Legal Holds

A legal hold, also referred to as a litigation hold, is the process by which companies instruct their employees to preserve specific data for potential litigation.

Neither an internal employee nor another relevant individual, both referred to as a custodian, can delete, modify, or destroy the data.

The type of data that needs to be preserved generally includes electronically stored information (ESI) as well as printed papers, logbooks, and reports.

Data Location

Broadly speaking, there are two ways to store data. The first is where data is stored in a primary location, where it can be interacted with by users, processes, and systems. The second is where the primary location is archived, backed up, or replicated to a secondary location in near real time.

The primary location can be thought of as the current working version of the data, showing the data in a "how it is right now" state. The secondary archive location can be thought of as the historical record of the data, showing all the previous versions and copies of all the data; a child site using Archive Only Mode might be used as a secondary archive location. A legal hold can be placed in either the primary or the secondary location.

There are several options for applying a legal hold to some section of your storage. You can freeze files in-place by modifying the relevant permissions and disabling automations that would make changes. You could instead synchronize the relevant files to an archive-only site. Your third option is to use the snapshots feature to create a read-only archive of the desired data, which is stored within a hidden folder in your site.

Changing Permissions and Automatic Processes

You can apply a legal hold by preventing any future changes to the relevant files. This option requires significant work because you must make chanegs to many different settings, such as user permissions, folder expirations, automatic renaming, automations that make changes, syncs, or retention rules. This could be noticed by users, processes, and systems that interact with the data.

To apply this type of legal hold, the target folders should have their Permissions modified so that users cannot delete or modify the contained files and subfolders, and any File Expiration settings should be disabled. If the target folder is being used as the source of a Remote Sync, then the remote sync should be modified so that the After copying action is set to Keep a copy on this site. If the target folder is being used as the source for an Automation that moves files or deletes files, then the Automation should be disabled.

You might choose this option if you don't have scripted processes that would be disrupted by changing users' permissions, and you don't want to make copies of the files that need to be retained for the legal hold. You might also choose this option if the data to be retained is in a different region from your site's default region, and you're required to keep the data in its original region.

Copy Relevant Data to Archive Location

Applying the legal hold to an archive location is far less likely to be noticed by users, processes, and systems that interact with the primary data. To apply this type of legal hold, you'll need an appropriate secure location available, such as a Child Site set to Archive Only mode.

Once you've obtained the archive location, you can use a one-way Remote Server Sync to copy all of the relevant data to the archive location. Because the copied data cannot be changed in the archive location, you do not need to modify any of the settings or permissions for the primary location or its users. This method of applying legal hold is much less likely than the first method to cause disruption to any business processes that may rely upon those source files.

This option might be desirable if you need to keep copies of any new or changed files created after the legal hold starts, as you can continuously sync new files from the primary location to the archive location.

Snapshot the Affected Data

A third option for applying legal hold is to create a read-only snapshot of the relevant files. Snapshots are stored in a hidden directory, and can only be downloaded by site admins.

This method provides the most convenient way to apply a legal hold, but will not capture new updates to files. If you need to continuously capture newly changed files, consider the option for syncing files from the primary location to an archive location.

Exporting Data for eDiscovery

The legal hold process will typically target both the electronically stored information (ESI) as well as any audit trail logs that show access details.

The files and folders (ESI) in legal hold can be downloaded manually, using the Files.com web interface or any FTP/SFTP client, or programmatically, using the Files.com Command Line (CLI) App, SDKs, or APIs.

The Files.com logs can be accessed manually, using the Files.com web interface, or programmatically, using the Files.com Command Line (CLI) App, SDKs, or APIs.

When a legal hold is no longer required, the target folder Permissions, File Expiration, Remote Sync, and Automation settings can be reconfigured back to their prior settings.

Get Instant Access to Files.com

The button below will take you to our Free Trial signup page. Click on the white "Start My Free Trial" button, then fill out the short form on the next page. Your account will be activated instantly. You can dive in and start yourself or let us help. The choice is yours.