Migrated from eDJGroupInc.com. Author: Amber Scorah. Published: 2012-06-13 05:00:31Format, images and links may no longer function correctly. The best way to avoid costly disputes over the adequacy of eDiscovery processes and collections is to build a defensible litigation hold business process. In Part One of this series, we talked about using information security management techniques as an aid in building a defensible process around the execution of the duty to preserve. In today’s post, Jeffrey Ritter, CEO of The Ritter Academy (www.ritteracademy.com) identifies some key risk areas that must be navigated to achieve this goal.
Amber Scorah: There are some important risk areas that must be navigated to achieve a defensible litigation hold process. Could you outline a few of those for us?
Jeffrey Ritter: Sure. When we look at litigation holds and the duty to preserve evidence, for most of the 20th Century and even the first ten years of this last decade, we have allowed the legal community to not emerge with a consistent process—a process that’s structured, a process that can be technology enabled, a process that creates records that will enable defensibility.
Instead, clients are often faced with the most famous two words in legal advice: “It depends.” Those words no longer seem appropriate in the 21st Century. Any business process can be standardized, it can be structured, and it can be disciplined with technology to defensible and repeatable process. That’s what technology allows us to do.
But, in order to build that solution, we need to map out that risk and understand the risks in a structured fashion to which technology can be applied. By using the information security assessment approach we talked about in Part 1, we can create a systemic view of how we are to identify, preserve, and collect the evidence for litigation. There’s a really good positive model out there–the Electronic Discovery Reference Model (or EDRM)–that shows the work flow of what the parties should do in a case to collect and preserve, but it doesn’t address the risk factors. How do things go wrong? That’s what you need to build your process to address.
This map shows a process approach to exposing and controlling these risks. The mistakes identified on this map are all annotated to actual judicial decisions in which the court imposed sanctions or found inappropriate conduct on behalf of council for their clients. Once the existence of a risk is identified, it is possible to put in place appropriate controls.
Three areas that I see continuing to require attention are the following:
1) First, attorney supervision—the courts have made clear the lawyer has a responsibility for ensuring the duty to preserve is properly executed. And yet time and again the case law reveals an attorney who either allows the client to take responsibility for it without supervision, or if there’s in house counsel they might delegate it to in-house employees without appropriate supervision;
2) A second area is the delayed distribution of the instructions to the people who hold the ESI to preserve it. In the past, no one even thought about preserving evidence until their lawyers have gone through preliminary jousts about whether there is a case that has actually been stated, whether there is a basis for giving legal relief for the reported claim of misconduct… then they start thinking about evidence. But with this shift in the awareness of how the digital world intersects with the duty to preserve, the lawyers aren’t catching up yet. As a result, they are often getting around to telling people they have a duty to preserve information, when in fact the duty to preserve arises when the litigation is known or reasonably contemplated.
The reality is that our digital infrastructure is destroying and deleting data all of the time. Even though there is a substantial sense that we save everything, the reality is that data is being deleted and overwritten in every machine all of the time and there are consequences when you delay giving the instructions to preserve, people will destroy stuff and that creates legal risk.
3) Finally, the other thing that happens is the failure to suspend activities that result in destruction. For example, the company might have a corporate rule that all email in an inbox is going to be deleted automatically after 28 days. Well, that rule is in conflict with the duty to preserve. When electronic mail processes are not appropriately suspended, email can be lost.
This more detailed map (rittermap RA-RM502 Suspending Electronic Mail Disposition Practices) shows all the different switches that need to be switched if a company does not have in place a strong archiving solution for their email, but instead leaves the email to being disposed of or manipulated by their employees.
For more information visit http://www.e-discoveryevent.com, or email amber.scorah@iqpc.com.
eDiscoveryJournal Contributor: Amber Scorah, Legal IQ