Schedule a Demo

What Is A Legal Hold?

Unlike some other eDiscovery processes, a legal hold reaches far beyond your legal department and can potentially impact personnel across your whole business.

All Posts

What Is A Legal Hold?

Unlike some other eDiscovery processes, a legal hold reaches far beyond your legal department and can potentially impact personnel across your whole business.

What is a Legal HoldSo what are legal holds, how do they work, and why are they so important? This article will offer a thorough definition of a legal hold and discuss the role it plays within the broader context of eDiscovery.

What Is a Legal Hold? 

A legal hold, also known as a litigation hold, is a process that ensures a company acts to preserve all forms of relevant information and data associated with litigation matters, investigations, or other legal disputes.

A legal hold is initiated when a notification is sent from an organization's legal department to instruct custodians and data stewards not to delete electronically stored information (ESI) or discard archived documents that may be potentially relevant to an imminent legal matter. 

This process is initiated to ensure that any relevant information that could be helpful to a legal dispute is protected and will be available for review or collection until the issue is resolved. It safeguards against the potential for vital information to be discarded, corrupted, or rendered inadmissible as evidence.

Understanding the Legal Duty to Preserve  

Historically, the concept of legal holds can be traced back to the legal case of Armory v. Delamirie in 1722, a well-known dispute between a chimney-sweeper and a goldsmith over personal property rights to a found jewel. 

The case was a landmark in legal history because it was one of the first to give property rights and ownership to the finder of a piece of personal property. It’s also notable for being the first documented case to be won as the result of bad faith spoliation of evidence.

Since then, the legal requirements and practicalities of data preservation have obviously developed significantly, gradually evolving into the legal hold process that is known and practiced today. 

The Evolution of Data Preservation 

The year 2003 represented something of a landmark in the history of legal holds. Judge Shira A. Scheindlin and her groundbreaking rulings in the case Zubulake v. UBS Warburg significantly impacted modern eDiscovery practice. Judge Scheindlin emphasized that “once a party reasonably anticipated litigation, it must suspend its routine document retention/destruction policy and put in place a 'litigation hold' to ensure the preservation of relevant documents." This highlighted the importance of digital documents in the modern legal context and set the wheels in motion for the preservation of ESI to be officially recognized and enshrined.

This recognition came in 2006, when the United States Federal Rules of Civil Procedure (FRCP) incorporated amendments to address the expansion of legal hold from paper documents to electronically stored information (ESI). The established changes required companies to keep all electronic records until each legal matter was formally settled. The legal amendments were established to anticipate and tackle arguments related to the production and maintenance of ESI, such as cost, the difficulty of production, missing or even deleted ESI. 

Legal Holds and eDiscovery

So how do legal holds fit into the bigger picture of eDiscovery? Legal holds and data preservation responsibilities are fundamental to successful outcomes within the eDiscovery process. 

Legal holds and eDiscovery requirements demand organizations to be able to produce comprehensive and admissibly formatted ESI when requested in relation to a legal challenge. This necessitates the ability to keep track of the high volume, variety, and speed of electronic data and business records. 

Failing to Implement and Maintain a Legal Hold

Organizations must ensure proper legal policies, procedures, and processes are being implemented to meet legal hold and eDiscovery requirements. They also need to ensure that they can prove their efforts to correctly implement a legal hold, should they face challenges relating to their processes. Companies can be penalized for failing to meet legal hold requirements if:

  • The company failed to take action to preserve relevant ESI
  • The company lost ESI
  • The company failed to restore or replace ESI 

Companies could face serious consequences if they fail to preserve and present information related to the subjects of the legal matter, ranging from financial penalties to default judgment or even dismissal.

How Is a Legal Hold Triggered?

A legal hold starts when a notification from an organization’s legal department is sent to employees as being relevant to the required case. However, the process and requirements go beyond this basic trigger. 

When and How Is a Legal Hold Triggered?

A legal hold should commence once a trigger event has occurred. By law, a legal hold must be triggered when litigation is “reasonably anticipated” by the organization, which is a fairly subjective statement. It means that the organization must start the process at the earliest stage possible to avoid any crucial information being lost.

Organizations should be aware of factors influencing when litigation is reasonably anticipated: 

  • Explicit communication
  • Service of process
  • Subpoenas
  • Cease-and-desist letters
  • Regulations
  • Preservation orders
  • Credible threats of litigation

Correctly anticipating the need for a hold to be issued can help avoid a more complicated (and costly) discovery process, or sanctions for spoliation, like the destruction of relevant evidence. If evidence is lost or preservation is questioned, courts tend to consider other factors to determine if sanctions are appropriate, such as:

  • Whether parties acted in good faith
  • Whether parties evaluated relevant evidence at the time of preservation

What is a legal hold trigger event?

As mentioned previously, the legal hold duties begin as soon as a legal hold trigger event occurs. Some of the incidents that might trigger a legal hold to be actioned are:

  • Someone sustains an injury on company property
  • A party breaches a contract
  • The organization receives a letter threatening litigation
  • The organization receives a complaint initiating a lawsuit
  • The organization contemplates legal action against another party
  • The organization receives explicit communication of impending litigation, such as service of process, subpoena, or written/verbal notice. 
  • Receipt of notice by an employee or another agent 
  • Other circumstances, such as local regulations or a preservation order already entered in another case

When is a legal hold notice sent? 

The legal hold is the organization’s first line of defense against “spoliation”, which is the erasure or corruption of potentially relevant information that could be used as evidence in a legal case.

For this reason, the legal hold should be issued as soon as litigation is initiated or when the organization identifies an event that will probably prompt litigation, such as an acrimonious employee dismissal or product defect.

Who sends the legal hold notice? 

In theory, companies usually designate an official within their legal department to issue the legal hold notice. However, companies could be dealing simultaneously with a large number of litigation matters, which means a large number of legal holds. It should also be remembered that simply issuing a legal hold notice won't satisfy eDiscovery requirements. Every action associated with the protection and preservation of the data in question must be carefully documented, and the legal team must ensure that the parties have received and agreed to comply with the legal hold duties. 

Therefore, the processes are complex and often managed by specialized paralegals or eDiscovery managers, who are responsible for managing day-to-day legal hold issues. Legal departments can also partner with HR to track holds on migrating custodians and with IT teams to account for systems or applications that may affect hold logistics.

What does a legal hold notice include? 

There are no specific legal requirements to determine the content of a legal hold notice, but the communication must be clear, succinct, and easy to understand. The custodians receiving legal hold notices could be from a variety of roles and departments, so the legal hold must be straightforward and include all the necessary information. Some of the things a legal hold should include:

  • The subject matter of the information that the company must preserve
  • Which materials employees should preserve
  • The time frame to which the preservation duty applies
  • Whom employees may contact for any questions about the legal hold
  • How employees should handle any relevant information that they possess or collect
  • Deadlines for acknowledging the hold and any actions

The legal hold notice should also instruct:

  • The recipients’ duty to preserve until further notice
  • The recipients’ duty to preserve all potentially relevant information without modification
  • The importance of preserving relevant data 
  • The possible consequences of not complying with the legal hold notice

ESI You’ll Need to Preserve and Where to Find It

To comply with the responsibilities of legal holds, organizations must ensure that they have control over all sources of ESI. Relevant data could be located in a variety of storage locations such as portable devices, shared drives, home computers, smartphones, tablets, laptops, and cloud-based storage systems. This makes it vital for the organization to keep their data rigorously archived, safely stored, up to date, and easy to access whenever necessary.


ESI sources can contain custodian and non-custodian data. Custodian ESI is held by an individual source that possesses the information, such as e-mail, personal storage, allocated storage, data storage, data associated with all the social media pages used by the custodian, tablets, smartphones, and private web email accounts. Non-custodian ESI describes the data included in databases, cloud storage databases hosted by third parties, and shared network storage locations.


Examples of where to find discoverable data:

Email: Email storage on one or more email servers, including physical hardware managed by the organization’s IT team, virtual machines leased from a cloud provider (for example Microsoft Exchange), or Software as a Service (SaaS) from a cloud provider or Webmail. Users can be expected to have a substantial volume of emails from several online and offline sources.

Text Messages: People are likely to access or maintain work data from personal devices, such as smartphones, and use text messages as a form of communication. Potentially, relevant data could arise from cell phone text messages. Over the years, courts have come to consider text messages as ESI and as a consequence, they are subject to the same discovery standards. 

Cloud-Based Documents: Most companies have moved some aspect of their business data to the cloud in the pursuit of cost-efficiency and security. Moreover, the cloud allows users to remotely access and modify data, so cloud-based technology represents a critical source of potential ESI. IT infrastructure and corporate applications operate in cloud environments such as Amazon Web Services and Microsoft Azure. Users can also store their data in tools such as Dropbox, Google Drive, iCloud, and Microsoft One Drive.

Social Media: Similar to text messages, discoverable information could be stored on the user’s social media accounts, such as WhatsApp, Facebook Messenger, Instagram, LinkedIn, etc. Organizations need to carefully consider chat and social media platforms as possible sources of ESI. Posts, comments, group chats, and direct conversations could all contain crucial evidence that needs careful handling and preservation.

Collaboration Content: With the advance of remote work, collaboration software is often used to improve communication and infrastructure. Collaborative software products like Slack, JIRA, and Microsoft Teams work, simultaneously, as data repositories, chat platforms, and workspace hubs so they became a critical source of discoverable data. 

Video Conference Recording: Video conference recordings are a vital source of discoverable ESI. Companies of all-sizes use video conferencing tools daily, especially after Covid-19. Tools such as Zoom, Teams, Remo are frequently used to host meetings, events, and even large-scale conferences. Since 2020, the demand for video conferencing software has increased 500% and 67% of companies have increased their cost on those tools. 

In order to preserve ESI related to certain employees, the legal department should be able to place all ESI on legal hold due and prevent it from being disposed of. This is critical for higher-level executives because they store a higher volume of relevant information and, as a consequence, are vulnerable to higher risks of litigation.

Pagefreezer offers solutions that simplify the Retention and Legal Hold of Online Data from sources like websites, social media, team collaboration tools, and mobile text messaging. Check out this page for more information, or read our associated article, Understanding a Request for Production of Documents.

Read Blog Post

George van Rooyen
George van Rooyen
George van Rooyen is the Content Marketing Manager at Pagefreezer.

The Discord OSINT/SOCMINT Investigation Guide

Discord is a treasure trove of real-time, contextually rich digital interactions, offering OSINT investigators unprecedented access to diverse community conversations, user networks, andthe various digital file types shared through its interconnected server ecosystem. These insights can be pivotal for open-source intelligence (OSINT) investigations.

New Spatial Data Logic and Pagefreezer Partnership Modernizing Digital Recordkeeping for Local Government Agencies

December 11, 2024 (Vancouver) – Spatial Data Logic (SDL) and Pagefreezer have announced a strategic partnership to help government agencies streamline website and social media recordkeeping operations and improve transparency initiatives.