This post is a reprint of an article that originally appeared on the ACEDS Blog here.
It’s hard to believe that it’s only been about 27 months since most office workers started working remotely full-time—and probably only slightly less time that we’ve been wondering about what the “return to the office” would look like. After numerous decrees about imminent returns to the office—and an equal number, it seems, of pandemic waves to undo those predictions, it seems like we’ve settled into something of an equilibrium.
Like many instances in which one might seek advice on legal matters, the answer is, of course, “It depends.”
Research from Microsoft in early 2022 indicated that “about 50% of leaders say their company already requires or is planning to require employees to return to in-person work full-time in the next year,” while more recent research from the Conference Board found “that just 4% [of organizations] said they are requiring all employees to return to the workplace full-time.” It seems more likely that there’s no uniform answer to the question of what the future of work will look like—unless that answer is that the move to remote technology and work-from-home processes that took root during the pandemic are here to stay, if only as a component, not the entirety of the modern workplace.
Where does that leave legal teams who have to account for organizational communications in matters of e-discovery—particularly as regards the obligation to preserve data under legal holds? In a recent whitepaper, Overcoming Legal Discovery Challenges in Remote & Hybrid Workplaces, Exterro explores some of these issues and challenges. Here are some tips to consider in your organization.
Make sure your data retention settings are up-to-date.
Organizations introduced and rapidly ramped up their use of a number of collaboration tools like Slack, Zoom, and Microsoft Teams to adapt to the forced remote environment—but that doesn’t mean their policies kept up with the technology. Most collaboration software allows administrators to configure retention settings. If IT was charged with implementing software on short notice, the obligation to ensure retention policies are defensible and implemented in compliance with civil litigation obligations.
For example, if by default all video recordings of meetings are being preserved indefinitely, they may be viewed as discoverable in civil litigation. However, a reasonable, documented retention policy of deleting video recordings after a certain amount of time may mean that such data no longer needs to be be preserved, and therefore may reduce risk as well as storage costs.
Ensure that you can comply with data subject access requests.
Of course, civil litigation is not the only risk factor associated with corporate data. Much of the data organizations hold is subject to data privacy regulations, including the right of data subjects—most often customers, but starting in 2023, also including employees in the state of California—to request that organizations produce, rectify, or even delete data related to them. The data stored in collaboration applications, such as Slack, Microsoft Teams, and potentially even software like Zoom, could fall under these requests.
Getting ready to manage such requests requires not only the ability to collect, review, and produce data from these platforms, but also the ability to process such requests—a matter perhaps beyond the purview of e-discovery professionals, but well within that of privacy teams operating under chief legal officers (CLOs) and general counsel.
The foundation of successful e-discovery program (and privacy compliance) is an accurate data inventory.
IT isn’t the only department that needs to know what data is stored where, in what technology platforms, and who has access to it. Legal departments also have an equally important stake in the understanding the organizational data landscape. The changes that rapidly unfolded in 2020 may not have allowed either team to take stock of information infrastructure change—but the legal environment, particularly around privacy compliance, has changed so much that pleading ignorance is no longer an option.
Organizations should build a data management playbook that keeps up-to-date records of communication platforms at your organization. Include all apps being used, which departments use them, and preservation policies in place. It should definitively answer questions such as:
- Which apps are being used by which departments?
- How are the apps being used by employees and managers?
- What policies do you have in place for managing those apps right now?
Download the full whitepaper to learn more.