Managing Data And Anticipating Litigation

In today's digital world, corporations must manage data in a manner that mitigates legal risk and reduces the likelihood of sanctions for failure to safeguard and preserve electronically stored information (ESI) that is potentially relevant to a legal or regulatory proceeding. Approximately 40% of all e-discovery cases in 2009 involved claims for sanctions against parties that allegedly failed to comply with discovery obligations. Of the sanctions cases, 67% addressed an alleged failure to properly preserve ESI. See Kroll Ontrack's 2009 Year in Review Report, available at www.krollontrack.com/news-releases/?getPressRelease=61396. This growing body of statutory and common law regarding electronic discovery instructs litigants that the best defense against sanctions is to take proactive measures to fully comply with future discovery obligations. Ignorance or lack of preparation are no longer tolerated, and there is decreasing protection for preservation mistakes, oversights or intentional destruction activities.

Facing the Risks

Corporations that are heavily regulated and targeted in litigation face increasingly significant risks that are inextricably tied to information management and data storage. The tendency to over-preserve electronic data leaves organizations with mountainous volumes of ESI and an attendant increase in risk and cost, while inadequate policies, processes and tools often lead to wrongful destruction and possible spoliation sanctions. Meanwhile, some corporations spend considerable sums on one-off tools that can identify and “hold” content, while failing to address the policies and risks associated with the native systems where the content actually lives. Corporations that fail to leverage enterprise-wide technology to manage data or invest in tools that over-promise and under-deliver bear the burden of inflated costs and increased risk associated with responding to litigation or regulatory inquiries.

Corporate Data Management Practices Today

In February 2010, Kroll Ontrack surveyed 170 law firm attorneys, corporate counsel, IT administrators and legal support professionals on the showroom floor of LegalTech' New York to better understand how corporations are managing data in preparation for litigation and/or regulatory inquiries. See the results of Kroll Ontrack's recent survey conducted at LegalTech' New York 2010, available at www.krollontrack.com/news-releases/?getPressRelease=61435. Nearly 63% of corporate legal, compliance and IT professionals claimed that inadequate technology was one of the biggest barriers to managing electronically stored information (ESI). And, one-third of respondents confirmed they either do not have or do not know if they have the appropriate technology tools or an archiving platform to manage the storage and destruction of ESI. These results are staggering when considering the legal risks and inflated costs that flow from a failure to manage data in a manner that contemplates legal requests for production of ESI. The bottom line is this: In today's digital world corporations must implement sound data retention and disposal protocols, ensuring compliance with legal hold obligations while also disposing of material in native systems when it is prudent to do so. Through implementing the right technology solution, organizations can proactively minimize the burdens associated with responding to legal requests for ESI.

The Duty to Preserve

Despite the growing body of case law on the topic, knowing when the duty to preserve arises is a key issue that continues to plague corporations. Once a lawsuit, audit or investigation begins, corporations are considered to have been provided actual notice and are subject to a duty to preserve potentially relevant paper documents and ESI. This duty is clear and uncontroverted. However, following Zubulake v. UBS Warburg LLC, it is well-established that the duty to preserve arises upon reasonable anticipation of litigation. Under this standard, more often than not, the duty to preserve arises well in advance of commencement of litigation or an investigation.

Although pertinent case law does provide corporations useful guidance in determining when the duty to preserve is triggered, each determination is inherently fact-based and highly dependent upon individualized circumstances. It is the duty of individual entities and respective corporate counsel to discern when preservation is required and to issue proper written legal holds in response. When litigation appears to be on the horizon, prudent corporations act conservatively and quickly implement written legal holds. (In fact, respondents at LegalTech' New York cited a technology's ability to effectively implement litigation holds as a key factor when making an enterprise-wide information management purchasing decision.) However, before the duty to preserve is triggered corporations can avoid preservation missteps and resulting sanctions by thoughtfully and proactively managing data in a manner that contemplates a swift and effective litigation response. To accomplish this, corporations should consider incorporating the following data management best practice tips into their records management protocol.

Know Where Your Data Lives

An organization must know where its data is stored before it can effectively manage that data in a manner that contemplates and prepares for future litigation. Many organizations catalog and keep track of data through creating and maintaining an application inventory and data map. An application and inventory map diagrams IT environments to help corporations and outside counsel quickly identify relevant data sources and custodians that are key to an investigation or litigation, and prevents the need to search for information throughout every storage system within the organization's IT environment. An application inventory and data map should include a record of past and present operating systems and application software, document retention and back-up rotation procedures and schedules, contact information for a designated point-person in each business department, and notes regarding accessibility difficulties issues that may support an argument of undue burden and/or expense.

Once the application inventory and data map is in place, it must be regularly updated to stay current with the constant evolution of a corporation's technology environment. The updates should intertwine with technology asset management processes, storage planning, information security assessments and other processes that touch the IT environment. When applications or systems are retired, information should be included as to where the final set of data is kept and what process will be required to restore if necessary. Maintaining the current and comprehensive nature of this information will save time, effort and cost down the road. This will also strengthen defensibility arguments if the opposing party moves for spoliation sanctions in the event data is lost or otherwise does not get preserved.

Institute a Defensible Document Retention and Disposal Policy

As legal requirements become more stringent, it is increasingly important for organizations to arm themselves with the proper tools to defend against the many risks presented by the mountains of data created and maintained in the course of business. A key component of sound data and records management is the implementation of a repeatable, defensible document retention policy. A defensible retention policy will classify records per a records retention schedule that dictates how long each record classification should be kept, and contain citations of any applicable document retention regulations in order to ensure compliance with regulatory bodies and industry standards.

Once an organization has comprehensively determined the universe of records to be maintained, decisions may be made with regard to the method of maintenance and necessary document destruction policies. A defensible document retention policy will detail where data is to be stored, in what format electronic documents should be retained, and when, if at all documents and records should be converted to alternative formats.

Archive Your Data

Implementation of an archiving system is an integral part of a sound document retention policy and data management solution. Organizations facing tighter budgets and decreased resources may question why archiving is an important investment. Archiving allows corporations to maintain records in a way that optimizes storage efficiency, reduces expenses and complies with legal and regulatory requirements. More specifically, archiving can actually help control electronic discovery costs, which is often the largest unbudgeted annual corporate expense. Maintaining data in an archive will also allow corporate litigants meet short timelines to preserve, collect, process, review and produce data, while delivering electronic information in a form conducive to cost-effective document review. This will prevent the expense of searching through unorganized data that is often scattered across various mediums within an organization when litigation or an investigation is apparent.

Another critical function of an archiving solution is the ability to administer legal holds. Incorporating legal hold technology within an overarching data archiving system allows users to search throughout an IT enterprise to identify and immediately preserve potentially relevant ESI, minimizing risks of potential failure to preserve claims. As demonstrated by opinions in cases such Pension Committee of the University of Montreal Pension Plan v. Banc of America Securities, LLC, the standards of acceptable discovery conduct in regards to implementing legal holds has been raised. Following this recent, authoritative opinion, the failure to issue timely, written legal holds is deemed to be grossly negligent behavior and may subject litigants to terminating sanctions.

Although some jurisdictions still require evidence of intentional misconduct to warrant the imposition of terminating sanctions, the message of recent opinions is clear. Ignorance in the arena of preservation obligations, including the issuance of legal holds, is no longer an acceptable excuse. This, coupled with the difficulty of determining the precise moments when a corporations duty to preserve attaches, demands corporations to be cognizant of the way they manage data in conjunction with issuing legal holds.

Conclusion

As data stores continue to increase and courts tolerances of failures to preserve decline, it is more important than ever for corporate counsel to advocate for the investment in proactive, comprehensive corporate information management systems. Information management platforms must ensure that data that is necessary to the business or potentially relevant to a legal or regulatory proceeding is safeguarded. Conversely, data that is not business-essential or not relevant to a legal proceeding should be systematically disposed of. Technological solutions such as archiving platforms with legal hold functionality will not only help ensure that business continuity objectives are being met, but help legal, IT and compliance teams to appropriately preserve, manage, locate and produce relevant ESI in a legal or investigatory proceeding.

Michele C.S. Lange, Esq. is director of discovery product management at Kroll Ontrack (www.krollontrack.com). George M. May, Jr. is vice president of product strategy at the firm. Special thanks to law clerk Kelly Runkle for her research and assistance in writing this article.

In today's digital world, corporations must manage data in a manner that mitigates legal risk and reduces the likelihood of sanctions for failure to safeguard and preserve electronically stored information (ESI) that is potentially relevant to a legal or regulatory proceeding. Approximately 40% of all e-discovery cases in 2009 involved claims for sanctions against parties that allegedly failed to comply with discovery obligations. Of the sanctions cases, 67% addressed an alleged failure to properly preserve ESI. See Kroll Ontrack's 2009 Year in Review Report, available at www.krollontrack.com/news-releases/?getPressRelease=61396. This growing body of statutory and common law regarding electronic discovery instructs litigants that the best defense against sanctions is to take proactive measures to fully comply with future discovery obligations. Ignorance or lack of preparation are no longer tolerated, and there is decreasing protection for preservation mistakes, oversights or intentional destruction activities.

Facing the Risks

Corporations that are heavily regulated and targeted in litigation face increasingly significant risks that are inextricably tied to information management and data storage. The tendency to over-preserve electronic data leaves organizations with mountainous volumes of ESI and an attendant increase in risk and cost, while inadequate policies, processes and tools often lead to wrongful destruction and possible spoliation sanctions. Meanwhile, some corporations spend considerable sums on one-off tools that can identify and “hold” content, while failing to address the policies and risks associated with the native systems where the content actually lives. Corporations that fail to leverage enterprise-wide technology to manage data or invest in tools that over-promise and under-deliver bear the burden of inflated costs and increased risk associated with responding to litigation or regulatory inquiries.

Corporate Data Management Practices Today

In February 2010, Kroll Ontrack surveyed 170 law firm attorneys, corporate counsel, IT administrators and legal support professionals on the showroom floor of LegalTech' New York to better understand how corporations are managing data in preparation for litigation and/or regulatory inquiries. See the results of Kroll Ontrack's recent survey conducted at LegalTech' New York 2010, available at www.krollontrack.com/news-releases/?getPressRelease=61435. Nearly 63% of corporate legal, compliance and IT professionals claimed that inadequate technology was one of the biggest barriers to managing electronically stored information (ESI). And, one-third of respondents confirmed they either do not have or do not know if they have the appropriate technology tools or an archiving platform to manage the storage and destruction of ESI. These results are staggering when considering the legal risks and inflated costs that flow from a failure to manage data in a manner that contemplates legal requests for production of ESI. The bottom line is this: In today's digital world corporations must implement sound data retention and disposal protocols, ensuring compliance with legal hold obligations while also disposing of material in native systems when it is prudent to do so. Through implementing the right technology solution, organizations can proactively minimize the burdens associated with responding to legal requests for ESI.

The Duty to Preserve

Despite the growing body of case law on the topic, knowing when the duty to preserve arises is a key issue that continues to plague corporations. Once a lawsuit, audit or investigation begins, corporations are considered to have been provided actual notice and are subject to a duty to preserve potentially relevant paper documents and ESI. This duty is clear and uncontroverted. However, following Zubulake v. UBS Warburg LLC, it is well-established that the duty to preserve arises upon reasonable anticipation of litigation. Under this standard, more often than not, the duty to preserve arises well in advance of commencement of litigation or an investigation.

Although pertinent case law does provide corporations useful guidance in determining when the duty to preserve is triggered, each determination is inherently fact-based and highly dependent upon individualized circumstances. It is the duty of individual entities and respective corporate counsel to discern when preservation is required and to issue proper written legal holds in response. When litigation appears to be on the horizon, prudent corporations act conservatively and quickly implement written legal holds. (In fact, respondents at LegalTech' New York cited a technology's ability to effectively implement litigation holds as a key factor when making an enterprise-wide information management purchasing decision.) However, before the duty to preserve is triggered corporations can avoid preservation missteps and resulting sanctions by thoughtfully and proactively managing data in a manner that contemplates a swift and effective litigation response. To accomplish this, corporations should consider incorporating the following data management best practice tips into their records management protocol.

Know Where Your Data Lives

An organization must know where its data is stored before it can effectively manage that data in a manner that contemplates and prepares for future litigation. Many organizations catalog and keep track of data through creating and maintaining an application inventory and data map. An application and inventory map diagrams IT environments to help corporations and outside counsel quickly identify relevant data sources and custodians that are key to an investigation or litigation, and prevents the need to search for information throughout every storage system within the organization's IT environment. An application inventory and data map should include a record of past and present operating systems and application software, document retention and back-up rotation procedures and schedules, contact information for a designated point-person in each business department, and notes regarding accessibility difficulties issues that may support an argument of undue burden and/or expense.

Once the application inventory and data map is in place, it must be regularly updated to stay current with the constant evolution of a corporation's technology environment. The updates should intertwine with technology asset management processes, storage planning, information security assessments and other processes that touch the IT environment. When applications or systems are retired, information should be included as to where the final set of data is kept and what process will be required to restore if necessary. Maintaining the current and comprehensive nature of this information will save time, effort and cost down the road. This will also strengthen defensibility arguments if the opposing party moves for spoliation sanctions in the event data is lost or otherwise does not get preserved.

Institute a Defensible Document Retention and Disposal Policy

As legal requirements become more stringent, it is increasingly important for organizations to arm themselves with the proper tools to defend against the many risks presented by the mountains of data created and maintained in the course of business. A key component of sound data and records management is the implementation of a repeatable, defensible document retention policy. A defensible retention policy will classify records per a records retention schedule that dictates how long each record classification should be kept, and contain citations of any applicable document retention regulations in order to ensure compliance with regulatory bodies and industry standards.

Once an organization has comprehensively determined the universe of records to be maintained, decisions may be made with regard to the method of maintenance and necessary document destruction policies. A defensible document retention policy will detail where data is to be stored, in what format electronic documents should be retained, and when, if at all documents and records should be converted to alternative formats.

Archive Your Data

Implementation of an archiving system is an integral part of a sound document retention policy and data management solution. Organizations facing tighter budgets and decreased resources may question why archiving is an important investment. Archiving allows corporations to maintain records in a way that optimizes storage efficiency, reduces expenses and complies with legal and regulatory requirements. More specifically, archiving can actually help control electronic discovery costs, which is often the largest unbudgeted annual corporate expense. Maintaining data in an archive will also allow corporate litigants meet short timelines to preserve, collect, process, review and produce data, while delivering electronic information in a form conducive to cost-effective document review. This will prevent the expense of searching through unorganized data that is often scattered across various mediums within an organization when litigation or an investigation is apparent.

Another critical function of an archiving solution is the ability to administer legal holds. Incorporating legal hold technology within an overarching data archiving system allows users to search throughout an IT enterprise to identify and immediately preserve potentially relevant ESI, minimizing risks of potential failure to preserve claims. As demonstrated by opinions in cases such Pension Committee of the University of Montreal Pension Plan v. Banc of America Securities, LLC, the standards of acceptable discovery conduct in regards to implementing legal holds has been raised. Following this recent, authoritative opinion, the failure to issue timely, written legal holds is deemed to be grossly negligent behavior and may subject litigants to terminating sanctions.

Although some jurisdictions still require evidence of intentional misconduct to warrant the imposition of terminating sanctions, the message of recent opinions is clear. Ignorance in the arena of preservation obligations, including the issuance of legal holds, is no longer an acceptable excuse. This, coupled with the difficulty of determining the precise moments when a corporations duty to preserve attaches, demands corporations to be cognizant of the way they manage data in conjunction with issuing legal holds.

Conclusion

As data stores continue to increase and courts tolerances of failures to preserve decline, it is more important than ever for corporate counsel to advocate for the investment in proactive, comprehensive corporate information management systems. Information management platforms must ensure that data that is necessary to the business or potentially relevant to a legal or regulatory proceeding is safeguarded. Conversely, data that is not business-essential or not relevant to a legal proceeding should be systematically disposed of. Technological solutions such as archiving platforms with legal hold functionality will not only help ensure that business continuity objectives are being met, but help legal, IT and compliance teams to appropriately preserve, manage, locate and produce relevant ESI in a legal or investigatory proceeding.

Michele C.S. Lange, Esq. is director of discovery product management at Kroll Ontrack (www.krollontrack.com). George M. May, Jr. is vice president of product strategy at the firm. Special thanks to law clerk Kelly Runkle for her research and assistance in writing this article.