Are Layoffs Exposing You To Legal Hold Violations?


William S. Horn, MBA

If your company has an iron-clad legal hold process that includes tight coordination between all the corporate service functions at the time of employee separation, then maybe you don’t need to read this article. If not, reading it may make you a hero.

Employees leaving with information subject to hold is always cause for concern. So is the separating employee who has been preserving information on a hard drive or shared drive or has been responsible for preserving data in one of the company’s many information systems. In any case, when an employee leaves the company, the intellectual knowledge regarding the preservation of data is all too often walking out the door with him.

The exposure created by a less than perfect legal hold/separation process varies primarily on the legal and regulatory nature of the industry in general and the company in particular. The risk is not solely based on the volume of legal holds, but also on the financial and public relations impact of a failure to abide by a legal hold order. Regardless of your company’s normal level of risk, it is substantially increased by layoffs.

First, the increase in volume passing through the separation process suggests that a higher number of separating employees will be subject to legal holds. Second, unlike the stand-alone employee separation, a reduction in force is typically closely guarded by the organization. Even if the overall layoff is not a secret, the names of the impacted individuals are protected as long as possible. This combination of increased volume and information security makes the coordination of activities between Legal and the other groups that much more challenging. Finally, employees impacted by a non-voluntary separation are typically less cooperative. This is not to suggest that they would intentionally destroy data subject to a hold, but rather that ensuring the continued preservation of that data is likely not foremost on their minds.

When an employee leaves a company, voluntarily or not, several corporate service groups are typically notified including Human Resources, Payroll, IT, Compliance, Risk, Physical Security and Information Security. Depending on the size and complexity of the firm, the same may be true for an employee simply transferring from one department to another. It is critical that the Legal group be included in this list to determine if the separating employee is the custodian for any legal holds.

You might think that if all of these corporate service groups are routinely included in the employee separation process, certainly Legal would be also. All too often this is not the case for the following reasons.

Firstly, the percentage of employees who have a badge, use a computer or receive a paycheck is relatively high in every company, and virtually 100% in many companies. By contrast, the percentage of employees subject to a legal hold is much smaller and often in the single digits. Many employees don’t even know what a legal hold is.

Secondly, the very nature of a legal hold warrants a level of confidentiality. There is a public relations aspect to consider from litigation, audits or regulatory investigations. Additionally, the hold may be the result of an ongoing investigation where the target of the investigation may not even know that his behavior is under observation and data being held.

Finally, firms that are custodians for client or customer data may be required to hold information as a third party and have a duty to respect the confidentiality of their clients and customers.

While it may be appropriate for IT, HR, Security and other groups to share at least some information during the separation process, Legal is not likely to share a list of holds with anyone. A best practice is to notify Legal of every separation. Legal then checks for the existence of holds for the separating employees and engages the appropriate groups to take action on a need-to-know basis.

Unfortunately, this best practice cannot be properly executed by viewing separation in isolation. The best defense against a hold order violation is to establish a more rigorous hold identification, notification and release process. This process should include Records Management, Legal, Human Resources, IT, Information Security, Physical Security, Risk, Compliance and Ethics if they exist in your organization. An elaborate system may not be warranted if the volume of holds is small and number of groups involved is few. However, a standardized process is critical regardless of the complexity.

A full discussion of a sound legal hold process is outside the scope of this article. However, this process should include at least: the identification and recording of all custodians, notification to and acknowledgement from the custodians, periodic reminders to these custodians, tracking of these custodians as their roles and information access changes, coordination of collection, and finally, notification and acknowledgement once the hold is released.

It is the tracking of custodians that is linked to the issue of employee separation. To be sure, the collection of information simplifies this step as there is usually no longer a need to track the custodian. However, it is not always feasible to collect the data early because the scope of the matter remains unclear for an extended period of time or it is so vast that data duplication is impractical.

Examine your own company’s legal hold process from end-to-end and focus particular attention to the tracking of custodians and the legal hold/separation process. Do you have a documented, audited employee separation process? Does it include a check for legal holds? How early in the separation process is Legal notified? Do you capture metrics to know what percent of separating employees are subject to a hold order? Do you know how many left the company before you were able to collect the data subject to hold?

Determine your level of risk and calmly raise the flag if you have cause for alarm. Remember that the Legal department is all too frequently detached from the day-to-day processes of a large organization to see the problem in advance and some matters may drag on for years. Don’t accept the reasoning that “it hasn’t been a problem yet” as grounds to ignore the issue now. And remember, whatever your level of risk, it will only increase if your company experiences substantial layoffs.


Bill is responsible for advancing records management and eDiscovery knowledge through RIM Education on behalf of Cohasset Associates. Prior to joining Cohasset, Bill was Vice President of Records Management and Litigation Support at Fidelity Investments and has several years of experience as a corporate executive and management consultant. Bill is also a member of the Industry’s 2009-2010 EDRM (Electronic Discovery Reference Model) team.
Contact Bill on LinkedIn or Twitter

back to top

Philosophy

William S. Horn

The purpose of RIM Education is to advance Records and Information Management (RIM) and eDiscovery knowledge around the globe. While RIM Education is presented by Cohasset Associates, we believe that a rising tide lifts all ships. Just as Cohasset Associates invites a multitude of other management consulting firms to join us side-by-side in speaking at the MER Conference each May, we strive to ensure that RIM Education maintains the same level of collaboration, objectivity and independence. Our goal is that not only our visitors, but the entire industry will benefit from the knowledge gained through RIM Education. Please help us share this knowledge.

Browser Compatability


FireFox   FireFox

RIM Education experience is optimized when using the latest Firefox or Internet Explorer browsers. Click the logos to download the latest browser of your choice.