Litigation Hold – The Double-Edged Sword

Litigation Hold – The Double-Edged Sword

If you’re an Microsoft 365 administrator, it is possible you’ve heard of the term – Litigation Hold.

Also called a Legal Hold, Preservation Order or a Hold Order, it is an instruction to a company to temporarily suspend their customary document retention/destruction policies in order to preserve documents that could be relevant (or anticipated to become relevant) in a lawsuit.

A term that was strictly used in legal circles, or in the context of Data Backup and eDiscovery – it has become much more commonplace in IT today, thanks to the ubiquitous nature of Microsoft 365. Litigation Hold is provided by Microsoft as a feature in their M365 SaaS offering, and is designed to place a hold on email or documents that need to be preserved in response to a Preservation Order as described above.

While a number of Microsoft 365 administrators are aware of this option, it is not clear that they understand the intent behind the feature nor how to best utilize it.  In fact, it is, in many cases overutilized to the possible detriment of the organization.

There were multiple cases where Litigation Hold was overutilized to the possible detriment of the organization.

How is Litigation Hold supposed to work?

Most companies have a documented retention policy for documents.  This is driven by reasons such as practicality, cost, and to limit legal liability.  They may, for instance decided to preserve employee emails for only 2 years, but personnel files for 50 years.  If such a policy for document retention/destruction is well documented, and the company can show a consistent adherence to such policy, it is a perfectly acceptable practice not to preserve all information forever.

But if a company is involved in litigation, or anticipates litigation, it is expected to implement a litigation hold, effectively suspending its regular retention/destruction policy on at least such documents which are relevant (or are anticipated to be relevant) for the litigation. This is important to prevent destruction, mutilation, or alteration of potential evidence.

Legal holds are not new, but they really became well-known after 2003 following Judge Shira Scheindlin’s rulings in Zubulake v. UBS Warburg. Judge Scheindlin wrote, “once a party reasonably anticipates litigation, it must suspend its routine document retention/destruction policy and put in place a ‘litigation hold’ to ensure the preservation of relevant documents.” Legal holds have since become a fairly standard practice in the United States.  And companies that fail to fulfil their preservation duties, can end up paying penalties which take the form of large monetary fines, reimbursement of the opponent’s litigation costs, or inferences against the party failing to meet discovery obligations.

A company might place a litigation hold proactively, in anticipation of some types of documents becoming relevant for a lawsuit, or they may be issued such an order by their attorney, using a litigation hold letter.  A litigation hold usually covers all documents – electronic as well as physical.  Custodians (employees who own such documents) affected by such a hold order are informed and asked not to destroy or delete documents until further notice.

A litigation hold in a backup context simply means – “hold on to all backups until further notice.  Don’t auto-delete anything”

Litigation Hold in the context of data backup

With most documentation becoming electronic, and commercial-grade backup systems becoming more prevalent – litigation hold has become an essential feature in most backup software.  Backup software of even moderate sophistication will allow for automatic retention / destruction policies that can be set up by administrators.  When a litigation hold is put in place – along with informing custodians, the backup administrator(s) is also informed.  The administrator can then place specific users on ‘hold’ by simply placing them in a different policy which suspends the automatic destruction of their old backup records.  A litigation hold in a backup context simply means – “hold on to all backups until further notice.  Don’t auto-delete anything”.

Since so much of a company’s data is recorded in backups as a secondary copy – having the ability to place backups on litigation hold has become an essential tool in a General Counsel’s toolbox.  Even if custodians ignore the litigation hold advise (either wilfully or in error), an automated process like backup would most likely have succeeded in making a secondary copy of such data – thus protecting the company from liability.

Some of the customers with Microsoft 365 E3 licenses view this as a “free backup”.  This is unfortunately, a dangerous and an erroneous assumption.

Litigation Hold and Microsoft 365

A few users we’ve spoken to have taken the (somewhat questionable) approach of keeping ALL their Microsoft 365 data under legal hold.  If users have an Microsoft 365 E3 license or above, since there is no storage size limit applied to their subscription, it seems like an easy way to preserve everything.  Some of these customers view this as a “free backup”.  This is unfortunately, a dangerous and an erroneous assumption.

Why its dangerous

Placing all Microsof 365 data in litigation hold can create a significant problem when the business is actually subject to an e-discovery request. All of the data would be deemed discoverable – not just the data related to the legal action.  This could introduce potential liability that the business’ legal team didn’t anticipate.

Like I said before, most business have well defined retention policies for all their data (including email) for this very reason.  Having a documented retention rule could help limit business liability in the case of a legal action.  To illustrate this with an example, if you’re unable to produce evidence (let’s say) from 5 years ago because your documented retention policy was to keep emails for 3 years – the judge will understand that.  But if you have held all email under legal hold, you may not at that point refuse to produce emails older than 3 years – everything that is preserved becomes fair game from an evidentiary standpoint.

Also, preserving data forever using Litigation Hold means that the legal team’s job of sifting through and e-Discovering data in the case of an actual litigation now that becomes that much harder because of the amount of irrelevant data they’ll have to work through and cull out.

Why its erroneous

It is also a mistake to assume that a litigation hold can serve the purpose as a backup.

A backup should be a secondary copy of the data which is made and kept as an immutable version that is insulated from all changes that are made to the original copy.  Litigation Hold doesn’t create a second copy of data – it merely says it will preserve the existing copy.  A Litigation Hold is therefore only as safe as the existing primary copy is.  All the reasons to have a second backup copy are therefore immediately defeated.

Many businesses are required by regulations to not only keep a secondary copy but, but a copy that is offline and offsite.  Therefore, most businesses that invest in a backup are also looking to save that copy of data in an alternate location – different than the same data center.  Another situation where the Litigation Hold feature doesn’t measure up.

There are also limitations to the litigation hold functionality in Microsoft 365 – specifically when it is used as a means to perform recoveries.

There are also limitations to the litigation hold functionality in Microsoft 365 – specifically when it is used as a means to perform recoveries.  Slow searches, slow recoveries, loss of folder hierarchy are all shortcomings that several users have documented.  Not surprising, since it was never designed to be a backup and recovery mechanism.

So, before turning on Litigation Hold, do make the time to ensure you understand how it works and assess whether it is the right tool for the job.  It is important to make sure your legal team weighs in and is in the loop. 

Please feel free to comment by writing us a quick line at info@parablu.com.  We’d love to hear from you.

Featured Image - Backups as a defense against Ransomware-as-a-Service (1)

Webinar: Backups as a defense against Ransomware-as-a-Service

Speaker: Anand Prahlad, President and CEO, Parablu
August 11, 2021, Wednesday | 11:30 AM - 12:00 PM IST

Register to the webinar