With all the energy expended preparing for and proceeding with a matter, it can be easy to forget that there’s life after the case—not just for the eDiscovery and litigation support teams but for the data. The thought and attention that goes into each phase of the eDiscovery process is also required once a matter concludes: what do we do with the data?
There are some cases where the issue has already been decided. Your corporation may already have data retention/destruction and legal hold policies that clearly outline next steps, and it’s obviously important to consult with your in-house team before proceeding. You may also find that there are conditions already placed on the data’s future use due to restrictions defined during its collection.
However in cases where there is ambiguity, the considerations that need to go into post-matter data preservation—privacy, regulations, cost, etc.—are complex and require careful evaluation. Each matter is different, but generally speaking, answers to three key questions can help point you in the right direction.
1) What is contained within the data?
All data requires protection, but in some cases data can be so sensitive you may not feel comfortable keeping any of it beyond your firewall. This is particularly true in second requests where trade secrets, corporate strategy and patents can be found within data reviewed by regulatory agencies. Once the matter ends, returning or destroying the data may become a primary focus—especially if an M&A is not approved and your co-respondent emerges from the defunct deal as a competitor.
In other cases, you may opt to have a third-party host some combination of original, processed or production data while you request the remnants be returned or destroyed. This depends upon the data’s contents and your answer to the second question.
2) What’s the possibility that data will be needed for a different matter?
In cases where there’s clearly little to no chance that data will be used in any future matter, the most logical course of action is to either request your eDiscovery provider or law firm host return the data or to insist it destroys all copies of the data and issues certificates of destruction. However, in some industries or in some specific cases, the likelihood is that the data gathered for the matter will be reused. This is especially true in highly litigious or highly regulated industries, such as the financial services sector, where key data is constantly subject to litigation hold and subpoena. In many instances the better option to destroying or returning data may be for the provider to continue to host all or part of the data—either online, or in a near-line or offline cold storage, lower-cost arrangement—or at least to seek advice from a provider on how best to hold the data to ensure its long-term viability for future matters.
The benefits of retaining the data as opposed to destroying it can be cost or timeline driven. Saving data likely to be subpoenaed a second or third time avoids duplicative charges for collection, production and processing. Preservation of a prior matter for future use also maintains applied work product such as issue tagging, priv tagging and redaction coordinates. In situations where similar matters are known to be coming down the pipe or matters will “spin off” from a principle database, retaining the data ensures information accessibility and facilitates rapid search.
In those industries and cases it may make sense—despite the hosting/storage costs—for data to be stored with the service provider to reduce waste and streamline processes in preparation for future matters. Once you’ve gauged the likelihood that the data in question may be central to a future matter, there is a third consideration.
3) What are the data privacy and security rules in the region where the data is housed?
The answer to this question determines to a great extent how the data should be handled at a matter’s conclusion. If the data is located in regions like the European Union or China —where there are strict data privacy, sensitivity and secrecy laws—the best practice may be to return the data to the custodian to avoid violation of jurisdictional laws and regulations.
The situation becomes more complex, however, if data is located across different jurisdictions and requires an understanding of rules regarding data in each location and how to apply them. While legal counsel can provide guidance as to what can be retained, a knowledgeable service provider with experience in that particular region or country should be able to help identify and filter data to remove fields—such as personally identifiable information (PII), personal health information (PHI) or other sensitive material—to maintain compliance with regional laws.
While these three questions seem simple enough, it’s obvious from just this cursory exploration that there are many complexities to be accounted for, understood and integrated into any post-matter data decision. The bottom line is this: after a matter is concluded, a number of factors must be considered carefully before determining the disposition of data.