This site uses cookies to store information on your computer. Some are essential to make our site work; others help us improve the user experience. By using the site, you consent to the placement of these cookies. Read our privacy policy to learn more.

The Basics of E-Discovery , Chapter 3: Data Preservation

In many ways, preservation sets the foundation for the e-discovery process. It involves taking steps to ensure that potentially relevant data is not destroyed during the pendency of a legal or regulatory matter. Preservation failures, while easy to make, can carry dire consequences, including severe sanctions that result from destruction of relevant evidence (spoliation). Preservation is most commonly associated with legal holds, but the two are not synonymous. There are many activities and considerations beyond issuing a legal hold that make up a defensible preservation process.

There is a lot to think about when it comes to preservation. Of course, above all else, you want to fulfill your legal obligations and make sure electronically stored information (ESI) relevant to litigation is protected from deletion. But that's only part of the story. Preserving too much data leads to problems as well, potentially as harmful to a company as an e-discovery sanction. What's worse, dealing with preservation blunders and inefficiencies can throw case efforts completely off course, diverting attention away from the merits of the litigation and consuming valuable resources. In other words, even when spoliation and sanctions are avoided, preservation can still be a source of major problems.

We'll begin our preservation journey by looking at what's actually required.

Preservation Obligations

Your duty to preserve ESI for e-discovery is not enshrined in any law or even explicitly defined in the Federal Rules of Civil Procedure (FRCP). It's born out of case law, the bulk of which is fairly recent. As you might imagine, there are grey areas surrounding preservation requirements, and different jurisdictions have their own specific standards. That being said, case law is fairly consistent around a few key areas:


The duty to preserve evidence begins when a party knows of, or has a reasonable anticipation of future litigation. The important thing to remember here is that the duty to preserve can be triggered before a lawsuit has been filed or preservation letter has been received (see section on preservation letters below). For an example of preservation obligations being triggered prior to the commencement of litigation, read a good summary of a sanction ruling in Voom HD Holdings LLC v. EchoStar Satellite LLC.


The scope of preservation obligations can vary greatly from case to case and is often a point of great contention among parties. In its "Commentary on Legal Holds: The Trigger & The Process," highly respected e-discovery think tank The Sedona Conference says factors that dictate the scope of preservation include "the nature of the issues raised in the matter, the accessibility of the information, and the relative burdens and costs of the preservation effort." Generally, courts expect parties to apply a standard of "reasonableness" and "proportionality" to their preservation demands and efforts, recognizing that the costs and burdens associated with preserving ESI should always be in balance with the value of the dispute.

ESI should always be in balance with the value of the dispute.

Failing to Preserve

Judges have a significant amount of discretion when it comes to penalizing parties for spoliation of evidence. In assessing the severity of sanctions, courts will generally focus on two key areas: (1) the level of culpability (was the spoliation intentional or simply the result of negligence?) and (2) the relevance of the evidence (was the spoliated evidence central to the arguments of the case or more on the periphery?). Minor sanctions include monetary fines or attorney compensation. When the failure to preserve is determined to be intentional and involves highly relevant evidence, sanctions become much more severe and can include adverse jury instructions, whereby the jury is instructed to infer that the lost evidence was unfavorable to the spoliating party (as was the case in the famous Zubulake ruling), or default judgements, where the court will actually issue a ruling against the spoliating party for failing to comply with the discovery requirements. There have even been examples of courts deeming spoliation actions so egregious that they might warrant criminal punishment (see Paul Grimm's controversial opinion in Victor Stanley, Inc. v. Creative Pipe, Inc.) But those cases are extremely rare.

Preservation Letters

We mentioned triggering events a little earlier. One common preservation trigger is the receipt of a preservation letter, a communication sent from one party to another notifying them of their preservation obligations and conveying what must be retained. Bear in mind, your preservation obligations kick in regardless of whether a preservation letter is sent or not, and it is not a substitute for an actual lawsuit or court order. Though preservation letters are not a formal component of civil discovery procedure, they are very common. In his popular paper "The Perfect Preservation Letter," e-discovery attorney and expert Craig Ball explains that preservation letters are not just about educating or reminding opponents out of professional courtesy. "The preservation letter can establish such awareness, bolstering a claim that the party destroying evidence knew of its discoverability and recklessly or intentionally disregarded it," Ball writes. Of course, you can't simply send someone a preservation letter asking for everything (although many lawyers certainly try). An overly broad preservation letter will almost certainly be met with resistance.

The overly broad preservation letter.

Disputes over the scope of preservation are often addressed during "meet and confer" meetings. Required by Rule 26(f) in the FRCP, parties must meet within 90 days of filing a complaint to discuss discovery issues and craft a discovery plan. In theory, this seems like a great idea (it was actually added to the FRCP in 2006 as part of a slew of e-discovery amendments, discussed in detail in the E-Discovery Process section of this guide). In practice, many lawyers show up at meet and confers (often called 26(f) conferences) without a detailed understanding of their client's ESI or a specific plan for discovery in mind. As a result, meet and confers are routinely underutilized and often consist of little more than a perfunctory phone call between attorneys in which nothing of substance is actually accomplished. This point was echoed by a number of federal judges in our 2015, "Federal Judges Survey: E-Discovery Best Practices and Trends."

Preservation Challenges

Preserving data may be the single most difficult e-discovery challenge. Data is everywhere and extremely fluid, constantly being created, sent and received, edited, moved, and deleted. To meet preservation obligations, you essentially have to put a freeze on this entire process. ESI also tends to be highly unorganized. Business users store information in a way that makes sense to them and usually to a variety of different locations (laptop, shared drives, etc.). Legal teams have no way of knowing where all relevant ESI resides just by looking at the facts of the case, let alone how best to preserve it.

To Delete or Not to Delete

The way in which organizations manage their data, especially email, goes a long way in dictating the types of preservation challenges they'll experience. Many companies don't require their employees to delete any data and as a result emails pile up by the months, and often years, and the sea of discoverable information grows practically endless. Conversely, some companies employ systems that automatically delete emails after a certain time period to help control the amount of data that is retained.

The key is to strike a balance between retaining too much data and not enough.

These systems can pose an even greater threat to preservation efforts by increasing the risk that relevant emails get deleted as part of the regular retention cycle. Still other organizations create email retention "policies" instructing employees how to manage their accounts. But these rules are often weakly enforced and easily circumvented by employees who see such policies as a pointless hassle more than anything else. It's because of this Catch-22 that preservation and information governance are so closely linked.

Defensible deletion strategy

For recommendations on implementing a defensible deletion strategy, download Exterro's white paper: "Reality Check – You Can Defensible Delete Data".

The Cost of Over Preservation

Because the risks and penalties associated with spoliation are so significant, many companies adopt a "play it safe" mentality, preserving far more data than they have to and keeping that data much longer than what is legally required. This approach might protect against spoliation, but it comes at a significant price. In addition to increased storage costs, future matters come to implicate more and more data and potentially expose information that is harmful to a case. That data must be processed and reviewed for relevancy, making future e-discovery projects more costly and difficult. For best practices on controlling over-preservation, watch Exterro's recent webcast, "Clean up the E-Discovery Leftovers."

The Devil is in the Details

Besides the more common preservation challenges listed above, there are many other dangers that can arise during the course of a matter, including:

​Employee Status Changes

For large companies with thousands of employees, it's common to experience hundreds of employee status changes (departures, transfers, extended leaves of absence) every year. Most organizations are fully prepared for this reality (just take a look at how systematic your company's exit and onboarding procedures are). In cases where an employee is leaving the company, it is common practice for IT to delete, reimage, or destroy the individual's data from local devices, as well as shared servers, and reissue the equipment to someone new. What often gets overlooked in the process is that the departed employee may have been subject to a preservation obligation, which persists regardless of whether the person is actively employed at the organization. Tracking employee status changes and ensuring legally responsive data remains preserved can be an inefficient and time consuming endeavor for legal teams, especially when they don't have ready access to company HR data. You can learn much more about this issue by watching Exterro's webcast, "E-Discovery Implications of Employee Movements."

Cross-Border Discovery Requirements

E-Discovery rules and procedures vary greatly from country to country. Generally, the United States' legal system places greater emphasis on obtaining evidence than those of other nations which translates to the U.S., granting civil parties the most unrestricted access to potential evidence of any nation in the world. The simple act of instructing a foreign-based custodian to preserve his or her data may itself violate data protection and privacy laws of another country. You can mitigate problems by tailoring the preservation activities to be consistent with regional and local rules. But this requires both an understanding of the discovery rules in which the preservation actions are taking place, and developing processes for complying with these rules. Read Exterro's white paper, "Protecting Privacy in Cross Border Litigation," for best practices on navigating cross border discovery issues.

BYOD (Bring Your Own Device)

Most companies have fully embraced the BYOD movement, allowing their employees to use their own personal devices to access the company network, and to create and/or store business information. In some instances, this exposes employee mobile device data to preservation requirements when that data is deemed to be under a company's "care, custody, or control." Assuming the company can get access to the device, the mix of employee information (including sensitive personal data) and business information creates significant data privacy issues. Extracting data from a mobile device can also present technical challenges based on unique file formats and require specialized tools (like Cellebrite's UFED device). For more on the BYOD issue and best practices for preserving mobile device ESI, check out our infographic, "The Value of Mobile Data in E-Discovery."

​ Preserving Cloud and Social Media ESI

As businesses continue to embrace cloud services, more and more company data is moving to offsite servers managed by third parties. This can complicate preservation efforts, because it requires legal teams to understand contractual agreements with cloud providers, especially as they relate to data access, maintenance, and backup policies. The recent case Brown v. Tellermate illustrates the dangers associated with preserving cloud ESI. A party was sanctioned after failing to preserve cloud-based ESI from a recently departed employee after the employee's account was transferred to a new user, and his data was overwritten. You can read about the case in more detail here. These issues are becoming especially prevalent with social media sites, like Facebook, as parties increasingly target them for discovery. Preservation of social media is covered in more detail in the following blog post: Preservation of Social Media: An Ongoing Challenge for Legal Teams.

How to Preserve

To echo our previous point, legal holds are not the only way to preserve data. There are four primary ways that you can preserve ESI, and all of them should be part of your company's preservation arsenal. The four primary approaches are outlined below. Some of these techniques are also discussed in greater detail in our white paper, "Three Common Techniques for E-Discovery Preservation."


Legal hold process

We have a whole section on legal holds so we won't go into a ton of detail here. Legal holds are by far and away the most common method for preserving data for e-discovery. The legal hold itself is simply a notification, usually sent over email, stating that a lawsuit has been commenced or is reasonably anticipated and that the party receiving the email must preserve all data potentially related to the subject matter of the case. A mistake that many companies make is treating legal holds like one-off communications rather than a multistep process. As established in the famous Zubulake ruling and underscored by groups like The Sedona Conference, a truly defensible legal hold process includes periodic reminders, compliance monitoring and other considerations as matters evolve.



Another common preservation method is to actually collect relevant data by copying it from the native source and storing it somewhere centralized. Although "collection" is its own stage in the EDRM occurring after preservation (it also has its own section in this guide) the collect-to-preserve approach is a recommended approach for highly relevant ESI or for technically precarious data, like that from a mobile device, which is at high risk of deletion if immediate action isn't taken. That being said, many companies rely too heavily on this method and end up over collecting and preserving data that ultimately isn't relevant.


In-place preservation

A third preservation option that has emerged in recent years involves actually "locking down" data at its source. The data repository itself either inhibits custodians' attempts to delete responsive ESI or maintains hidden copies of files preventing any loss of data. Preserving in place greatly reduces spoliation risk without requiring data collection. It also allows you to be more targeted instead of completely suspending a system's automated retention policy.


Custodian interviews

While it's not one of the three primary ways to preserve data, custodian interviews are a critical element of the preservation process. They help you expand or narrow the scope of the preservation effort and uncover sources of ESI that might have otherwise been overlooked. Bear in mind, it's the custodians who know the issues of the case, not the lawyers. Custodian interviews allow you to leverage that knowledge to its fullest and are seen as a hallmark of a defensible and thorough preservation process.

For more information on three of these preservation approaches, read our white paper, "Three Common Techniques for E-Discovery Preservation."

Preservation Tools

There are a variety of technologies that can support the preservation approaches described above.

Legal hold

Some companies attempt to manage the legal hold process via emails and spreadsheets or with homegrown systems. For smaller companies with very low litigation volumes, these approaches may be sufficient, but most large organizations rely on dedicated legal hold software that give users access to reusable templates, automates all legal hold notice distributions (including periodic reminders) and tracks compliance. There are many legal hold products on the market today that come equipped with these rudimentary capabilities. More advanced systems have the ability to integrate with your company's HR system, for streamlined legal hold scoping and tracking, and support global privacy controls for dealing with international custodians who are subject to different e-discovery rules (as described above). We have much more on the legal hold process and technologies in the next section.


While extremely valuable, interviews can be time consuming for legal teams, difficult to manage, and also may be disruptive on employees. To mitigate these issues, you can deploy specialized interview tools that simplify the process by giving you access to configurable and reusable questionnaires, while also tracking and storing responses. Some systems allow these interviews to be appended to legal holds which further streamlines the process and eliminates the need for custodians to respond to multiple communications.

Data mapping

Data mapping was discussed in the information governance section of this guide, but it's equally applicable in the context of preservation. Data mapping software is designed to help you create, update, and organize a complete directory of your data environment. Data maps support preservation by helping you quickly connect key custodians with the data sources in which they most commonly interact to help focus the preservation efforts. Additionally, a comprehensive data map gives you insight into the risk profile of certain data sources to further help pinpoint what data should be targeted for preservation first.

In-Place preservation

As the description of in-place preservation indicates, this approach is highly dependent on technology. In-place preservation systems integrate with your data sources so you can engage automatic preservation actions (such as freezing a delete function) without directly interacting with the data sources themselves. This capability is especially useful when the in-place preservation tool is integrated with the legal hold application so that all preservation efforts can be consolidated into one centralized system of record for the legal department.

Employee Change Monitoring

Besides integrating your legal hold software and HR systems, there are emerging technologies that can actually automate certain actions based on employee status changes. These employee change monitoring systems automatically detect when an employee leaves the company or changes departments and can automate responsive actions, such as an alert to legal or the reissuing of a legal hold, to ensure responsive data remains preserved.

Preservation Checklist

A lot goes into an efficient and defensible preservation process. To avoid becoming overwhelmed, it's important to have a strategy and to develop repeatability so that tasks don't get overlooked.

Data Preservation

Start with what you know

While it's true that some matters will involve a long list of custodians and large volumes of data, it's useful to start small. Undoubtedly, there will be key players and highly relevant ESI identified at the outset of the matter and that's where you should focus your initial efforts. Don't start too broad or you will risk over-preserving and losing sight of what matters most.

Promptly issue a legal hold

While it's helpful to start small, you shouldn't waste any time before issuing a legal hold and making sure that custodians who may have relevant ESI are added to the hold promptly and on a continuous basis. As part of that, your legal hold process should be streamlined so that holds can be distributed quickly and with minimal effort (this is where technology comes into play).

Develop an interview process

Custodian interviews should be treated systematically. You should have a basic interview template ready to go at all times that includes the types of basic questions that are applicable across matters (i.e. Where do you store your data? Do you know of any co-workers involved in the issues underlying the matter?). You should also devise a way, most likely through technology, to quickly access and aggregate custodian interview responses so that information gleaned during interviews can be acted upon quickly.

Create preservation tiers

In the same way that not all custodians and data are equally relevant to a case, not all ESI warrants the same preservation strategy. As outlined above, there are different methods for preserving data, some more costly and resource intensive than others. Reserve the collect-to-preserve approach for your most relevant data, especially if it has a high risk of being deleted. Utilize in-place preservation, but establish clear criteria for when it gets used, so you don't over preserve and foul up existing retention policies. Your lowest tier custodians should only be issued a legal hold until more information is gathered as to the relevancy of their data.

Develop a system for tracking employee status changes

Your custodian list will never be static. Dealing with custodian departures or movements within the organization reactively will inevitably lead to oversights. It's better to develop a proactive strategy that gets employee status change information in front of legal right away. Relying on HR to deliver this information can be problematic, as they typically are busy, and providing employee info to legal is likely not going to be high on their priority list. Instead, consider leveraging the data stored in the HR system through integration with your legal hold application.

Develop a master custodian list

When a matter is resolved, it's not as simple as just releasing all the custodians from the legal hold and ceasing preservation activities. A custodian in one matter could very easily be involved in another. In fact, it's not uncommon for some custodians, especially high profile executives, to be involved in many simultaneous matters. That's why you should have a central list that details all active custodians and the matters with which they are associated for cross checking when matters come to a close. Of course, constructing that list manually wouldn't be a whole lot of fun. Look for systems that can automate the creation of these types of reports and, better yet, keep them updated without manual intervention.

Don't forget about legal hold release

You'd be surprised how many companies struggle releasing custodians from a legal hold (We even wrote an entire white paper about it). The problem often relates to the issue described above. When legal teams don't have visibility into which custodians are involved with which holds, the default approach is to simply leave custodians on hold, even when it may not be legally necessary. Needless to say, this precipitates rampant over-preservation leading to a whole host of issues, including increased storage costs and amplified risk exposure. You should develop specific procedures to release the legal hold that account for the need to cross check other matters, and to clearly notify custodians that, not only can they stop preserving certain ESI, but that they should stop preserving it if it no longer serves a business value.


The preservation process is about much more than just avoiding sanctions. A strong preservation process should take into account e-discovery defensibility as well the need to control data volumes, support larger company goals (including not disrupting other business processes), and keep legal teams focused on the merits of litigation. Though they aren't synonymous, the preservation and legal hold processes go hand in hand so you are encouraged to keep reading.

Chapter 2
Information Governance
Chapter 4
Legal Hold