By now, many of you have either heard or read about the snafu at the National Archives where a 1TB hard drive containing massive amounts of sensitive data from the Clinton administration, including Social Security numbers, addresses, and Secret Service and White House operating procedures apparently went missing.

One of my first thoughts was what if the hard drive (and the data contained therein) had been subject to a legal hold and the enterprise employed a “preserve in place” strategy?  Obviously, a potential spoliation claim just walked in the enterprise’s front door as the hard drive walked out. “Preserve in place” has a catchy marketing ring, but permitting data subject to a legal hold to be preserved at the source location like a laptop, desktop or hard drive when that source is easily susceptible to theft, damage or destruction, may not meet  an enterprise’s legal obligation to preserve potentially relevant data and prevent spoliation of said data.  Remember, once an enterprise learns  it is being sued or reasonably anticipates litigation, it is obliged to preserve all relevant information. And this preservation obligation is ongoing. Once litigation notice is served, all future relevant data should also be preserved as a part of the legal hold.

If your enterprise is considering a “preserve in place” strategy, consider what happens if the target device where relevant ESI is being preserved becomes lost, stolen or damaged.  Further, think about how you would defend a “preserve in place” strategy to the court if the other party were to allege spoliation.  “Your honor, we know that laptops are susceptible to theft, damage and destruction, as we have experienced, but we chose to preserve data subject to our preservation obligations on the laptop anyway. Since the laptop has been stolen/lost/corrupted, we no longer have the ESI that was being preserved on the stolen/lost/corrupted laptop.” 

A more defensible approach is to employ a “collect and copy “ strategy where relevant ESI is sampled, collected (with associated metadata) and placed in a secure repository.  In this way a secure copy of the data placed on hold is maintained with its metadata intact. Thereafter, additional crawls of the data source can be conducted on a scheduled or ad-hoc basis to determine if there is a new or altered ESI that should also be copied to the central hold repository and subject to the hold.  The technology that the enterprise employs should be able to conduct these types of “delta” crawls for additional data which meet the litigation hold criteria for any given matter.

Finally, “preserve in place” should not be confused with “explore in place”.   “ Explore in place” is the ability to conduct an early case assessment of the data at the data source level  to determine whether the data is relevant to the matter at hand before applying a legal hold , while also gaining key insight into a case’s strength or weakness from the very outset of the process.  For enterprises looking to conduct such analysis, this early case assessment can occur very quickly after a trigger event such as service of a subpoena or complaint, or receipt of a whistleblower letter. By contrast, “preserve in place” is a strategy fraught with risk that should be thoroughly vetted with an enterprise’s in-house and outside counsel.