The Basics of E-Discovery , Chapter 3: Data Preservation


In many ways, preservation sets the foundation for the e-discovery process. It involves taking steps to ensure that potentially relevant data is not destroyed during the pendency of a legal or regulatory matter. Preservation failures, while easy to make, can carry serious consequences, including severe sanctions that result from spoliation, the destruction or alterationof relevant evidence. Preservation is most commonly associated with legal holds, but the two are not synonymous. A defensible preservation process includes many activities and considerations beyond issuing a legal hold.

Learn the fundamentals of preserving electronically stored information (ESI) in this video introduction to data preservation.

There is a lot to think about when it comes to preservation. Of course, above all else, you want to fulfill your legal obligations and make sure electronically stored information (ESI) relevant to litigation is protected from deletion or modification.

But that's only part of the story. Preserving too much data leads to problems as well, potentially as harmful to a company as an e-discovery sanction. What's worse, dealing with preservation blunders and inefficiencies can throw case efforts completely off course, diverting attention away from the substance of the litigation and consuming valuable resources. In other words, even when spoliation and sanctions are avoided, preservation can still be a source of major problems.

We'll begin our preservation journey by looking at what's actually required.

Preservation Obligations

Your duty to preserve ESI for e-discovery is not enshrined in any law or even explicitly defined in the Federal Rules of Civil Procedure (FRCP). It's born out of case law, the bulk of which is fairly recent. As you might imagine, there are grey areas surrounding preservation requirements, and different jurisdictions have their own specific standards. That being said, case law is fairly consistent around a few key areas:


The duty to preserve evidence begins when a party knows of or has a reasonable anticipation of future litigation. The important thing to remember here is that the duty to preserve can be triggered before a lawsuit has been filed or preservation letter has been received (see section on preservation letters below). For an example of preservation obligations being triggered prior to the commencement of litigation, read our E-Discovery Case Law Library alert on Mathew Enter., Inc. v. Chrysler Grp. LLC.


The scope of preservation obligations can vary greatly from case to case and is often a point of great contention among parties. In its "Commentary on Legal Holds: The Trigger & The Process," highly respected e-discovery think tank The Sedona Conference says factors that dictate the scope of preservation include "the nature of the issues raised in the matter, the accessibility of the information, and the relative burdens and costs of the preservation effort." Generally, courts expect parties to apply a standard of "reasonableness" and "proportionality" to their preservation demands and efforts, recognizing that the costs and burdens associated with preserving ESI should always be in balance with the value of the dispute.

The cost and burden of preserving ESI should always be in balance with the value of the dispute.

Failing to Preserve

Judges have a significant amount of discretion when it comes to penalizing parties for spoliation of evidence. In assessing the severity of sanctions, courts will generally focus on two key areas: (1) the level of culpability (was the spoliation intentional or simply the result of negligence?) and (2) whether the party who brought the motion for sanctions was prejudiced by the spoliation. Minor sanctions include monetary fines or attorney compensation. When the failure to preserve is determined to be intentional and involves highly relevant evidence, sanctions become much more severe and can include adverse jury instructions, whereby the jury is instructed to infer that the lost evidence was unfavorable to the spoliating party (as was the case in the famous Zubulake ruling), or default judgements, where the court will actually issue a ruling against the spoliating party for failing to comply with the discovery requirements. There have even been examples of courts deeming spoliation actions so egregious that they might warrant criminal punishment (see Paul Grimm's controversial opinion in Victor Stanley, Inc. v. Creative Pipe, Inc.) But those cases are extremely rare.

Preservation Letters

We mentioned triggering events a little earlier. One common preservation trigger is the receipt of a preservation letter, a communication sent from one party to another notifying them of their preservation obligations and conveying what must be retained. Bear in mind, your preservation obligations kick in regardless of whether a preservation letter is sent or not, and it is not a substitute for an actual lawsuit or court order. Though preservation letters are not a formal component of civil discovery procedure, they are very common. In his popular paper "The Perfect Preservation Letter," e-discovery attorney and expert Craig Ball explains that preservation letters are not just about educating or reminding opponents out of professional courtesy. "The preservation letter can establish such awareness, bolstering a claim that the party destroying evidence knew of its discoverability and recklessly or intentionally disregarded it," Ball writes. Of course, you can't simply send someone a preservation letter asking for everything, although many lawyers certainly try. An overly broad preservation letter will almost certainly be met with resistance.

The overly broad preservation letter.

Disputes over the scope of preservation are often addressed during "meet and confer" meetings. Required by Rule 26(f) in the FRCP, parties must confer as soon as practicable to discuss discovery issues and craft a discovery plan. In theory, this seems like a great idea, but in practice, many lawyers show up at meet and confers (often called 26(f) conferences) without a detailed understanding of their client's ESI or a specific plan for discovery in mind. As a result, meet and confers often consist of little more than a perfunctory phone call between attorneys in which nothing of substance is actually accomplished. This point was echoed by a number of federal judges in our 2017 "3rd Annual Federal Judges Survey: E-Discovery Best Practices and Trends."

Preservation Challenges

Preserving data may be the single most difficult e-discovery challenge. Data is econstantly being created, sent and received, edited, moved, and deleted. To meet preservation obligations, you essentially have to put a freeze on this entire process. ESI also tends to be highly unorganized. Business users store information in a way that makes sense to them and in several different locations (laptops, smartphones, cloud services, shared drives, etc.). Legal teams have no way of knowing where all relevant ESI resides just by looking at the facts of the case, let alone how best to preserve it.

To Delete or Not to Delete

The way in which organizations manage their data, especially email, goes a long way in dictating the types of preservation challenges they'll experience. Many companies don't require their employees to delete any data and as a result emails pile up for months, and often years, and the sea of discoverable information becomes practically endless. Conversely, some companies employ systems that automatically delete emails after a certain time period to help control the amount of data that is retained.

The key is to strike a balance between retaining too much data and not enough.

While deletion policies do increase the risk of losing relevant ESI, the 2015 FRCP amendments and case law show the court's tolerance for organizations that have and follow good faith policies for data disposition. Still other organizations create email retention "policies" instructing employees how to manage their accounts. But these rules are often weakly enforced or ignored by employees who see such policies as bureaucratic hassle. Preservation and information governance are very closely linked.

The Cost of Over-Preservation

Because the risks and penalties associated with spoliation are so significant, many companies adopt a "play it safe" mentality, preserving far more data than they have to and keeping that data much longer than what is legally required. This approach might protect against spoliation, but it comes at a significant price. In addition to increased storage costs, the over-abundance of data creates additional potential liability in every future legal matter. Additionally, that data must be processed and reviewed for relevancy, making future e-discovery projects more costly.

The Devil is in the Details

Besides the more common preservation challenges listed above, there are many other dangers that can arise during the course of a matter, including:

​Employee Status Changes

For large companies with thousands of employees, it's common to experience hundreds of employee status changes (departures, transfers, extended leaves of absence) every year. Just take a look at how systematic your company's exit and onboarding procedures are if you need to be convinced.. In cases where an employee is leaving the company, it is common practice for IT to delete, reimage, or destroy the individual's data from local devices, as well as shared servers, and reissue the equipment to someone new. What often gets overlooked in the process is that the departed employee may have been subject to a preservation obligation, which persists regardless of whether the person is actively employed at the organization. Tracking employee status changes and ensuring responsive data is preserved can be an inefficient and time-consuming endeavor for legal teams, especially when they don't have ready access to company HR data. You can learn much more about this issue by downloading this infographic, "How Employee Movements Cause Major E-Discovery Risk."

Cross-Border Discovery Requirements

E-Discovery rules and procedures vary greatly from country to country. Generally, the United States' legal system places greater emphasis on obtaining evidence than those of other nations, which translates to the U.S., granting civil parties the most unrestricted access to potential evidence of any nation in the world. The simple act of instructing a foreign-based custodian to preserve his or her data may itself violate data protection and privacy laws of another country. The EU General Data Protection Regulation raises these concerns to another level with the imposition of fines as large as €20m or 4% of global revenue as a consequence. For more information on GDPR and its implications for e-discovery professionals, read our white paper A GDPR Road Map for E-Discovery Professionals.

BYOD (Bring Your Own Device)

Most companies have fully embraced the BYOD movement, allowing their employees to use their own personal devices to access the company network, create and store business information. In some instances, this exposes employee mobile device data to preservation requirements when that data is deemed to be under a company's "care, custody, or control." Assuming the company can get access to the device, the mix of employee information (including sensitive personal data) and business information creates significant data privacy issues. Extracting data from a mobile device can also present technical challenges based on unique file formats and require specialized tools (like Cellebrite's UFED device). Stay up to date on new data types by visiting our E-Discovery Case Law Library.

​ Preserving Cloud and Social Media ESI

As businesses continue to embrace cloud services, more and more company data is moving to offsite servers managed by third parties. This can complicate preservation efforts, because it requires legal teams to understand contractual agreements with cloud providers, especially as they relate to data access, maintenance, and backup policies. The case Brown v. Tellermate illustrates the dangers associated with preserving cloud ESI. A party was sanctioned after failing to preserve cloud-based ESI from a recently departed employee after the employee's account was transferred to a new user, and his data was overwritten. You can read about the case in more detail here. These issues are becoming especially prevalent with social media sites, like Facebook, as parties increasingly target them for discovery. Preservation of social media is covered in more detail in the following white paper: Preserving & Collecting New Data Types.

How to Preserve

To echo our previous point, legal holds are not the only way to preserve data. There are four primary ways that you can preserve ESI, and all of them should be part of your company's preservation arsenal. The four primary approaches are outlined below. Some of these techniques are also discussed in greater detail in the Exterro-PWC white paper, "Three Common Techniques for E-Discovery Preservation."


Legal hold process

We have a whole section on legal holds so we won't go into a ton of detail here. Legal holds are by far and away the most common method for preserving data for e-discovery. The legal hold itself is simply a notification, usually sent over email, stating that a lawsuit has been commenced or is reasonably anticipated and that the party receiving the email must preserve all data potentially related to the subject matter of the case. A mistake that many companies make is treating legal holds like one-off communications rather than a multistep process. As established in the famous Zubulake ruling and underscored by groups like The Sedona Conference, a truly defensible legal hold process includes periodic reminders, compliance monitoring and other considerations as matters evolve.



Another common preservation method is to actually collect relevant data by copying it from the native source and storing it somewhere centralized. Although "collection" is its own stage in the EDRM occurring after preservation (it also has its own section in this guide) the collect-to-preserve approach is a reasonable approach for highly relevant ESI or for technically precarious data, like that from a mobile device, which is at high risk of deletion if immediate action isn't taken. That being said, many companies rely too heavily on this method and end up over collecting and preserving data that ultimately isn't relevant.


In-place preservation

A third preservation option that has emerged in recent years involves actually "locking down" data at its source. The data repository itself either inhibits custodians' attempts to delete responsive ESI or maintains hidden copies of files preventing any loss of data. Preserving in place greatly reduces spoliation risk without requiring data collection. It also allows you to be more targeted instead of completely suspending a system's automated retention policy. Software integrations with common data sources, like Office 365, make in-place preservation a viable approach in many matters.


Custodian interviews

While it's not one of the three primary ways to preserve data, custodian interviews are a critical element of the preservation process. They help you expand or narrow the scope of the preservation effort and uncover sources of ESI that might have otherwise been overlooked. Bear in mind, it's the custodians who know the issues of the case, not the lawyers. Custodian interviews allow you to leverage that knowledge to its fullest and are seen as a hallmark of a defensible and thorough preservation process.

Preservation Tools

There are a variety of technologies that can support the preservation approaches described above.

Legal Hold

Some companies attempt to manage the legal hold process via emails and spreadsheets or with homegrown systems. For smaller companies with very low litigation volumes, these approaches may be sufficient, but most large organizations rely on dedicated legal hold software that automates all legal hold notice distributions (including periodic reminders) and tracks compliance. More advanced legal hold solutions integrate with HR and other enterprise systems. These integrations streamline legal hold scoping and tracking, support global privacy controls, and implement policies for data retention when employees change roles or leave the business. We have much more on the legal hold process and technologies in the next section.

Custodian Interview

While extremely valuable, interviews can be time-consuming for legal teams, difficult to manage, and also may be disruptive on employees. To mitigate these issues, you can deploy specialized interview tools that simplify the process by giving you access to configurable and reusable questionnaires, while also tracking and storing responses. Some systems allow these interviews to be appended to legal holds, which further streamlines the process and eliminates the need for custodians to respond to multiple communications.

Data Mapping

Data mapping is also applicable in the context of preservation. Data mapping software helps you create, update, and organize a complete directory of your data environment. Data maps support preservation by helping you quickly connect key custodians with the data sources they use to help focus the preservation efforts. Additionally, a comprehensive data map gives you insight into the risk profile of certain data sources to help pinpoint what data should be targeted for preservation first.

In-Place Preservation

In-place preservation systems integrate with your data sources so you can engage automatic preservation actions (such as freezing a delete function) without directly interacting with the data sources themselves. This capability is especially useful when the in-place preservation tool is integrated with the legal hold application so that all preservation efforts can be consolidated into one centralized system of record for the legal department.

Employee Change Monitoring

Besides integrating your legal hold software and HR systems, e-discovery platform technologies can automate certain actions based on employee status changes. These employee change monitoring systems automatically detect when an employee leaves the company or changes departments and take appropriate actions, such as sending an alert to legal or reissuing a legal hold, to ensure responsive data remains preserved.

Preservation Checklist

A lot goes into an efficient and defensible preservation process. To avoid becoming overwhelmed, have a strategy and follow a repeatable process so that tasks don't get overlooked.

Data Preservation

Start with what you know

While it's true that some matters will involve a long list of custodians and large volumes of data, it's useful to start small. Undoubtedly, there will be key players and highly relevant ESI identified at the outset of the matter, and that's where you should focus your initial efforts. Don't start too broad or you will risk over-preserving and losing sight of what matters most.

Promptly issue a legal hold

While it's helpful to start small, you shouldn't waste any time before issuing a legal hold and making sure that custodians who may have relevant ESI are added to the hold promptly and on a continuous basis. As part of that, your legal hold process should be streamlined so that holds can be distributed quickly and with minimal effort. Technology can make a huge difference here.

Develop an interview process

Custodian interviews should be treated systematically. You should have a basic interview template that includes the types of basic questions that are applicable across matters (i.e., Where do you store your data? Do you know of any co-workers involved in the issues underlying the matter?) ready to go at all times. You should also devise a way, most likely through technology, to quickly access and aggregate custodian interview responses so that information gleaned during interviews can be acted upon quickly.

Create preservation tiers

In the same way that not all custodians and data are equally relevant to a case, not all ESI warrants the same preservation strategy. As outlined above, there are different methods for preserving data, some more costly and resource intensive than others. Reserve the collect-to-preserve approach for your most relevant data, especially if it has a high risk of being deleted. Utilize in-place preservation, but establish clear criteria for when it gets used, so you don't over-preserve and foul up existing retention policies. Your lowest tier custodians should only be issued a legal hold until more information is gathered as to the relevancy of their data.

Develop a system for tracking employee status changes

Your custodian list will never be static. Dealing with custodian departures or movements within the organization reactively will inevitably lead to oversights. It's better to develop a proactive strategy that gets employee status change information in front of legal right away. Relying on HR to deliver this information can be problematic, as they typically are busy, and providing employee info to legal is likely not going to be high on their priority list. Instead, consider leveraging the data stored in the HR system through integration with your legal hold application.

Develop a master custodian list

When a matter is resolved, it's not as simple as just releasing all the custodians from the legal hold and ceasing preservation activities. A custodian in one matter could very easily be involved in another. In fact, it's not uncommon for some custodians, especially high profile executives, to be involved in many simultaneous matters. That's why you should have a central list that details all active custodians and the matters with which they are associated for cross checking when matters come to a close. Of course, constructing that list manually wouldn't be a whole lot of fun. Look for systems that can automate the creation of these types of reports and, better yet, keep them updated without manual intervention.

Don't forget about legal hold release

You'd be surprised how many companies struggle releasing custodians from a legal hold. We've even wrote an entire white paper about it. The problem often relates to the issue described above. When legal teams don't have visibility into which custodians are involved with which holds, the default approach is to simply leave custodians on hold, even when it may not be legally necessary. Needless to say, this precipitates rampant over-preservation leading to a whole host of issues, including increased storage costs and amplified risk exposure. You should develop specific procedures to release the legal hold that account for the need to cross check other matters, and to clearly notify custodians that not only can they stop preserving certain ESI, but that they should stop preserving it if it no longer serves a business value.


The preservation process is about much more than just avoiding sanctions. A strong preservation process should take into account e-discovery defensibility as well the need to control data volumes, support larger company goals (including not disrupting other business processes), and keep legal teams focused on the merits of litigation. Though they aren't synonymous, the preservation and legal hold processes go hand in hand so you are encouraged to keep reading. If you're still unsure about the preservation process and what to do, download this Preservation and Legal Hold Workflow Checklist for a good starting point.