Subject Area: Miscellaneous
Responsible Office: The Office of Legal Counsel
Sponsor: Vice President and General Counsel
Originally Issued: June 2009
Refer Questions To: The Office of Legal Counsel
Purpose: This policy sets forth the University’s general obligations to preserve, screen, and disclose University records in compliance with court discovery rules. The attached Guidelines for Preserving and Producing Litigation-Related Electronically Stored Information (the “Guidelines”), which may be modified from time to time by the Office of Legal Counsel, identify specific practices and procedures for electronic University records.
Scope: This policy only concerns the University’s obligations with respect to the discovery of University records relevant to pending or anticipated litigation; this policy does not cover the University’s general document retention and destruction policies, procedures, and practices for paper or electronic records. For more information on document retention and destruction policies, see Policy 2708, Managing University Records.
Applicability: This policy applies to (i) all academic and administrative departments of the University; (ii) all employees of the University; (iii) others subject to the Eligibility and Acceptable Use Policy only to the extent that the University could be deemed to have possession, custody, or control of electronic University records through such users; and (iv) vendors and outside contractors to the University only to the extent that the University could be deemed to have possession, custody, or control of electronic University records through such vendors.
Definitions: “University records” are any documents generated, received, or maintained in connection with any operations of the University. Typically, personal documents (including e-mails) of non-employees subject to the University’s Eligibility and Acceptable Use Policy are not considered to be University records.
“Electronically Stored Information” or “ESI” is typically defined broadly in court rules, essentially including all digital information (whether encrypted or not) maintained on University or departmental networks, servers, “webshare” platforms, office desktop computers, laptops, external hard drives and “flash” drives, “archives,” digital copiers and fax machines, IT Services’ “One-Fax” or other web-based faxing services, IT Services' “One-Number” or other web-based telephony and voicemail services, and digital cameras or other imaging devices. Home computers and storage devices may also be involved if they contain originals or duplicates of relevant University information. The types or formats of information subject to discovery is also broad, covering, for example, electronic documents, PDFs, e-mails (both cMail and xMail) and all attachments (collectively, “compound” documents), instant messages, voicemails, calendar data, information management software and databases, photographs, and videos. In most situations, ESI does not include embedded “metadata,” that is, details about the history, tracking, or management of an electronic document, but metadata discovery may be allowed by the court and, in such situations, should be treated like any other ESI.
The University has always been committed to preserving, gathering, screening, and disclosing all University records consistent with applicable court rules; recent revisions to those rules regarding electronically stored information have prompted this new policy and the attached Guidelines.
As is set forth in the attached Guidelines:
- The University’s Office of Legal Counsel has the primary responsibility for ensuring compliance with all applicable laws, regulations, and court rules regarding discovery in connection with pending litigation or reasonably anticipated litigation to which the University would be a party;
- IT Services will cooperate and coordinate with the Office of Legal Counsel and representatives of any department or any other person affiliated with the University having possession, custody, or control of ESI that has been requested in connection with pending litigation or that may be relevant to anticipated litigation to which the University would be a party and provide documentation or certification of these efforts as needed;
- The Office of Legal Counsel, in consultation with IT Services, may retain outside consultants or other professionals to help gather, screen, and produce ESI on costs and terms approved by the Office of Legal Counsel;
- Academic or administrative departments and their IT professionals must cooperate and coordinate on all ESI discovery matters with the Office of Legal Counsel, IT Services and any outside consultants or other professionals retained by the University and provide documentation or certification of these efforts as needed;
- Individual employees, users subject to the Eligibility and Acceptable Use Policy, and vendors and contractors subject to this Policy pursuant to the “Applicability” section above must cooperate and coordinate on all ESI discovery matters with the Office of Legal Counsel, IT Services, any affiliated academic or administrative department, and any outside consultants retained by the University and provide documentation or certification of these efforts as needed;
- Although the costs of ESI discovery will typically be borne by the central University administration (or shifted to other parties as directed by the Office of Legal Counsel and approved by the other parties or the court), departments and individuals subject to this policy may, in unusual situations involving inadequate internal risk management or a failure to comply with this Policy or the associated Guidelines, be held responsible for all or a portion of out-of-pocket discovery costs, outside consultant fees, and court sanctions, if any, after consultations with the affected department or individual and senior University administration.
Guidelines for Preserving and Producing Litigation-Related Electronically Stored Information
Although these Guidelines and the related Policy focus on electronically stored information, court rules typically require the preservation of all potentially relevant information, including originals and duplicates of all paper and electronic University records. All such records in the possession, custody, or control of the University when it receives a discovery request or reasonably anticipates litigation must be preserved regardless of any other applicable record management policy or procedures.
Court Rules Regarding Electronic Information. Federal and state court rules impose certain obligations regarding the preservation and disclosure of electronically stored information (“ESI”). These rules apply to the University regardless of whether it is actually a party to litigation (or reasonably anticipates being a party to litigation) or the University possesses information relevant to a dispute between other litigants. Typically, when the University is party to litigation or is named as a respondent in a subpoena, the discovery rules require the University not only to preserve ESI, but also to gather, screen, and produce that information. When the University reasonably anticipates that it will become a party to litigation, ESI needs to be preserved for safekeeping. In all instances, the University must quickly ascertain the relevant IT infrastructure and potential sources of ESI to allow it to make appropriate representations to the court and negotiate effectively for limitations on the scope of discovery and cost-shifting as appropriate.
General Document Retention and Destruction Policies. Court rules impose no particular document retention and destruction policies or guidelines; instead, they typically recognize a “safe harbor” allowing deletion of ESI in connection with the routine operation of electronic information systems or other applicable document management policies and procedures in “good faith,” which means that the ESI was destroyed before the University received a specific discovery request or had reason to anticipate being a party to litigation in the future. These “safe harbors,” however, are conditioned upon University and departmental record management policies and procedures are reasonable, articulated, and consistently enforced.
Definition of ESI. Court rules define the potential sources of ESI broadly. ESI thus includes, but is not limited to all digital information (whether encrypted or not) maintained on University or departmental networks, servers, “webshare” platforms, office desktop computers, laptops, external hard drives and “flash” drives, “archives,” digital copiers and fax machines, IT Services’ “One-Fax” or other web-based faxing services, IT Services’ “One-Number” or other web-based telephony and voicemail services, and digital cameras or other imaging devices, whether University-owned or private. Home computers and storage devices may also be involved if they contain originals or duplicates of “University records” as defined in University Policy 2709, Electronic University Records Relevant to Pending or Anticipated Litigation. The types or formats of information subject to discovery is also broad, covering, for example, electronic documents, PDFs, e-mails (both cMail and xMail) and all attachments (collectively, “compound” documents), instant messages, voicemails, calendar data, information management software and databases, photographs, and videos. In most situations, ESI does not include embedded “metadata,” that is, details about the history, tracking, or management of an electronic document. Still, metadata discovery may be allowed by the court and, in such situations, should be treated like any other ESI.
“Reasonably Accessible” ESI:. Typically, court rules require the production of “reasonably accessible” ESI, which means that the search for relevant information will usually not involve automated disaster recovery backup systems (except in rare situations when backup tapes are not routinely overwritten but are instead maintained for archiving purposes or are routinely accessed), sifting for legacy data from obsolete systems, and looking for data that was properly deleted from retired computers but which remains in fragmented form on a storage device. Even though the University may not be required to produce ESI that is not “reasonably accessible,” it is usually nonetheless obliged to identify the source of such information and preserve it for later use as necessary.
Roles and Responsibilities
The Need for Collaboration.The University’s information technology infrastructure is vast and subject to change, so ESI that is not immediately accessible may nonetheless be within the University’s “possession, custody, or control” under court rules. For this reason, compliance requires close collaboration between the University’s Office of Legal Counsel, IT Services, divisional or departmental IT professionals, outside consultants as needed, senior departmental decision makers, and, finally, the individual faculty and staff (and, in unusual circumstances, even students) who possess relevant knowledge about a current or anticipated legal dispute. This collaboration must begin immediately upon receiving a discovery request, subpoena, or information about a potential lawsuit because court rules typically require early and ongoing consultations by the parties, the formulation of a discovery plan, and periodic progress reporting to the court. The collaborative process must also continue beyond any initial production because court rules require discovery responses to be supplemented as new information becomes available.
Responsibilities of the Office of Legal Counsel. The Office of Legal Counsel will be involved in all e-discovery matters on campus, for several reasons. First, the obligations arise from court rules, and it is the responsibility of the University’s lawyers to identify matters reasonably likely to lead to litigation, interpret court rules on a case-by-case basis, address e-discovery issues with counsel for the requesting party, and report to the court. Second, the attorney-client privilege encourages consultations with University lawyers by generally shielding from disclosure most communications with counsel about actual or anticipated litigation. Third, no University ESI will be turned over without screening for relevance, privilege, and compliance with any applicable privacy or confidentiality laws by or at the direction of the Office of Legal Counsel.
IT Services’ Responsibilities. IT Services will almost always be involved in preserving and gathering ESI on campus because IT Services provides most of the University’s telephony, networking, instructional computing, mainframe computing, server management, and core central administrative systems. IT Services will coordinate with IT professionals in the affected department(s), but IT Services and the Office of Legal Counsel have the ultimate responsibility and decision making authority in connection with all University-related ESI. Given the technical nature of e-discovery, representatives of IT Services will typically confirm in writing the accuracy of University statements made in connection with ESI preservation and gathering efforts, and they may also be called upon to testify as necessary in connection with any discovery proceedings in court.
Outside Consultant Responsibilities. In situations involving unusually broad or complicated discovery, the University may retain outside consultants or other professionals to help preserve, gather, screen, and produce ESI. The consultants will report to the Office of Legal Counsel and work with IT Services and IT professionals in the affected department(s).
Responsibilities of the Affected Department(s). Decision makers, IT professionals, and employees of the affected department(s) are responsible for helping plan and execute ESI preservation and gathering efforts with IT Services and the Office of Legal Counsel, and they may also be required to confirm in writing the accuracy and completeness of these efforts at the department level.
Individual Responsibilities. Although the responsibility for securing and gathering ESI falls primarily on the foregoing departments and consultants, most ESI is generated or maintained by individuals with knowledge of the underlying matter at issue. It is, accordingly, important for senior administrators and employees in the affected department(s) to coordinate with the Office of Legal Counsel in identifying all such people at the earliest opportunity, advise each of them of the need to safeguard and gather ESI, and inform them of their obligation to later confirm in writing the accuracy and completeness of his or her efforts in this regard. Anyone who knowingly conceals or destroys ESI after learning of its relevance to anticipated or actual litigation may be subject to internal discipline as well as court-imposed sanctions.
Costs. Typically, the University considers e-discovery a cost of doing business for which IT Services, the Office of Legal Counsel, and the IT professionals in the affected department will contribute their time and effort without any internal accounting or reimbursement. The University may, however, seek to shift e-discovery costs to the requesting party (usually, when the University is not a party to the litigation). And, in unusual circumstances (e.g., large-scale ESI productions resulting from inadequate internal risk management or a failure to comply with these guidelines), the University may seek reimbursement from the responsible department of all or a portion of the University’s out-of-pocket discovery costs, outside consultant’s or attorney’s fees, and any court sanctions after consulting with the responsible department and senior University administrators.
The Potential Consequences of Failing to Preserve ESI. Courts have long considered the destruction of potentially relevant evidence (“spoliation”) to be a serious matter. The problem with ESI is that it can be very difficult to find and can also be inadvertently destroyed with a few keystrokes. Nonetheless, courts are increasingly unsympathetic to inadequate efforts to search for, secure, and turn over relevant ESI or submitting false or inaccurate information to the court. The consequences can be severe. If the University is a party to litigation, the penalties for spoliation may range from monetary sanctions to instructing a jury to infer that the lost evidence would have helped the other side; in close cases, such inference instructions can be decisive. Even when the University is not a party to litigation, the knowing failure to comply with court rules regarding ESI can result in sanctions and attorney fee awards being imposed on the University or, in rare situations, on the responsible individuals.
The “Litigation Hold”
The Litigation Hold. Court rules typically require those who have actual knowledge of pending or reasonably anticipated litigation to impose a “litigation hold” to identify and preserve all relevant information, including but not limited to ESI. For this reason, departments and individuals at the University are encouraged to alert the Office of Legal Counsel at the earliest opportunity of the existence of any request or subpoena for University records or the existence of a dispute that might lead to litigation. All “litigation holds” will be initiated by the Office of Legal Counsel. Notice of the litigation hold will, in the first instance, be given as soon as practicable to IT Services, the appropriate representatives and IT professionals of the affected department(s), and other University officials (e.g., Risk Management) on a need to know basis. The litigation hold notice will briefly describe the litigation or potential litigation, identify the general types and locations of documents and ESI that will need to be preserved, and attach a copy of these guidelines. Litigation hold notices should be re-issued periodically as necessary to assure ongoing compliance.
“Reasonable Anticipation” of Litigation. Under most court rules, the University “reasonably anticipates” litigation when credible facts and circumstances indicate that specific, predictable, and identifiable litigation involving the University is likely. The Office of Legal Counsel will make this determination on a case-by-case basis, typically after privileged consultations with representatives of the affected department(s) about the underlying facts.
Sensitive Matters and Information. Some litigation, potential litigation, or third party subpoenas involve confidential matters requiring the University to manage both the litigation hold and any subsequent document gathering on a confidential, “need to know” basis. In such situations, the Office of Legal Counsel will work with IT Services, the leadership of the affected department(s), departmental IT professionals, and individuals with personal knowledge of the underlying situation to develop a plan for maintaining the appropriate level of confidentiality.
Securing and Gathering ESI on Central Systems. Upon receipt of a litigation hold notice, IT Services will take immediate steps to preserve all ESI within IT Services’ direct possession, custody, or control, e.g., centralized e-mail, calendar services, network activity logs, and the like. If responsive ESI is encrypted, IT Services will work with IT professionals in the affected department and any individuals needed to obtain encryption keys at the earliest opportunity.
Disabling Routine ESI Destruction Programs and Practices. In the first instance, individuals operating computers with potentially relevant ESI will be asked to stop deleting relevant documents, “deleting trash,” or “empyting the recycle bin” until further notice from the Office of Legal Counsel. IT Services and the IT professionals in the affected department will also immediately suspend any University or divisional policies or procedures regarding the destruction of ESI, e.g., any “janitorial” functions whereby ESI is routinely deleted or destroyed. These prophylactic measures will, however, not typically require the interruption of automated disaster recovery backup systems unless the Office of Legal Counsel instructs otherwise after consultation with IT Services and representatives and IT professionals in the affected department(s).
Securing and Gathering Relevant ESI not on Central Systems. IT professionals and senior decision makers in the affected department(s) will coordinate with IT Services and individual employees as needed to identify and secure relevant ESI that may be stored on departmental or divisional servers, office desktop computers, laptops, external hard drives and “flash” drives, and home computers to the extent they contain University-related information. Consistent with the University’s Eligibility and Acceptable Use Policy for Information Technology (“EAUP”), searches of individual computers and files typically require the knowledge and consent of the user unless such actions are warranted by unusual circumstances and the Office of Legal Counsel has specifically authorized the search. IT Services should nonetheless be expected to make routine forensic “images” of entire storage devices without a user’s prior consent or authorization to discharge the University’s obligations to secure relevant ESI and to allow subsequent examination consistent with the EAUP and court rules.
Coordinating with Preservation and Gathering of “Paper” Documents. The Office of Legal Counsel will coordinate with representatives of the affected department(s) to preserve and gather all other documents that are not in electronic form.
Preserving Relevant ESI Going Forward. Court rules require discovery respondents to supplement their efforts with relevant information that may be generated after a litigation hold. The Office of Legal Counsel, IT Services, departmental decision makers and IT professionals, and individuals with knowledge will develop and implement procedures for segregating all such documents (e.g., by creating a separate “folder” on a computer desktop and confirming the operation of backup systems) and forwarding these documents as they become available to IT Services and/or the Office of Legal Counsel for safekeeping, screening, and possible production.
Documenting Sources of ESI, Including Duplicates. Typically, the University will be required to confirm in writing the accuracy and completeness of its search for ESI, which means that each source of electronic documents must be identified with care during the gathering process. Duplicate sources of ESI in the University’s possession, custody, or control must be identified, preserved, and screened for production because the existence and location of copies may itself be relevant and lead to other discoverable information. It is also helpful to identify sources of duplicate ESI available outside the University because in unusual situations (typically, when the University is not a party to the dispute) a court may find that discovery should be directed outside the University. For these reasons, the litigation hold procedure will include a plan for creating a “paper trail” documenting the steps taken (and not taken) to secure and gather potentially relevant ESI; the paper trail should specify data sources that are inaccessible or no longer available (e.g., a computer or storage device was destroyed).
In most situations, the Office of Legal Counsel will consult with the parties involved in a subpoena (and, if necessary, the court), IT Services, departmental IT professionals, and individuals with knowledge of the underlying dispute to develop data search inquiries reasonably calculated to gather all relevant ESI. IT Services or the University’s outside consultants will perform the searches and document their efforts and the results.
Pre-screening. Except in unusual circumstances, the Office of Legal Counsel will review all ESI prior to production to confirm that it is responsive to the discovery requests, relevant, and not subject to the attorney-client privilege, work product doctrine, or applicable privacy or confidentiality laws. Large and complicated ESI discovery projects may involve the use of outside consultants or lawyers.
Format. ESI is often disclosed in its “native format,” which means the standard format of the application or program used to create the document. In situations where there is a concern about altering the original ESI, the University and the requesting party may agree to convert documents to a secure format, e.g., PDFs or TIFFs or produce printouts of the ESI.
Certifications. When producing ESI to the requesting party, the University will typically make representations about the scope of its search in a cover letter, certification, or written response to a discovery request or subpoena. Given the technical nature of ESI, representatives from IT Services or department IT professionals will typically be required to confirm in writing the accuracy and completeness of all such representations.
Terminating Our ESI Obligations
Concluding the Discovery Process. When the litigation or threat of litigation has ended, the Office of Legal Counsel will work with IT Services to inform the affected department(s) that the litigation hold has been rescinded and that the department is free to return to its usual record management policies and procedures with respect to the ESI. Typically, IT Services and/or the Office of Legal Counsel will retain the gathered ESI in its own files; if necessary, copies can be returned to the academic or administrative department or individuals involved.
All questions regarding the University’s e-discovery obligations should be directed to the Office of Legal Counsel.