Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Platform
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Zero Trust Training (ZTT)
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Platform
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Zero Trust Training (ZTT)
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Cloud 101CircleEventsBlog
Register for CSA’s free Virtual Cloud Trust Summit to tackle enterprise challenges in cloud assurance.

Four criteria for legal hold of electronically stored information (ESI)

Home
Industry Insights
Four criteria for legal hold of electronically stored information (ESI)

Blog Article Published: 09/09/2015

By Chris Wheaton, Privacy and Compliance Counsel, Code42

Scales of Justice in the Courtroom

The average enterprise sees its data double every 14 months — nearly one-third of which is stored on endpoints, such as laptops and mobile devices. This rapid growth in electronically stored information (ESI) creates new challenges and drives unplanned costs in the corporate litigation process. But while many companies have implemented a solution for preserving and producing ESI for litigation, many still worry that their processes will be judged insufficient, exposing them to sanctions that result in high monetary and reputation costs. Since 2005, sanctions for spoliation of evidence have increased nearly 300 percent. In one landmark case in 2015, sanctions totaled nearly $1 million for repeated negligence in the eDiscovery process.

While the eDiscovery space is clearly in an evolutionary phase, the judgments—which can be both subjective and relative—appear to be based on four main criteria:

  1. Duty to Preserve. This is the expectation that counsel begins preserving relevant data from the moment a reasonable expectation of litigation emerges. The precise moment is hard to pinpoint, but is often months—even years—ahead of an official filing of litigation. By taking a proactive approach, enterprises can ensure continuous collection of ESI, so that legal holds can be quickly issued, custodians immediately notified and data instantly preserved and protected.
  2. Scope. This is the expectation that you preserve, collect and produce any and all information pertinent to the litigation. It refers to both the subject of content, as well as the type of data (email, internal files, social media, etc.). The impending changes to eDiscovery regulations aim to speed litigation and reduce costs by limiting frivolous information requests. Enterprises must still strike a balance in the information produced for and presented to the court. Submitting too little information can be perceived as a red flag. It gives the impression the organization is trying to conceal evidence and can lead to costly and time-consuming remedial information requests. Conversely, submitting too much information is also a risk. Requiring courts to parse excessive irrelevant data could be viewed unfavorably by a judge. Equally concerning: Producing non-pertinent information could expose your organization to additional litigation and put more of your private data at risk.
  3. Chain of Custody. The issue of modern connectivity also creates a twist on an existing consideration—chain of custody. In addition to producing data, you typically must also provide a continuous record of data movement and custody—who created it, who edited it, where it was stored, how it moved from location to location, etc. This extends beyond the issuance of the legal hold. Tracking the movement and custodians of data during eDiscovery is also critical to mitigating risk of sanctions and privacy breaches.
  4. Data Management Philosophy – Tying It All Together. As the merit of your eDiscovery process is judged by the subjective quality of “reasonableness,” even a statement of intent, such as an official corporate data management policy or philosophy, lends credibility to your efforts. In the event that you are unable to preserve or produce a given piece of ESI, a judge may look to your data management policy to determine whether you failed despite good intentions, or failed as a result of a negligent data management philosophy.

Organizations have been sanctioned for antiquated data management philosophies that fail to accommodate the modern realities of litigation involving ESI. “We delete all data after 90 days,” for example, is not likely to be considered a reasonable excuse for failing to produce relevant ESI. Instead, the stated philosophy should take a proactive stance, acknowledging the need for ongoing preservation and protection of data, preparing for immediate issuance of legal holds and notification of custodians, and comprehensively tracking the movement of all ESI.

With a solid, comprehensive data management philosophy guiding your efforts, you can create a foundation for a “reasonable” eDiscovery process. Meeting your duty to preserve, producing the right scope of ESI and thoroughly documenting the chain of custody will follow naturally from this overarching philosophy. Also, an effective data management philosophy makes it more likely that a judge—even one well-versed in “reasonable” eDiscovery and the expanding view of ESI—will view any and all of your eDiscovery actions in a “reasonable” light.

Share this content on your favorite social network today!

Latest from CSA
Join AT&T Cybersecurity in Chicago
The State of AI and Security Survey Report
CSA's STAR: The Key to Cloud Security & Compliance
Trending This Week
#1 The 5 SOC 2 Trust Services Criteria Explained
#2 What You Need to Know About the Daixin Team Ransomware Group
#3 Mitigating Security Risks in Retrieval Augmented Generation (RAG) LLM Applications
#4 Cybersecurity 101: 10 Types of Cyber Attacks to Know
#5 Detecting and Mitigating NTLM Relay Attacks Targeting Microsoft Domain Controllers
Enhance your cloud security skills with CSA's online training options.