Todd Heffner of Jones Walker. (Courtesy photo) Todd Heffner of Jones Walker. (Courtesy photo)

Modern technology has made it easier than ever to hold onto vast amounts of documents and information, and many organizations are doing this without even first considering whether they should hold on to that information. And beyond the storage costs, there can be far greater increased costs. These include the risks of data breaches, recordkeeping compliance penalties, and those difficult to quantify, but ever-present, soft costs associated with so much information, such as increased time spent searching for particular items and increased eDiscovery costs. This article will explore the need for information governance, the basic idea behind it, and conclude with a brief discussion of legal holds.

One of the simplest explanations for why organizations will hold onto so much information—and why an information governance policy is needed—is to understand the individual decision makers within an organization and their motivations. An individual faced with the question of disposing of something or keeping it must decide between one option with potentially large risks and another option with none. If something is disposed of, it could potentially be needed for business, regulatory or other reasons further down the road. To know whether the information is needed for one of these purposes may require a somewhat lengthy investigation or series of emails. Alternatively, the document can simply be kept—a decision that takes almost no time and likely uses a negligible amount of storage space. But now imagine every single person across an entire organization making the same calculus, day after day, and year after year. Simply put, an organization's "policy" should not be based on an individual's fear of being the one who deleted something they shouldn't have.

Organizations need comprehensive information governance programs to combat having too much information. To establish one is an organization-wide initiative that needs to include representatives from all of a company's stakeholders, including business units, IT, legal, HR, records management, and executive leadership. The overall goals are to:

  1. Decide what can be disposed of, what needs to be kept, where to keep it and for how long;
  2. Develop procedures to actually put into action those decisions; while
  3. Be able to respond efficiently and effectively to legal holds, subpoenas, and the unexpected.

As part of developing an information governance program, it helps, at first, to overgeneralize everything into two types of decisions. First, some decisions for what to keep and for how long are straightforward because the decisions are dictated by various regulations. Some apply to every organization, while others can vary considerably depending on the industry. Examples of items in these categories include tax returns, or information required to be maintained under Sarbanes-Oxley, HIPAA, or the Fair Labor Standards Act. Second, and less straightforward, is information whose retention or destruction is more akin to a business decision, where the decision hinges on balancing the long-term value of information against its potential costs. A more detailed discussion of the factors to consider when making these types of decisions is beyond the scope of this article.

Once a policy is in place, it is important that it be capable of being suspended if a legal preservation obligation emerges—commonly referred to as a legal hold. There is no one-size-fits-all rule that can be applied to determine when the hold obligation is triggered (short of the super-obvious: a lawsuit being filed), but :

  1. Educating the organization on the standard applied by courts is helpful (more below); and
  2. There is one decent rule of thumb: if you're in-house counsel and you're considering law firms to hire for a matter, you need to seriously consider if your preservation obligations have already been triggered, or if you're outside counsel and you've been hired because of the possibility of a future lawsuit, you need to seriously consider if your client's preservation obligations have already been triggered. To be clear, this rule of thumb does not override the legal standard.

The legal standard for preservation can kick in before a lawsuit is even filed. The duty to preserve may arise earlier than the commencement of litigation if there is "reasonable anticipation" of litigation or it is "reasonably foreseeable." The standard is objective: would a reasonable party in the same circumstances reasonably foresee litigation (not whether the party itself foresaw litigation).

If you want to read more about information governance and legal holds (and who wouldn't?!), consider these three resources from The Sedona Conference:

  1. The Sedona Conference, Commentary on Information Governance, Second Edition, 20 Sedona Conf. J. 95 (2019);
  2. The Sedona Conference, Commentary on Defensible Disposition, Second Edition, 20 Sedona Conf. J. 179 (2019); and
  3. The Sedona Conference, Commentary on Legal Holds, Second Edition: The Trigger & The Process, 20 Sedona Conf. J. 341 (2019).

Todd Heffner is a construction litigator and eDiscovery specialist with Jones Walker in Atlanta.