Most companies will hold confidential and sensitive information on behalf of themselves and their clients.
If such information is lost or wrongly disseminated a company could face legal sanctions, including a fine of up to £500,000 for the most serious breaches of the Data Protection Act 1998. However, such sums can seem insignificant against the reputational damage a company can suffer when a data leak is made public. For these reasons companies often have a Data Protection and Data Retention Policy in place including a Document Retention Policy to review how and when documents are stored or destroyed.
However, whilst such policies are suitable, and sensible, for the normal day-to-day running of a company, mechanisms need to be built in to deal with the obligations which arise when litigation is contemplated. If you get to trial and key documents have been destroyed or lost not only do you risk damaging your credibility with the judge but you also run the risk of the court imposing costly sanctions.
One of the simplest ways to manage this risk is to build a Litigation Hold mechanism into your Document Retention Policy. The main function of a Litigation Hold is to temporarily suspend normal data retention policies so that relevant documents are not inadvertently destroyed.
Set out below are five tips to help make sure your Data Retention Policy allows you to deal with litigation risk quickly and effectively:
1.Prepare the Notice
It’s a good idea to ensure you have draft Litigation Hold Notices on file which can be adapted and issued to relevant employees as soon as the need arises. In large companies the volume and pace of document creation and destruction can be significant and it’s not unrealistic that key documents could be destroyed in the time it takes to research and draft a letter.
2.Who is in Charge?
Clearly identify who will take responsibility for ensuring data is not destroyed. Preferably this will be someone with sufficient seniority to make key decisions but in larger organisations a small team combining various functions might be appropriate. Thought should be given to the expertise that will be required; a good knowledge of the company’s business processes will need to be combined with a technical understanding of how and where data is stored.
3.Involve your IT Team
Consider involving your IT team as early in the process as possible, including consulting them when drafting your Data Retention Policy. There is a good chance that the majority of the data under your company’s control will be stored and processed electronically. The IT team are likely to have the technical knowledge you will need to identify where the relevant information is stored and the steps that need to be taken to keep it safe.
It is important to make sure that under a Litigation Hold Notice relevant documents are not just retained but preserved. For hard copy documents this can mean making sure documents are not annotated or that files are not re-ordered. The metadata of electronically stored data can often reveal any changes that have been made so take steps to ensure this doesn’t happen inadvertently; consider the use of passwords and other forms of encryption to protect key documents.
Include provisions to ensure the Litigation Hold is reviewed regularly. Partly this will help you ensure that it is being enforced and complied with appropriately but it will also allow you to adapt the terms of the notice if required. The scope of litigation can often change as a case progresses and keeping the Litigation Hold under review, preferably in conjunction with your legal advisers, will help you ensure that relevant documents are being preserved.
Disclaimer: Anything posted on this blog is for general information only and is not intended to provide legal advice on any general or specific matter. Please refer to our terms and conditions for further information. Please contact the author of the blog if you would like to discuss the issues raised.