Legal hold software helps preserve data and reduce legal hassles. Here's what to look for in a system. Legal hold software is intended to help companies comply with the Federal Rules of Civil Procedure (FRCP), which require them to preserve potentially relevant information when litigation can reasonably be anticipated. Specifically, it helps businesses satisfy the requirement to send written legal holds to identified individuals and take ongoing and proactive steps to ensure their compliance. The importance of doing legal hold correctly was driven home by a February 2010 opinion by Judge Shira Scheindlin, a thought leader in e-discovery, who said that a finding of gross negligence could be supported if companies failed to:Issue a written litigation hold. Identify key players and ensure their electronic and paper records are preserved. Cease deleting e-mail or records of former employees that are in a company’s possession, custody or control. Preserve backup tapes when they are the sole source of relevant information or when they relate to key players, if the relevant information maintained by those players is not obtainable from readily accessible sources. As the law becomes more defined, companies are turning to automated methods of preserving relevant data in a systemized, repeatable and defensible manner that eliminates human error, allows faster response times to requests and decreases exposure to potential sanctions. “The time-honored approach is to manually issue written notices to all relevant custodians, but with the massive data explosion, that’s a very difficult thing to track,” says Deb Logan, an analyst at Gartner. Also see the companion article How to Compare and Use Legal Hold SoftwareLegal hold software also helps bridge the gap between IT and legal. “IT are the ones who are going to have to produce the backup tapes or e-mail files,” says Christine Taylor, an analyst at Taneja Group. “But IT is rarely told or consulted or given a hint that there might be a legal case.” Legal Hold Market DriversWhile many companies do not use automated legal hold software today, the number that does use it is expected to rise as litigation frequency and data volumes increase. For instance, in a recent survey by Forrester and ARMA International, less than half (48%) of the 400 records-management decision makers surveyed said their records-management solution supports legal hold natively or through a third-party integration. More than half said their application doesn’t support legal hold, that they don’t know if it does, or that it does, but those capabilities aren’t currently being used. This represents considerable legal exposure, according to the report. “In conjunction with legal, IT and other stakeholders, it’s essential to implement and improve legal hold procedures,” the report said. According to Kazeon (now an EMC subsidiary), an average Global 2000 company is dealing with 143 concurrent lawsuits, and the average midsize-to-large company handles over 20 ongoing suits at any given time. Taylor says companies that see 20 matters a year are roughly the size at which legal hold software starts to be necessary. But that doesn’t mean companies are pulling out their wallets. A 2009 survey by IDC says that among the most litigious and highly regulated industries, average data collection volumes per matter are rising; however, corporate e-discovery technology budgets are flat or declining. The early results of the 2010 study suggest a slight improvement in budgets, according to IDC, but litigants will continue to highly value cost efficiencies. How the Legal Hold Market Has EvolvedAccording to Exterro, which sells Fusion legal hold software, these are the five steps to creating defensible legal holds: Select custodians and data stewards. Send notices, using preformatted, configurable template notices to provide total defensibility. Track responses, including time and date stamps. Send automated reminders and escalations to nonresponsive custodians. Release the hold to lift the preservation obligation. Legal hold offerings can provide capabilities beyond these five essentials through integration with third parties, the vendor’s own suite or on their own. Extended capabilities include identification of relevant information, data preservation in place or in a repository, data collection, data mapping, and litigation lifecycle management. Katey Wood, research associate at 451 Group, an independent industry analyst firm, says there are two types of legal hold products: E-mail-driven systems that provide workflow for creating and tracking custodian notifications. This type is best represented by PSS Systems’ Atlas and Exterro’s Fusion. This market is commoditizing, she says, leading these vendors to branch into discovery management/information governance in PSS’s case and project management and data mapping in Exterro’s, she says. Systems that go beyond notification can enforce data preservation by securing the documents to prevent spoliation, either through collection to a separate repository or by managing them in place. This type is best represented by Autonomy, Kazeon, StoredIQ and Recommind, she says. Furthermore, Wood says, legal hold enforcement features are increasingly being folded into information governance systems and archives, litigation response platforms and early case assessment tools. Also read the case study Electronic Evidence: You Can’t Fool the RefMost archiving and records-management systems also have some type of legal hold capabilities, says Brian Hill, senior analyst at Forrester Research. However, these work only within the archive or records-management system itself. “That’s where legal hold software comes into play, to help tie these applications together more effectively,” he says. Logan, however, says she has yet to see a client use legal hold software to collect or preserve data from numerous sources. She advises clients to at the very least get a file- or e-mail-archiving system or a records-management system with legal hold functionality, such as from Symantec, Mimosa Systems or EMC. While it doesn’t solve the whole problem—for example, these systems don’t collect data from desktops, laptops and other systems—”it takes away a big part of the problem,” she says. The latest development is vendors introducing software-as-a-service-based, pay-as-you-go legal hold offerings. Cloud-based introductions in February included Zapproved’s Legal Hold Pro, CaseGuard Technologies’ HoldIT and Exterro’s Cloud Fusion. These systems will appeal to cost-sensitive companies that are willing to perform the legal hold function themselves but don’t want to pay licensing fees, Wood says. Legal Hold Software FeaturesHere’s a sample of the range of features offered in legal hold software, according to listings on vendor websites: Identification: Capabilities include the ability to search out and identify custodians by a number of attributes, such as their responsibilities for records and IT systems or involvement in the issue in dispute; to copy custodian lists from existing matters to accelerate and improve the process of defining the scope of the hold; and to provide an organizational view of employees, data sources and departmental structure. Notification management: Sends automatic, periodic reminders to custodians, as well as escalation notices for nonresponsive custodians. Tracks acknowledgments with time and date stamps. Interviewing: Enables legal staff to conduct consistent and far-reaching custodian interviews online to ensure the scope of holds and collections is sufficient but not over-broad. Templates: Creates consistency in legal hold messaging and efficiency in legal hold processes. Preservation in place: Enables immediate lockdown during early assessments and in-place analysis before deciding to collect information. Prevents users from modifying, deleting or moving data while giving designated users read-only access in order to facilitate daily operations. Copy and move: Collects data from a variety of sources—including e-mail systems and archives, file shares, enterprise content systems, social networks, portals, laptops and desktops—and moves it to a repository for relevant material preservation. Forensically sound collections: Ensures meta-data preservation and permits full-disk imaging. Performs a data integrity and verification test to ensure chain-of-evidence preservation. Activity logs and reports: Produces audit trails that automatically record event and user history to deliver comprehensive reports. Exports matter, legal hold, security and audit trail data to Excel and similar applications using comprehensive reporting capabilities. Data mapping: Automatically builds, updates and maintains custodial data maps. (See a data mapping case study at Fidelity National Financial and a data mapping overview from Continental CISO Tim Stanley.)Hold release: Automatically enacts hold releases to ensure routine disposal resumes and prevent over-preservation. Connectivity with end-to-end e-discovery systems: Links with systems that perform early case assessment, review, analysis, production, data preservation, forensics, information management, and so on. Integration with existing enterprise systems: Connects to HR, storage, e-mail archives, content repositories, file shares, content management systems, retention platforms, document management systems, directory services, legal review systems and archive media. Flexible deployment options: Ability to run on appliances, laptops or servers, or enable collections to be held locally or remotely in a secure cloud environment. Practical Evaluation Criteria for Legal HoldWhen Dan Klinger, who leads information security efforts at Hershey, went looking for a legal hold system, he wanted something cost-effective and delivered by a market-leading vendor that could provide exceptional support. He eventually chose Exterro’s Fusion Legal Hold. Other factors he took into account in his search included: High defensibility: Klinger valued the ability to provide exportable audit trails, change histories and login reports to build defensibility. Intuitive usability: Wizards and workflows ensure quick uptake but also enforce compliance, Klinger says. “Each step is contingent upon successful and correct completion of the previous step,” he says. Feature-rich: He considered features such as reporting, escalation and HR integration essential. Real-time HR integration is important, Klinger says, because when a legal hold-triggering activity occurs, it’s critical to be able to scope custodians quickly and accurately. “It ensures we always issue the legal hold notification to the right people, regardless of changes in title, department or employment status,” he says. Reporting needs can include audit trails, change history reports, acknowledgement receipts and tracked communication between the legal team and custodians. “These are all critical reports for building defensibility for any litigation activity,” he says. Related content feature Top cybersecurity M&A deals for 2023 Fears of recession, rising interest rates, mass tech layoffs, and conservative spending trends are likely to make dealmakers cautious, but an ever-increasing need to defend against bigger and faster attacks will likely keep M&A activity steady in By CSO Staff Sep 22, 2023 24 mins Mergers and Acquisitions Mergers and Acquisitions Mergers and Acquisitions brandpost Unmasking ransomware threat clusters: Why it matters to defenders Similar patterns of behavior among ransomware treat groups can help security teams better understand and prepare for attacks By Joan Goodchild Sep 21, 2023 3 mins Cybercrime news analysis China’s offensive cyber operations support “soft power” agenda in Africa Researchers track Chinese cyber espionage intrusions targeting African industrial sectors. By Michael Hill Sep 21, 2023 5 mins Advanced Persistent Threats Cyberattacks Critical Infrastructure brandpost Proactive OT security requires visibility + prevention You cannot protect your operation by simply watching and waiting. It is essential to have a defense-in-depth approach. By Austen Byers Sep 21, 2023 4 mins Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe