Notebook Computers and Operating Systems: Windows, Mac, Unix/Linux
Mainframe Systems
Web Services: Wikis, Blogs, Intranet Servers, CMS/CMF's, SharePoint, Plone, etc.
For each of these information systems listed there are areas of speciality and subspecialties that exist and are necessary in order to properly manage and maintain the systems. Generally, a companies I.T. staff that maintains each system has either very carefully honed their skill sets in order to specialize in these systems and few others or they are generalists that know just enough about several of these systems to make them work but without a thorough and deep understanding of them.

The problem for us arises when it's time to do a legal hold. Nearly all of these systems are designed without regard for data preservation for legal matters and your staff will have to do some creative things in order to satisfy a legal hold. Not only that, some of these systems are going to house a lot of historical data that will have to be mined and preserved through special scripts and queries. Fortunately, for some of these applications, there are technologies designed specifically to facilitate aspects of eDiscovery.

One of the largest risk areas and difficult technologies to apply a legal hold to are backup systems. They are the largest risk areas because they often contain data long after files have been deleted from disk drives, often times for years after the original files have disappeared into the proverbial bit bucket. Backup systems are a gold mine of information, information most people in your organization thought was long gone.

3. Are you able to account for and calculate the cost of data preservation for each legal hold? e.g. data storage costs, duplication costs, migration costs, staff hours, consulting services, etc.

In a recent interview by The Metropolitan Corporate Counsel with Alan S. Naar, Vice Chair of the Litigation Department of Greenbaum, Rowe, Smith & Davis LLP, when asked how important is it ... to provide hard data on litigation costs? Mr. Naar responded;

It is very important for all parties to provide data on litigation costs associated with e-discovery. Parties, counsel and courts need to be educated on the direct and indirect costs associated with e-discovery [...]. The data should not be limited to costs but should also include information that will convince parties and counsel that unlimited e-discovery is often too expensive [...]
The Metropolitan Corporate Counsel. Controlling Legal Costs - Law Firms The Impact Of E-Discovery On Litigation Trends. [Online] Available http://www.metrocorpcounsel.com/current.php?artType=view&artMonth=May&artYear=2010&EntryNo=10926, May 3, 2010.

For decades, the ability to accurately measure things in I.T. has been a fairly standard practice for a variety of reasons; improve application performance, accelerate network speed, reduce storage costs and so forth. Yet, for a number of areas that I.T. covers, measurement is often overlooked or just ignored. Admittedly, measurement in several areas, especially financial impact analysis can be a tricky business not to mention hotly debated in several circles. However, the financial impact of a legal hold is important in determining the strategy a company will take to preserve the necessary data. Hold costs can range anywhere from a few hundred dollars to tens of millions of dollars per hold depending on the size of the legal matter to the way in which a company structures, manages and preserves its data. Having a system in place that can account for and calculate the on-going costs of data preservation for each legal hold is absolutely necessary to mitigate an organizations risk. Many organizations attempt to keep elaborate Excel spreadsheets that need to be updated by hand and manually maintained. Unfortunately, they do not cross systems nor show the relationships of data shared across multiple legal holds. What companies need is a comprehensive system that can provide a way to report on on-going costs of the effects of litigation on I.T. resources.

4. Are you able to manage the data of multiple legal holds and identify all shared/overlapping data also called "cascading legal holds"?

Legal Technology News, part of Law.com, said in a recent article about cascading legal holds:

... today's technology can help with the thorniest problem of all: how to handle more than one hold at a time. "It is likely that a company will face multiple concurrent litigation that impacts overlapping document sets, [...] When this occurs, the company must be able to track and manage multiple legal holds against the same documents, also called 'cascading legal holds'." [...] "What we find is that for companies in the Global 1,000, the fact is they have no less than 500 open cases, and many of them have [as many as] 15,000 open matters and therefore open litigation holds. The volume of cases is very high, so keeping track of the details is very hard."
This scope of oversight quickly goes beyond what any human -- or team of humans -- can reasonably be expected to do. "When they do 6,000 of those a year, companies quickly outgrow the spreadsheets and realize that tracking those details is just too hard to do by yellow notepads and spreadsheets, and they start to take a systematic approach."
Holland, CC. Minimize Legal Holds' Spoliation Risks. [Online] Available http://www.law.com/jsp/lawtechnologynews/PubArticleLTN.jsp?id=1202421520352, May 20, 2008.
Hold notifications coming from the legal department often address data that's already being held for another legal matter. Most organizations respond to these overlapping notifications in one of two ways:

Data needed gets duplicated to a secondary storage system and/or medium resulting in huge data storage costs and extremely lengthy processing times often impacting production operations.
Data gets lumped into the first legal matter's hold without data and matter differentiation. This results in the inability to discretely manage the multiple holds almost always resulting in 'freezing' everything.
I've seen organizations trying to maintain scores of Excel spreadsheets and notebooks in feeble attempts to maintain some kind of order to the myriad of tapes, files, images and systems required for legal holds for each and every legal matter. All of these so-called systems cannot possibly ever manage the relationships that exist for each of the tapes, files, images and systems that are shared between each legal matter. As a result, when a legal hold is released, the records and compliance team, attorneys or I.T. staff cannot actually release the data without potentially impacting the integrity of the data for other legal holds. The implications of the two scenarios are huge in terms of risk, both for legal and financial risk.

5. Are you able to reduce risk of over exposure by filtering out non-relevant data from your legal holds in your legal hold process?

One great challenge of complying to a legal hold is to filter out only the relevant data that's required for the hold from all the other data within the systems. In backup systems in particular, this is hugely difficult due to the nature of how backup systems work. It's essential that an organization utilize the correct processes and procedures for interacting with the data required for the hold, as well as the processes and procedures for turning over copies of data for eDiscovery. Most organizations turn over far too much information exposing the company to additional legal and financial risk. Freezing everything and keeping all backup data forever is almost never the correct solution to the problem and only creates much larger problems.

6. Are you able to safely manage the release of a legal hold by the extrication of non-shared vs. overlapping data of from a collection of legal holds without effecting the reliability of all other legal holds?

As previously addressed in #4 above; the inability to manage cascading legal holds, or holds that address the same data results in significant legal and financial risk. When a company cannot manage multiple legal holds, especially overlapping legal holds, a company cannot safely release any holds. When it's legally permissible to release a legal hold, the records and compliance team, attorneys or I.T. staff cannot actually release the data without potentially impacting the integrity of the data for other legal holds. Releasing too much information or not preserving the correct information before it expires out of the backup systems can be looked upon as spoilage of evidence which can result in millions of dollars in fines. Finally, holding on to too much information because you can't manage the cascading legal holds results in over exposure of information. Information that may have not been discoverable if it was allowed to expire according to the documented legal and business driven rules is now discoverable and subjects an organization to increased legal and financial risk.

7. Do you have the technology and processes to migrate electronically stored information (ESI) to external counsel or discovery vendor without risking over exposure of information or the sacrifice of operational reliability?

As I mentioned in #5 above; it's essential to have the correct processes and procedures in place when turning over ESI to external counsel or a discovery vendor for processing. In addition to best practices, finding and employing the best technological solution to facilitate your companies policies and procedures is indispensable. Organizations need to understand that there's a difference between data and media. You never want to hand over the wrong media (i.e. tapes or disks). You do want to turn over the correct data. It's important that the distinction between data on original media and data on new media be understood. If data on original media is released, a company may be exposing themselves to inadvertent over-exposure as well as losing data recovery capability. It's important to identify the correct data and then copy the data to brand new media before releasing it.

Conclusion

If a company is not prepared for it, Electronic Discovery can be very difficult and very expensive. The financial and legal risks associated with not being prepared for discovery are huge and there's no excuse for it. Fortunately, it's not too late to begin getting your organization ready for the inevitable process of legal holds and eDiscovery. Begin simply and use the K.I.S.S. principle. Here's a simple formula to get you started:

-Create an eDiscovery team Assemble the data and process owners, specifically the legal department and I.T. For some organizations this will include records management and information security.
-Create and document the process of doing a legal hold from the moment a hold notification comes from the legal department through the conclusion of the case. Be sure to include the technical procedures for each application and data repository and use technologies designed specifically to deal with the complexities of legal holds.
-If you don't have the technologies or expertise to formulate the process or procedures, get expert help.
-Ensure your system for processing each legal hold has automated reporting capabilities and is easily auditable.
-Regularly review and update your legal hold process to reflect changes in the business and technologies employed.

ABOUT THE AUTHOR: Brian J. Greenberg
Brian Greenberg is the President & CEO of General System Dynamics. Brian Greenberg is one of the industries thought leaders in storage litigation readiness, eDiscovery, compliance, backup & archive, data protection, business continuance & disaster recovery and IT operations best practices. Brian has been a subject matter expert and consultant for the leading storage services companies and Fortune 100 companies. Brian has been designing and managing data storage systems for nearly 20 years for Fortune 100 companies including Motorola, Microsoft, Fujitsu, Washington Mutual and Bloomberg.

As a frequent industry speaker, Mr. Greenberg addresses how organizations can better align legal and business requirements with IT and has presented several papers and participated as a panelist at several conferences including StorageDecisions, DataCenter Decisions, Ziff-Davis Enterprise Virtual Trade Show and CampIT Conference.

Copyright General System Dynamics

More information about General System Dynamics


While every effort has been made to ensure the accuracy of this publication, it is not intended to provide legal advice as individual situations will differ and should be discussed with an expert and/or lawyer.
For specific technical or legal advice on the information provided and related topics, please contact the author.

Find an Expert Witness