LITIGATION SUPPORT TIP OF THE NIGHT

Here's a quick checklist on how to get custodians to be more cooperative based on the advice provided by Claira Hart and Lindsey Tsai of ZApproved on the ACEDS webinar, How Lean Teams Can Increase Custodian Compliance With 5 Easy Tips .

1. Simplify the language of the litigation hold -

   1. Don't use a lot of legal language.

   2. Don't force the potential custodian to review a long set of instructions. Consider cutting any unnecessary language. This is given as an example of a notice which is too short:

This is an example of a notice which is too long:

This is just right:

2. There should be a clear 'call to action'

a. The custodians shouldn't be confused by the notice.

b. A notice shouldn't prompt the custodians to ask a lot of questions.

c. Litigation hold software should prompt the custodian to accept the notice.

d. Compliance should not be difficult.

e. Give contact information for a real person to answer any questions.

3. Make sure the notice has good formatting.

a. Put custodians' obligations in a bulleted list.

b. Highlight particularly important instructions.

4. The litigation hold notice should be clear.

a. Provide detail on the data sources which should preserved

b. Use an eye-catching subject line with a phrase such as 'ACTION REQUIRED'.

c. Specify a date range for the data to be collected.

d. Prepare a log of where data has been collected from.

5. Make clear who the legal hold notice is from, whether it's the general counsel or someone else.

6. Give a deadline by which a response is required.

7. Provide suggestions on where data can be found.

8. Provide automated reminders to the custodians reminding them of response deadlines.

9. If there is no response, escalate the effort to collect data to a custodian's manager, or the system admin.

10. Use a single message consolidating multiple holds for more than one litigation matter.

11. Track custodian compliance with metrics showing the percentage of employees who have responded.

12. Make sure that you are focusing on active employees, and are aware of who has been terminated.

13. Provide training on litigation holds which are tailored to specific departments.

14. Be sure the hold notice is not misinterpreted as spam or a phishing exploit.

15. Work with IT to confirm that the email with the hold notice is not flagged as an external notice.

16. Prepare a defensible, easy to replicate template for your legal hold.

17. Make sure that hold notices follow a consistent format and 'cadence' with standardized intervals for reminders.

18. Identify someone who will draft the hold notices, and someone who will give them final approval.

19. Not closing out holds in a timely fashion can create risk for a business.

20. Provide contact information for a subject matter expert.

21. Ask about data stored on devices not provided by the company.

22. Ask each potential custodian if they know of anyone else who should be a custodian.

This month the Sedona Conference published its commentary on Information Governance. This is an update of the first edition published in 2014. Here's a quick outline of the contents.

The Sedona Conference emphasizes the importance of buy-in from senior management for a successful information governance program. Siloed approaches to information governance should be avoided where separate departments such as Human Resources; Information Technology; Legal; and Finance each have their own policies for the retention of records. Sedona also warns against siloed approaches to data privacy, electronic discovery and data governance, which allow for the aims of these individual areas to take precedence over the goals of the organization. An information governance program will prove its return on investment (ROI) by optimizing the value of information to an organization; reducing risk (from privacy breaches and by allowing for assessment of the risk from litigation); and minimizing both hard costs (certain costs for storage; backup media; personnel; and e-discovery [reducing the available data]) and soft costs (pursuing economies of scale, and reducing inefficiencies).

The Sedona Conferences has established 11 principles for information governance:

1. Organization Wide Information Governance Program -

- transparency, efficiency, integrity, compliance and accountability.

- comprehensive data classification.

- resolve differences between stakeholders.

2. Independence from any Particular Department

- input from IT, Legal, Compliance, RIM, and the business units.

- balancing of interests.

3. Program Should Represent All Stakeholders Views

- not necessarily control by each department.

- identify groups with common interests.

4. Strategic Objections of Info Gov Program

- identity various types of information

- assess if information is held for third parties.

- assess if its information is held by third parties.

- information lifecycle practices

- determine compliance requirements for ePHI, PHI, and PII.

5. Reasonable Assurance that Objectives will be Achieved

- framework to categorize information types according to business needs.

- use of policies, contracts, retention schedules, Information Governance matrices, procedures and protocols.

- accountability - objectives should be linked to observable and measurable outcomes.

6. Disposal of Information

- information with no business value should be disposed of if no statutory or regulatory obligation to retain.

- perform a hold/preservation analysis.

- hold and release capability incorporated into records disposition process.

7. Reconcile Conflicting Laws and Obligations

- e.g. EU data protection laws and U.S. court discovery orders.

- if compliance with all laws not possible, document efforts to reconcile the conflict.

8. A Court Should Review Efforts to Reconcile Conflicts Under a Standard of Reasonableness

- unfair to judge a party that acts in good faith.

- business judgment rule - made on an informed basis in honest belief that it was in the best interests of the company.

9. Integrity of Long Term Information Assets

- long term digital assets.

- assess likely failure rate of storage medium as configured.

- contractual agreements with cloud storage and SaaS providers.

- continued availability of technologies to access and read.

10. Leverage Power of New Technologies

- machine learning, auto-categorization, and predictive analytics

- limits on email account sizes; automatic deletion of emails.

11. Periodically Update Info Gov Program

- changes in lifecycle practices.

- changes in compliance requirements.

- changes in organization's strategic objectives.

- results from monitoring the program.

After the financial crisis of 2008, the Basel Committee on Banking Supervision was formed and developed the Basel III international regulatory accord. It encouraged banks to discourage excessive borrowing and maintain liquidity during periods of financial stress. The Federal Reserve of the United States has agreed to adopt the rules of Basel III. The Committee issued Principles for Effective Risk Data Aggregation and Risk Reporting, in 2013.

The Committee emphasizes the importance of a data governance policy to determine which employees should have access to which data. Its policy specifies that:

1. Senior management become involved in the management of risk data.

2. Data quality should maintained to ensure that is it accurate and can be retrieved quickly.

3. Reports on financial risk should be increased during financial crises.

4.. Regulators should test a bank's ability to review large amounts of data during crises.