HOW VARONIS HELPS WITH LEGAL HOLD
Background
A legal hold is a written directive issued by attorneys instructing clients to preserve relevant evidence – such as paper documents and electronically stored information – in an anticipated litigation, audit, or government investigation. However, as businesses increasingly store data in electronic formats, it’s becoming ever more important to be able to manage, preserve, classify, and search electronically stored information (ESI).
A legal hold includes the following steps:
- Issuing a written hold notice
- Identifying the right stakeholders
- Coordinating data identification and preservation
- Monitoring the implementation of the hold
Who Needs to Comply
Any organization that can potentially come under litigation should educate employees on the company’s legal hold policy as well as how to respond to any legal hold notice they may receive. When a legal hold is issued, attorneys should ascertain that the recipients listed in the legal hold understand their responsibilities. Also, working within the organization’s legal framework, attorneys and the IT Department will take all appropriate steps to retain and preserve ESI.
Risks in Non-compliance
When evidence is destroyed, lost, or altered, the ramifications can be detrimental as it becomes virtually impossible to prove or defend a case. An organization’s failure to prevent spoliation of evidence can result in court-ordered sanctions as well as fines, especially if ESI is found to have been destroyed because a legal hold was not effectively carried out.
Below are consequences and regulations set forth by each association and regulating party.
Title 18 of United States Code Sections
Under Title 18 of United States Code Sections, the individual responsible will be fined and/or face jail time.
“Whoever knowingly alters, destroys, mutilates, conceals, covers up, falsifies, or makes a false entry in any record, document or tangible object with the intent to impede, obstruct, or influence the investigation or proper administration of any matter within the jurisdiction of any department or agency of the United States or any case filed under title 11, or in relation to or contemplation of any such matter or case, shall be fined under this title, imprisoned not more than 20 years, or both.” 18 U.S.C. Sec. 1519.
Federal Rules of Civil Procedure
Under Federal Rules of Civil Procedure Rule 37 possible sanctions are as follows:
- dismissal of the wrongdoer’s claim
- entering judgment against the wrongdoer
- imposing fines on the wrongdoer
How Varonis can help with Legal Hold
1. Finding Evidence
DatAnswers maintains an index so that files containing specific terms can be found at any time.
The Varonis IDU Classification Framework is a data classification engine that can incrementally scan file servers and intranets for documents based on a multitude of criteria: keywords, patterns, date created, date last accessed, date modified, user access, owner, and many more, making it possible for IT to find and preserve relevant evidence.
The IDU Classification Framework is efficient and performs true incremental scans, knowing exactly which files have been modified and require rescanning without checking every single location.
The IDU Classification Framework is an automated classification engine. It does not rely on users to manually flag or tag data (though that is possible). It classifies data across multiple platforms (Windows, NAS, SharePoint, etc.).
Also critical to preserving evidence, DatAdvantage can identify and locate all ESI, show which users and groups have access, and provide an audit on all ESI, such as when the file, directory services object, and email was open, edited, deleted etc.
2. Holding Evidence
Once relevant evidence has been found by the IDU Classification Framework, the Varonis Data Transport Engine can automatically migrate or copy documents into a secure location designated for legal hold where the files cannot be modified or deleted.
