Getty Images/iStockphoto
Best practices for legal hold storage
Storing data for legal holds could be a mission-critical task. Storage admins should understand how to prepare for legal holds and deal with them when they occur.
Storage administrators will likely need to help with the legal hold process at some point. Most organizations eventually face some type of litigation, which usually means that they must place legal holds on their data to prevent employees from altering or destroying it.
An organization might need to juggle multiple legal holds at the same time, which adds complexity to an already difficult process. Storage admins are natural candidates for participation in the legal hold process, even if it's only to help data owners or custodians lock down their data.
What storage admins need to know about legal holds
A legal hold, also known as a litigation hold, is an internal process that an organization undertakes to prepare for a potential legal action. The organization's legal team initiates the legal hold. Employees must then preserve all data that might be relevant to the legal action. An organization that fails to properly preserve data could face sanctions, costly fines and attorney fees -- or even lose the case.
When a legal team initiates a hold, it sends a notification to data owners, custodians and other key people that provides details about what data they must preserve and how to handle that data. A legal hold can apply to a wide range of data, including emails, text messages, word processing documents, spreadsheets, databases, system logs, images, personal calendars and voice messages. Although the bulk of today's data is electronic, a legal hold also applies to physical data, such as brochures, notes or printed email messages.
Storage admins might help identify data sources and types, search for data, take steps to preserve the data, or collect and deliver the data to the legal team for further analysis.
Storing data under a legal hold can be particularly challenging because data requests can be unpredictable and broad, often extending beyond the data center's boundaries. In addition, requests for data might keep coming in throughout the litigation's duration as the discovery process reveals more information.
5 storage steps to take before the legal hold process
Preparation for legal hold storage can help admins respond to document preservation requests. Admins might need to participate in any of the following five steps:
- Work with the legal team. The legal team can be a valuable resource for administrators as they plan their data management strategies to prepare for litigation. Storage admins should seek out the legal team's input on how to safely implement policies around data governance, data retention and other storage management strategies. Admins should also take advantage of any training offered by the legal team on how to handle e-discovery and legal holds.
- Plan for legal holds. Administrators should have a clearly defined, documented and tested process for storage of legal hold data. Administrators should know in advance how to implement a legal hold on each data system, whether it's an on-site data store, such as a file server or backup storage system; cloud service, such as Microsoft 365 or Google Drive; email server, such as Microsoft Exchange; or content management service, such as Box or Dropbox.
- Implement a data governance strategy. Storage administrators are often responsible for implementing the data governance strategy. They should be familiar with the data governance policies and how to implement them, ensuring that storage always conforms to internal data standards. Storage administrators might also be designated as data custodians -- or they might assist custodians during a legal hold -- so they should also be knowledgeable about the custodian's role before and during a legal hold.
- Implement and update the data retention strategy. Administrators need to understand how data retention policies apply across various data sources, including backups and archives, and be able to override those policies on the target data as soon as the legal hold process starts. They must ensure that no one can alter or destroy data covered by a legal hold. Administrators should be familiar with any software used to manage data retention, including how it handles metadata. They should know how to work with specific platforms and services that include data retention management features.
- Consider legal holds when managing storage. Storage administrators must ensure that their organizations' data is safe from any threats that could compromise that data or result in its loss. This practice is important for security, compliance and credibility of data during the legal hold process. As part of this process, administrators should have backup and disaster recovery infrastructure to prevent data loss. They must be on alert for specific behavior that could result in data loss, such as the removal of backup drives or disposal of old computer equipment that still contains important data. Even if the business no longer requires the data for operations, it might still need to be part of the legal hold process.
5 storage steps to take when the legal hold process starts
The storage admin focuses on electronic data, although a legal hold usually applies to physical data as well. Depending on the circumstances, the administrator might need to perform any of the following five steps:
- Respond to the legal hold. When storage administrators receive a legal hold notice, they should follow the instructions outlined in that letter, especially as it pertains to what data to preserve. During the legal hold storage process, administrators should update designated individuals on a regular basis. Administrators might need to meet with members of the legal team to provide them with the information they need to understand the data and storage environment. Storage admins must supply the legal team with the details to maintain a defensible audit trail that documents the steps taken to preserve the data.
- Identify and search for the requested data. Storage administrators and other IT personnel should identify the requested data and then locate it, which could be stored in a range of places. The legal hold notice might also specify certain types of metadata. Storage administrators should be able to filter out all irrelevant data to minimize the risk of overexposure.
- Preserve the requested data. After locating the data, storage administrators must take steps to preserve it. Data preservation might include making mirror copies or snapshots or locking down backups and archives. Legal hold notices often specify a span of time, so administrators can use that as one of the criteria. Where applicable, administrators should suspend the normal destruction operations that are part of the retention strategy, as well as prevent users from modifying or deleting the target data. Administrators might also need to preserve new data relevant to the discovery process.
- Collect and deliver the requested data. Storage administrators might need to collect the preserved data into an immutable repository. They might need to deliver the data to another repository or provide access to the legal team so they can review the data.
- Release the hold on the preserved data. When a legal hold ends, the legal team notifies key players that they can release the data. Storage administrators should then release the hold and reinstate the original existing retention policies. They should not simply delete the data.