This article explains what litigation hold means and how IT teams can respond when they receive a litigation hold notice for data that they manage.
What Is Litigation Hold?
A litigation hold, which is also known as a legal hold>, requires an organization to preserve data that may be relevant to a legal case.
A litigation hold requires not only that data be preserved, but also that it be preserved in its present state until the hold is lifted. This means that, for example, changes to a database that may modify or delete data are not permitted while the litigation hold is in effect.
Legal Hold Policy and Procedures
A litigation hold begins with a letter from an attorney to a company. The letter serves as a legal hold notice, informing the company that a legal hold must go into effect.
Upon receiving a legal hold notice, a company should perform the following steps:
- Notify IT staff who are responsible for managing data that is impacted by the legal hold.
- Ensure that IT staff acknowledges the legal hold notice.
- As soon as possible, IT staff should secure and preserve data that is impacted by the legal hold.
The organization that is subject to the legal hold should document each of these steps. In the event of an audit, documentation is important for proving that the company took the appropriate steps to respond to the litigation hold notice within a reasonable period of time.
How to Preserve Data during a Legal Hold
Typically, IT staff who are responsible for preserving data during a legal hold take one of two approaches.
Preserving Data In-Place
The first approach is to preserve data in-place. Under this model, the data that is impacted by the legal hold remains in its original location, such as on production email and database servers.
An in-place data preservation policy can be easier to implement because it does not require data to be copied to a new location in order to comply with the litigation hold notice. However, in order to be effective, an in-hold data preservation strategy must be accompanied by policies that prevent impacted data from being deleted or modified.
Depending on the type of data you are working with, this could be easy or difficult to achieve. For example, emails cannot typically be modified after they are created. They are easy to preserve in-place without the risk of modification (although steps should be taken to prevent them from being deleted). In contrast, word processor documents could be easily modified, so preserving them in-place while preventing modifications may require changing file permissions so that they become read-only for the time the legal hold is in effect.
In addition, because new data could be added alongside the original data, admins should establish a way to distinguish data that existed at the time of the legal hold notice from data that was created later. A file system snapshot is one of the ways to achieve this.
Segregated Data Repository
The second approach is to create a segregated data repository for the impacted data. This entails copying all of the data to a separate location, where it cannot be modified or deleted during the litigation hold.
A segregated data repository provides the simplest way to separate data impacted by the litigation hold from other data and to ensure that modifications to data on production systems do not change the state or contents of data that is affected by the legal hold.
The downside of this approach is that it requires additional infrastructure for storing the segregated data. It also creates an additional body of data that admins must back up and manage as long as the legal hold remains in effect.
Litigation Hold Best Practices
When responding to a legal hold, organizations should adhere to the following practices in order to minimize the risk to the organization:
- Document all operations related to affected data in order to create an audit trail.
- Manage access controls to impacted data in order to keep it secure. Unauthorized access to data is bad under any circumstances, but it can be especially disastrous when the data is involved in a litigation hold.
- Keep backups of impacted data that maintain the requirements of the litigation hold. If you use a segregated data repository, you should back up the repository. If you preserve data in-place, your backups of that data should include information that will allow you to distinguish between original data and data that was added after the litigation hold in case you need to.
IT professionals do not have to be legal experts, but they do have to have the skills to comply with a litigation hold notice in the event that one is served to their organization. Rather than waiting until a legal hold goes into effect to develop a response, IT teams should invest time in developing a legal hold plan beforehand so that they know how they will preserve data, and who will be responsible for it when a legal hold is applied.