Disco The Legal Hold Playbook Instructions

Disco The Legal Hold Playbook Instructions

How to use this guide

The Legal Hold Playbook is intended to provide a practical framework for codifying procedures and workflows into a formal document to improve the effectiveness of your legal hold team, process, and technology. By articulating predictable and repeatable processes, legal hold personnel understand their roles and responsibilities and can minimize ad-hoc decision making. In-house legal departments that leverage the playbook are poised to respond faster and more easily than those who use a bespoke approach. By customizing and documenting a playbook specific to your business requirements, your legal teams have access to a centralized and referenceable guide on approved policies and procedures designed to mitigate risks, minimize costs, and optimize personnel and technology resources, and ultimately defensible legal hold compliance. Linked in each section of the playbook is a corresponding template in the appendix where you can document and track your legal hold procedures and workflows

Preparing for a legal hold

Before you begin blocking and tackling on legal hold, it’s critical that you understand who your stakeholders are in each department, what data you have and in which applications it lives, and the roles and responsibilities for each legal team member. Take stock of these components using the steps below.

Identifying stakeholders by department

These are the individuals who either play an active role in the legal hold workflow or who need to be notified at every step. Who are the individuals that are gatekeepers of information, IT assets, and/or data that will be needed to ensure compliance with legal hold? Some examples can include:

• General Counsel/Legal
• Head of IT
• Chief Information Security Officer (CISO)
• Chief Data Security Officer (CDO)
• Human Resources
• Chief Sales Officer
• CFO

Identifying data sources
One of the requirements of legal hold is preserving data, and in today’s modern enterprise, the sheer number of data sources that can be subject to legal hold only continues to proliferate. Here are some questions consider:

• What data sources do you have?
• Where does your data sit?
• Who is the gatekeeper of that information, meaning that if you needed to ask a question about the data or talk to someone regarding its preservation and collection, who would you need to speak to?

When evaluating your potential data sources, be as broad as possible. You’ll want to brainstorm with your IT department to ensure that your playbook encompasses all possible data locations. Below are some higher-level examples, but note that any data a particular employee touches could potentially be required to be held.

Email applications

• Outlook
• Gmail

Cloud storage applications

• Dropbox
• Box
• OneDrive
• Google Drive
• SharePoint

Productivity applications

• Microsoft 365
• Google Workspace

Collaboration applications

• Microsoft Teams
• Google Chat
• Slack
• Discord
• Mattermost

Meeting software

• Skype
• Zoom
• Fuze
• Google Meet
• Microsoft Teams

Network drives

• Private drives
• Shared drives

Cloud backup & storage solutions

• Code42
• Isilon
• NetApp

Don’t forget physical infrastructure, including:

• Company-issued computers
• Company-issued cellphones
• Shared file systems and drives

Your organization might employ enterprise technology management applications to oversee physical infrastructure and hardware as well, such as:

• Oomnitza
• Teqtivity

→ Action: Jump to Table 2 to list relevant data sources at your organization that are or may be subject to legal hold.

Identifying legal hold team members
Legal hold can be a complicated process. Make sure you know all the members of your legal hold team and what their core responsibilities are. This will help you to determine an internal chain of command, starting with the owner of the legal hold process.

→ Watch For: Develop a protocol for keeping your stakeholder, data, and legal team information up to date. Ideally, these should be re-examined at least quarterly, but determine what cadence works best for your company, and stick with it.
→ Action: Jump to Table 3 to list your organization’s legal hold team members.

Building your legal hold workflows

Planning for triggering events
The need to initiate a legal hold arises when possible legal or regulatory action is anticipated, or a demand or letter complaint has been received. Legal holds are extremely important, as the failure to properly initiate legal holds can result in negative inferences and hefty sanctions.

Concerns that may constitute a triggering event will be different for each company. Examples include:

Anticipated litigation

• External events triggering shareholder suits
• External events triggering class action suits
• External events triggering individual civil or criminal suits

Regulatory action

• Internal events
• Employee termination
• Investigations

Once a triggering event has taken place, you’ll likely receive a request from counsel to issue a legal hold and preserve data. Developing, documenting, and following a plan for preservation compliance will ensure that you mitigate the risk of spoliation.

Creating notices
Custodians will need to be given a legal hold notice to inform them of their obligations. Legal hold notices provide an opportunity to give custodians any additional information related to the anticipated legal action, such as:

• Custodians’ data management responsibilities, such as what to keep and how long to keep it for
• Who they may or may not speak to about the action
• Definitions of what materials may need to be preserved
• Information about the action itself

While every matter will be different, each will share large portions of information. Consider making basic matter notice templates that can be edited to insert unique information before sending to matter custodians. At a minimum, consider creating the following notices

• Notices by event type
• Notices by lawsuit type
• Notices by jurisdiction
• Notices addressing privilege clawbacks
• Notices addressing internal investigations
• Notices addressing employee terminations
• Notices reminding custodians periodically of their obligations
• Notices releasing custodians from their obligations

→ Watch For: Nobody likes reinventing the wheel. Use highlighting to determine what information may need to be changed per matter or, even better, use legal hold software that makes use of metadata tags. These tags can create placeholders that insert basic matter information, reducing the amount of time needed to edit matter notices with unique information.

Identifying custodians

Custodians are individuals who may have evidence related to the triggering event. When identifying custodians, several pieces of information are key to note. Keeping a list of custodians for an individual matter is important for several reasons:

1. A legal hold notice must be sent to each custodian to inform them of their obligations (e.g., obligations to keep and not delete all emails, data, etc.). An exception to this is for a silent hold, which may be issued for an internal investigation requiring that an employee’s data is held but that the individual not be notified so as to not tip them off that they are the subject of an investigation.
2. IT will require a list of the individuals that need data held in place or copied to a secure location. If any hardware imaging or expanded retention policies need to be put into place on an individual basis, the IT department will need to know where to direct their efforts.

As part of identifying your custodians, you’ll need to pinpoint which sources those custodians use so that you know which sources need to be preserved. Remember to think broadly — most employees use applications beyond email that may need to be preserved. For this reason, we recommend keeping track of which sources can be held automatically via API integration and which require a hold to be set manually. Sources that require a manual hold may require additional coordination with IT.

→ Watch For: Consider keeping a standing list of custodians that are frequently on hold due to their position within the company. For example, company directors are nearly always subject to one or more legal holds. Keeping this running list will save time when it comes to gathering custodian information.

Sending legal hold notice to custodians

Sending notices can be done via a manual process or automatically:

• A manual process involves logging in and sending the notice using your email.
• An automated process involves using a tool that is integrated with your active directory and can email custodians all at once — without having to track down email addresses. Make sure you’re tracking all information related to the sent notice, including:
• Which custodian(s) received the notice
• The date the notice was sent
• The date the custodian acknowledged the response (if applicable)
• When the next reminder needs to go out to each custodian

Requiring and tracking acknowledgements

In the event that your legal hold process is called into question, you may need to show that you have made reasonable efforts to comply with your preservation compliance obligations. Most commonly, this is done by requiring that custodians acknowledge receipt of the legal hold notice. Develop a workflow for how your custodians can acknowledge receipt of their legal hold notice. Do you want them to simply reply to the notice and indicate acknowledgment? Whatever the method, it is important that you stick to that workflow so that custodians learn what is expected of them and are able to comply accordingly. Tracking these acknowledgements is extremely important, both to show you have made best efforts to inform custodians and as a way to determine which custodians may require more follow up. The process can be a manual one or it can be automated:

• A manual process involves custodians contacting the legal department using the methods defined in the legal hold notice and affirmatively stating that they received and read the notice. These acknowledgments will need to be tracked both by printing or saving the acknowledgments and by logging the acknowledgments in a centralized tracker.
• An automated process allows custodians to acknowledge with a simple click of a button and tracks these acknowledgments for you. As custodians have ongoing obligations for the duration of their attachment to a matter, you’ll want to make sure that the notices are continuously available to each custodian. Be sure to keep a repository of notices available so that the custodians do not have to rely on their email to ensure they are up to date on obligations.

→ Watch For: Custodians should not have access to all matter notices, as some will not apply to them and may contain information that they should not be privy to. When developing your repository of notices, make sure you consider accessibility and how to limit custodian access to only those notices that apply to them

Sending automated reminders

In an ideal world, custodians would receive notices, immediately use whichever method you have laid out to acknowledge receipt, commit the contents to memory, and continuously remind themselves of their obligations under each and every legal hold notice they’ve received.  In the real world, custodians are busy – and human. They may receive hundreds of emails a day and miss the legal hold notice, ignore their emails, or read and have every intention of acknowledging them later, only to forget before they have a chance to follow through. More challenging still, individual matters can last for years, over which time custodians may forget they’re on hold or assume that a matter has been resolved and that they’re free from their obligations. In addition to designing a workflow that custodians can use to acknowledge holds, you will need to develop a workflow to follow up with them and get that acknowledgment if – or when – a custodian does not acknowledge a legal hold notice in a timely fashion. For each notice, you will need to keep track of who has yet to acknowledge and set a timeline by which you send that custodian reminders to acknowledge receipt of their obligations. You will then need to stick to that timeline, as deviations invite errors and for custodians to slip through the cracks.

This process can be manual or it can be automated:

• A manual process involves tracking notice sent dates in a centralized tracker, determining the date  on which any unresponsive custodians should be reminded to acknowledge, reaching out to the custodian at the appropriate time with a reminder, and repeating the process until the custodian has fulfilled the acknowledgment request.
• An automated process allows you to set defined intervals between custodian reminders, the system  handling the heavy lifting of emailing the custodian a reminder and tracking their acknowledgment status. Notice acknowledgment reminders are not the only reminders you should be sending your custodians. At a set duration, you should consider sending your custodians a global reminder about the matters on which they remain on hold and of their obligations under each matter.

→ Watch For: Have a plan in place in the event that a custodian remains unresponsive for a set amount of time. Whom do you escalate to? What method do you use?

Tracking and auditing
As mentioned above, in the event that the sufficiency of your company’s legal hold process is called into question, you will need to be able to show that you have done your best to comply with all legal hold obligations under applicable law.
This requires keeping an audit log of all activity related to a matter:

Custodian selection

• Custodian type
• Types of sources on hold and date(s) those sources were held

Notice creation

• Edits and reviews done on each notice
• Notice sent date and content

Dates on which custodians acknowledged their legal hold notices

• Dates of any reminders
• Records of any escalation

Preserving data

As you may have noticed, sending a legal hold notice is only one piece of a company’s obligation when litigation is reasonably anticipated – the data itself needs to be held as well. This is why knowing where your data sits and your company’s retention schedules are crucial. Understand that your company’s data governance policies are complex, and don’t assume that just because the company retains data indefinitely for one tool that it does so for all tools. Different data may be subject to different retention schedules (for example, Slack data may be held for 30 days by default) and you’ll need to factor that into your legal holds.

Manual hold through IT
Your IT department should be able to hold the necessary data or augment existing retention policies in order to ensure that any needed data is kept. At this step, a list of custodians should be sent to your IT contacts for the individual sources that need to be held. At minimum, the information you send should include the custodian name, email, sources required, and any date information. For purposes of legal hold, you should consider holding all data for each custodian and not restricting by date. Once IT confirms that these holds have been placed, consider asking for a return report that you can add to your matter file to support your audit trail.

→ Watch For: Don’t forget about physical assets. Coordinate with IT to understand how the company manages laptops and other physical assets, including asset management and inventory tools like Teqtivity and Oomnitza. Pay particular attention and have a documented workflow in place for managing outgoing employees that are on active legal holds.

Automatic, in-place preservation
In-place preservation (IPP) is simply preserving data where it lives as opposed to making a copy of it and storing it in an archive. IPP is a best practice to minimize storage costs and to limit copying data that may live in storage environments under the control of third party vendors, not to mention access controls. For legal hold, IPP is the fastest way to meet your preservation compliance requirements. Many enterprise applications have built in legal hold applications, including Google Vault, Microsoft 365, Slack, Dropbox, Box, and Code42. These applications also offer modern APIs that allow you to automate creating holds and preserving data with a single click. Absent a connected legal hold tool, you will need to work with the IT owner of each enterprise application, who should be able to help with creating holds. However, dependency on IT can delay your coming into compliance, i.e., your compliance will move as fast as your IT team is willing to support you.

→ Watch For: Keep track of all data sources that offer APIs and in-place preservation applications. Make note of names and contact information for all IT owners by application.

Reporting and auditing
The importance of an audit trail cannot be overstated. We discussed the importance of data tracking above, but matters are rarely stagnant. Develop an evaluation cycle for your cases at the matter level and at the overview level. You want to be able to show your work in case your legal hold management is ever called into question.

→ Watch For: As you might guess, the data tracking and auditing processes alone can be hugely manual in nature with a lot of opportunity for error. Consider using a tool that will programmatically manage this data log for you.

→ Action: Jump to Table 4 to track all data sources that offer APIs and in-place preservation applications and to make a note of names and contact information for all IT owners by application

Releasing custodians and closing a matter

You should have a closing procedure in place for when matters come to an end. Assuming you’ve given your custodians a notification and informed them of their responsibilities, you will need to let them know that those responsibilities no longer apply to them. Additionally, you will need to interface with the IT department to ensure that they are aware that any existing holds related to the closed matter should be released and that the associated data should return to the applicable normal retention schedule.

→ Watch For: A custodian may be released from one legal hold but still obligated under others. This is particularly crucial when interfacing with the IT department: before you inform IT of the need to release a legal hold, it is good practice to determine whether any custodians should still remain on legal hold. This can be done manually via tracking custodians and all open matters, or through use of software that automatically holds data in place such that the release of a custodian from one hold will not affect any others.

Follow-ups and ongoing management

After an initial notice is sent out and holds placed, most matters will require some kind of follow-up as litigation or regulatory examination or investigation is initiated (or dismissed). Repeat the above processes as many times as is necessary to ensure that your custodians are well informed, all of the necessary custodian data is held, and your obligations under applicable law  are fulfilled

Keeping stakeholders informed
Matters are rarely static – but neither is a company’s workforce. Employees change their legal names, change positions, change departments, begin using new tools, and most importantly, leave. Even if an employee on legal hold is terminated, their employment status has no bearing on their status as a custodian and the obligations therein, and so the law requires that their data continue to be held.Develop a process whereby you continuously evaluate whether terminated employees are on legal hold. This evaluation requires the legal team to be in communication with HR, whether through  an alerting system or routine audits. It also requires putting a plan in place to immediately notify IT when an active custodian is terminated so that no assets are inadvertently lost.

Table 1: Identifying stakeholders by department

Name| Title| Department| Email| Phone| Date last evaluated / notes
---|---|---|---|---|---
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |

Table 2: Identifying data sources
Use this table to list relevant data sources at your organization that are or may be subject to legal hold.

Name of source| Location| Contact| Contact email| Contact phone| Can data be held in place?| Manual or automatic preservation?| Date last evaluated / notes
---|---|---|---|---|---|---|---
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |

Table 3: Identifying your legal hold team
Use this table to list your organization’s legal hold team members

Name| Title| Email| Phone| Role / responsibilities| Date last evaluated / notes
---|---|---|---|---|---
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |

Table 4: Inventory of data ecosystem
Use this table to keep track of all data sources that offer APIs and in-place reservation applications and to make a note of names and contact information for all IT owners by application.

Application| IT owner name| Email| Phone| Date last evaluated / notes
---|---|---|---|---
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |

Documents / Resources

| Disco The Legal Hold Playbook [pdf] Instructions
The Legal Hold Playbook, Legal Hold Playbook, Hold Playbook, Playbook
---|---

References

• AI-enabled legal technology that improves outcomes

Read User Manual Online (PDF format)

Read User Manual Online (PDF format)  >>

Download This Manual (PDF format)

Download this manual  >>