The preservation of documents, otherwise known as legal holds, is an important step to take, not only in pending and active litigation, but also in other regulatory or investigatory matters, from the largest disputes right down to the smallest Data Subject Access Requests (DSARs).
The legal hold process can be relatively straightforward or exhaustingly complex. As a case progresses, legal hold responsibilities tend to evolve along with the list of custodians, and considering the increasingly high volumes of ESI being managed by most organisations today, those with responsibility for these holds should be prepared for a highly involved process that spans multiple parties and exceedingly diverse data sets.
The Legal Hold Process Under the Disclosure Pilot Scheme
Certain categories of civil litigation under the Disclosure Pilot Scheme (DPS) in England and Wales, for example, paragraph 4 of Practice Direction 51U (PD51U) to the Civil Procedure Rules for England and Wales (CPR), refer to the preservation of documents. Whilst this is not new, as paragraph 7 of Part 31B to the CPR already sets out this duty, the definition is expanded and refined. More specifically, this definition includes details around the requirements relating to written notifications:
- Legal representatives must themselves inform their clients of the notification obligations. These notifications must be in writing, establish the details about the classes of documents that need to be preserved and notify clients that they are obligated to take reasonable steps to not delete or destroy these documents.
- Parties must also set out when serving their particulars of claim or defence the steps taken to comply with these duties.
Errors, such as failing to or improperly notifying custodians to preserve potential evidence, can potentially result in heavy court sanctions for organisations, along with the risk of reputational damage. Compliance protocols and strategies for deploying the legal hold process can, therefore, potentially significantly impact the final outcome.
Legal Holds in the Context of Freedom of Information and Data Subject Access Requests
Legal holds also can potentially come into play when it comes to freedom of information (FOI) and DSARs.
Freedom of Information Act 2000
In the UK market, the Freedom of Information Act 2000 (FOIA) establishes the rules around public access to information held by public authorities. In short, it sets out how public authorities are obliged to publish certain information about their activities and how members of the public are entitled to request information from these public authorities.
Section 77 of FOIA states, under subsection 1, that “…any person to whom this subsection applies is guilty of an offence if he alters, defaces, blocks, erases, destroys or conceals any record held by the public authority, with the intention of preventing the disclosure by that authority of all, or any part, of the information to the communication of which the applicant would have been entitled.”
Notably, there is no defence to this section. In March 2020, the Information Commissioner’s Office (ICO) successfully brought a prosecution where a council employee was aware of a FOI request for a specific audio file but deleted the file subsequent to that.
Data Protection Act 2018
Similarly, but separately, the Data Protection Act 2018 (DPA) sets out the UK data protection regime, alongside the UK GDPR, which is included as Part 2 of the DPA.
Part 6 of the DPA regarding Enforcement Section 173 (Alteration etc of personal data to prevent disclosure to data subject), which specifically applies to DSARs, states (under subsection 3) that, “It is an offence for a person listed… to alter, deface, block, erase, destroy or conceal information with the intention of preventing disclosure of all or part of the information that the person making the request would have been entitled to receive.”
There are two defences set out in this section under subsection 5; in short, that the activity would have occurred in the absence of a DSAR request or that the person responsible for the activity had a reasonable belief that the person making the request was not entitled to receive the information requested.
Whilst it is for organisations to determine their own risk profile regarding how they ensure compliance with the law, it would be prudent that the policies and procedures put into place help reduce their exposure to criminal sanctions. The use of legal holds upon the receipt of requests, FOIA or DSAR in nature, if applied appropriately, can help to both reduce these risks and provide accountability should this be required.
Improving the Legal Hold Process with Everlaw
Everlaw’s creation and deployment of integrated legal holds can help drive conformance with these document preservation duties, providing legal teams with an easy-to-use, dashboard-driven interface that is fully integrated with Everlaw’s ediscovery/edisclosure platform that enables:
- Custom hold notices, which make it easier for custodians to understand and acknowledge their obligation to preserve the relevant data.
- Automated notifications, and scheduling of follow-up reminders and manager escalations for unresponsive custodians, with a seamless custodian release process at the end of a matter.
- Trackable communication, with all communications (e.g., sending legal holds and custodians acknowledging the hold) tracked automatically in-platform to provide accountability and assist with defensibility.
Everlaw’s legal hold notification feature thus streamlines the legal hold notification workflow and makes issuing and monitoring holds simpler than ever. Legal holds are fully integrated into the Everlaw platform, and users are able to create automated workflows, with a dashboard providing clear insight into the status of each legal hold.
Are you interested in learning more about the legal hold process? Tune in to our on-demand webinar, “4 Ways to Simplify the Legal Hold Process: Introducing Everlaw Legal Holds.”