By Jorge Rey
The financial industry has been experiencing a dramatic up-tick in litigation due to the economic recession. With record high defaults, foreclosures and the extreme devaluation of property and assets people have turned to lawsuits as one option to mitigate their financial losses. In anticipation of these issues, lenders should take a proactive approach and develop legal hold policies and procedures. You may be tempted to push the creation of a legal hold policy off until a matter actually occurs. However if you do, it could ultimately cause more damage to your organization. Take the time now to prepare, develop the procedures, identify and train your legal hold team. Your bank will be spared a lot of trouble later.According to a new study, in 2007 the digital universe contained 45 gigabytes per person on the planet with the annual growth rate between now and 2011 expected to be almost 60 percent. This enormous growth is especially evident with emails. For example, if you send a 1 megabyte (MB) email to yourself, would that mean that there is only 1 MB stored in the digital universe? Unfortunately, the answer is no. That MB of information is stored in several locations producing a much larger footprint. At a minimum, your email is stored on your computer, on the email server, on a redundant email server, on your smart phone, and on your back-up tapes. Now, imagine what would happen if you sent that same email to your boss and carbon copied two of your colleagues and a related third party. An email that started between a few colleagues could lead to a chain 10 or 20 long throughout the day.
A legal hold is an essential element of a company's overall records management program. It is a communication within a business suspending the normal destruction of all records-paper or electronic-related to a current or anticipated litigation, audit, government investigation or other matters to comply with its discovery obligations. The duty to preserve requires two events, the identification of relevant information, and the preservation of those records for review and possible production/presentation.
The reality, however, is that the implications of the legal hold process may not be fully understood by all parties, particularly those outside the legal department. Coordination and planning among corporate counsel, outside counsel, IT and other key stakeholders is imperative to ensure that records are preserved. A party's failure to effectively impose a legal hold can result in court-ordered sanctions, including both monetary sanctions and the imposition of adverse inference charges relating to the records destroyed because an effective legal hold was not put in place.
The following four steps will help your bank define an effective legal hold process:
1. Identify legal hold triggering events - any hint or knowledge that litigation is anticipated or current. For example, a subpoena, lawsuit, or letter of intent.
2. Analyze preservation duty and define the scope of the legal hold. Establish what records or electronically stored information is relevant and your preservation strategy. Identify the locations and sources of potentially relevant electronic records. For example, email systems, network storage, applications and files in use by the bank, back-up tapes, custodians who has/had access to electronically stored information, workstations, laptops, PDAs, and vendors.
3. Implement the legal hold. Send out legal hold communication requesting that relevant records and/or electronically stored data be preserved and suspend any destruction activities for them. Apply preservation methods for relevant electronically stored information. This can be a forensic capture, non-forensic capture, capture with forensically sound methods, and/or custodian self-preservation among other practices.
4. Monitor and release the legal hold. Monitor that electronically stored information is not destroyed/modified and that the lawsuit is still active. Identify when retaining the related records is no longer required.
In 2004, the District of Columbia sanctioned Philip Morris with a $2.75 million fine for deleting e-mails after a judge ordered the company to preserve all records. With the staggering amount of electronic records that are created on a daily basis, identifying and preserving relevant records can be a daunting task. If not done correctly, it can be very costly to your organization. Can your Bank afford to take a preservation requirement lightly? Jorge Rey is the Director of Information Security & Compliance for Kaufman, Rossin & Co, one of the Southeast's largest independent accounting firms. He provides consulting services in IT Security, Information Management, and e-Discovery. He can be reached at email@example.com or you can follow his blog at www.seebeyondthenumbers.com.