Legal Holds can also be called disposal freezes, electronic holds, litigation holds, eHolds, or preservation orders. Whatever you call them, they all have the same basic requirements (although many jurisdictions do not have clear rules or standards around how they should be applied).
It’s important to know:
- Why you would need a Hold
- What the process is to apply one
- What the expectations are for the source data subject to the hold (and these might not be what you thought…).
What is the purpose of a Hold?
A Hold can be applied for a variety of reasons, but the intention is to make sure records remain available, in their original form, for a period of time. This might be because an investigation is underway, or some legal action, or an Inquiry or Royal Commission. Once the Hold is requested, your organisation will be required by law to prevent the destruction of any records that fall in its scope.
What are the laws and best practices?
Every jurisdiction is different. In Australia, as one example, there is limited legislation for this, but the Federal Court do have requirements around how a Hold process is managed. These Practice Notes don’t prescribe exactly how to apply a Hold, but they do spell out the required steps.
The National Archives requires that named Government agencies for a retention (or freeze) notice are required by law to protect from destruction any relevant records subject to the notice. The International Standard ISO 16175-2 for management of records in business systems also requires that you prevent destruction when a Hold applies.
There are also obligations in most jurisdictions not to alter content in scope of a Freedom of Information Request or Subject Access Request in order to prevent disclosure. The NSW Legal Profession Regulations also require documents not be ‘moved’ so that that they can’t be used in an investigation.
The fundamental requirements are the same: when subject to a Hold, records can’t be destroyed. They also can’t be obfuscated in other ways to ‘hide’ them.
The globally applicable framework for how to manage a Hold is the Electronic Discovery Reference Model (EDRM). This Standard includes nine Stages (from overall Governance, to Preservation, to Analysis and final Presentation).
How can we apply these rules?
The fundamental requirement is first, to find everything in scope of the Hold. It’s important to remember that this content could be in any business system, including email, databases, shared drives, legacy systems, and even WhatsApp or Twitter (which can be a very big problem).
Once you have found the information, the next key thing is to prevent its destruction. Some source systems allow you to do this in-place, essentially ‘locking’ the items so that they can’t be destroyed. But most don’t have this flexibility, at least not in a way that’s easy to apply. That’s why the Australian Law Reform Council recommends that you preserve the records by exporting a complete, secure, copy:
4.43 ‘Preservation’ and ‘Collection’ comprise the processes of transferring information from its original location to a searchable database of potentially discoverable documents for review, in a way that does not compromise the integrity of the data.
So, compliant export of the records in scope of the Hold will meet your requirements to prevent destruction, and to stop anybody altering or moving the source records in order to exclude them from the discovery action. There’s no legal obligation to prevent normal modification or movement in good faith — your users can continue working on their information as normal, once you have captured that preservation copy. If it’s easy to ‘lock’ the records in the source system, and it won’t cause a negative business impact, you certainly can (but it’s not actually required). Holds are not supposed to stop a business operating. Only to preserve evidence for a period of time.
You could be subject to a Hold for various reasons. The EDRM is a well-regarded international best practice for managing the process, but you need to be cognizant of jurisdictional rules as well. You will need to be able to demonstrate that you have found everything in scope, and have preserved it, for the duration of the Hold. Where the information is spread across the network, or in systems you can’t lock down, you can use Castlepoint to easily and compliantly manage the end to end process.