By: Stanley Louissaint
A common misconception is that e-discovery begins when a suit is filed and a litigation hold is received. This could not be further from the truth. Data preservation and retention procedures are something that your clients need to have in place long before a suit even happens. The huge burden that e-discovery is known to place on a client is often due to the lack of instituting proper policies and procedures around data retention. Admitting that we live in a litigious society may be an understatement. Since we are aware of that from the onset, there are ways in which we can best equip our clients to protect themselves in the event that a suit arises.
One of the most frustrating things for counsel is the lack of information provided by a client. Knowing that a piece of information had existed and your client is no longer in possession of it to help prove his/her position is everything short of satisfying. I have witnessed many attorneys scour the earth to try to retrieve a small piece of information that they knew was pivotal to changing the outcome of their case. Aside from putting out the fires that your clients create, you, as an attorney, also have a duty to help provide your client with proactive and preventative solutions.
Every organization should have a basic electronic data retention policy in place. This is applicable to any and all electronic media. Everything ranging from Microsoft Word documents, PDFs, emails, text messages, and even internal instant messages. Some organizations are bound by regulatory and compliance bodies that force their hand into this, but many are not. Through my work as a consultant, I see that a lot of people haven’t given any thought to data retention policies, nor do they have any idea where to even start.
Before we move on, I want to be clear about one point. I am not advocating that companies retain all data for an infinite amount of time. But simply that they create and build a retention policy that is to be designed for a client’s individual business needs and legal considerations. When that predetermined period of time is exhausted, the data will be removed in the ordinary course of business. Of course, there is still the chance that, even if you destroy data according to your policies, you may still need it to defend yourself, so delete with caution.
This is an area where legal and tech have no choice but to intersect. As the attorney, it is important for you to understand the technologies that exist to help facilitate these data retention policies. The first question to ask is whether the client plans on storing their data on-premise or in the cloud. On-premise means that they will have servers in their office locations and everything will originate from there. Storing data in the cloud means that their data will reside in a third-party datacenter off-premise.
More often than not, your client will not own the hardware that their data is stored on when utilizing the cloud. This poses an interesting situation because not all cloud-based solutions offer the ability to create a customizable policy to properly retain data. So, depending on what the needs of the company are, not all cloud solutions are viable. This is a primary reason why some companies have chosen to shy away from implementing cloud-based solutions. Still, if your client chooses to implement cloud-based solutions that don’t meet the data retention requirements that are needed, they are not absolved of their responsibility. These are the times in which clients tend to act on their own behalf and it’s your job to fully advise them of the ramifications for doing so.
Now we have to find the data. That’s right—most organizations have no idea what data they are in possession of and where that data is even stored. Data can be stored everywhere, from the servers to user’s workstations, laptops and even mobile devices. Your technical experts should have the tools to seek out all the data that and where it exists within the organization. If your client doesn’t know what they have, then they don’t know what needs to be protected.
Rely on software vendors with a proven track record. Software vendors have built applications that allow us to create archives and store them in data vaults. In the technical world, archiving has been a term widely associated with emails.
As an on-premise system, let’s take a look at the Microsoft Exchange email platform. Exchange is still the most widely used on-premise email solution in business environments. Initially, the application did not have the built-in capabilities to globally archive emails, and you needed third-party tools to do that. As e-discovery and legal requirements have become a larger concern to the masses, Microsoft has integrated archiving features as standard into its platform. This helps to cut down the costs, as there is no need to purchase an additional archiving program.
Another feature that Microsoft added with its latest email platform is the ability to save a copy of all incoming/outgoing text messages to the user’s email box. The minute that data hits the email server, you are able to record and archive that data in accordance with the policies you have in place, just as you do with other emails.
For a cloud-based system, let’s look at the popular Google Apps email platform. Google has added the option of Google Vault, which adds archiving and e-discovery to the platform where all organizational emails can be stored for a certain period of time. Recently, I was involved in a case where there was a litigation hold in place, and the client utilized Google Apps but did not subscribe to the Google Vault service. This seemingly minor oversight created a situation where the client was not in compliance with the litigation hold, since there was no email archiving solution in place to preserve emails.
Next, make sure that there is an e-discovery component built in to the software of your choice, which allows for rapid searches and extraction of relevant information.
Being that a litigation hold means that you cannot delete your old data, you need to be able to place a hold your data retention policies. During the period of time that your hold is in effect, you cannot delete any of the data in accordance with the policies that you’ve created.
We focused on some of the options available to archive emails, but solutions exist for all types of data. The reality is that everything needs to be properly archived and retained according to a retention policy. Counsel and technical experts have to work together to craft policies that fit our individual clients’ goals and objectives. By working together and taking a more proactive approach, we can help to limit the costs of e-discovery should our clients become involved in litigation.
Reprinted with permission from the October 6, 2015 issue of the New Jersey Law Journal. © 2015 ALM Media Properties, LLC. Further duplication without permission is prohibited. All rights reserved.