Skip to content

IPMA HR: Identification and Preservation—eDiscovery Breakdown

Originally published by IPMA HR.
By Rene Novoa

Many businesses have gone paperless, choosing to keep important documents, including those prepared and maintained by their human resources departments, stored digitally rather than in file cabinets. Going paperless provides businesses with a number of benefits, including search-friendliness and storage efficiency. It also introduces new data that is not available when records are stored in paper form. This new and potentially useful information includes metadata that tracks when and how files were created, modified, viewed, transmitted and deleted. Metadata also indicates who performed the recorded actions.
Although having access to metadata yields benefits, it also enforces new requirements and presents challenges when it comes to data organization and preservation. These matter in particular to HR professionals charged with providing records for an employment action or lawsuit, HR-related forms prepared in any format (e.g., Word documents, Excel spreadsheets, PDFs) and digital communication from computers, phones, flash drives and other devices must be produced upon request. This is where electronic discovery comes into play. Read on to better understand what the eDiscovery process entails and what doing eDiscovery means for you as an HR practitioner and for your employer.

Understanding eDiscovery

eDiscovery can be defined as the process of sifting through a large amount of electronically stored information (ESI) and finding data, documents and communications that may be relevant to a specific legal action or dispute. The process is most effective when the HR and IT departments work together with an eDiscovery service and an in-house and/or outside legal counsel.
When it comes to HR, investigations and lawsuits that might require eDiscovery can involve

  • Employee misconduct
  • Employer misconduct
  • Employment discrimination
  • Worker safety and OSHA compliance
  • Employee privacy
  • Negligent hiring
  • Negligent retention
  • Harassment
  • Retaliation
  • Union relations
  • Copyright infringement
  • Theft of company property
  • Theft of intellectual property
  • Defamation of an employee
  • Defamation of the employer

Understanding Your Role in the eDiscovery Process

It is important for the HR staff, as the primary caretakers of ESI related to employees and managers, to understand how and where data that could be subject to eDiscovery is stored. After engaging the services of a professional eDiscovery company, you and your HR team must be directly involved in two steps of the eDiscovery process—identification and preservation.


In this step, potential sources of relevant ESI are determined. Relevance is exceedingly important. You want to make sure to provide all the data that will be needed to resolve a situation, but providing too much data heaps on a huge amount of additional cost in subsequent steps of the eDiscovery process.
Do the following three things to identify relevant ESI:

  1. Determine file types. These could include Microsoft Office documents, emails, texts, social media posts, digital images and database pages.
  2. Interview potential custodians. Custodians are the owners or caretakers of data, meaning potentially relevant ESI exists on the computers, thumb drives or other devices they control. Interviewing potential custodians often identifies additional custodians.
  3. Keep a record of your efforts. Always keep detailed notes on every step of your eDiscovery process, including interviews with custodians. Check with your legal counsel to find out if a specific format for documenting your efforts is preferred.


After identifying potential sources of relevant ESI, it is important to act quickly to ensure that none of it is destroyed or altered. Any deletions or changes to files requested during a lawsuit or other legal action could result in hefty court fines for spoliation (i.e., ruining or destruction) of evidence.
To preserve ESI

  1. Send each identified custodian a litigation hold notice promptly via email and paper memo or letter. Receiving the notices obligates custodians to stop using potentially relevant files.
  2. Discontinue use of all identified devices and consider collecting them and placing them in secure storage.
  3. Remove used backup devices from circulation so ESI located on them is not overwritten or destroyed.
  4. Keep detailed notes of the steps you take toward preservation.

Types of data that may be required in a legal hold include the

  • Applications and resumes
  • Digital conversations (e.g., emails, texts, instant messages)
  • EEO-1 forms
  • Employee benefits documents
  • I-9 forms
  • OSHA records
  • Payroll documentation (e.g., wage records, job evaluations)
  • Personnel records

eDiscovery Made Easy

Information governance (IG) is a set of proactive measures that can streamline the eDiscovery process and make it more effective. Simply put, IG is a control structure for storing and searching ESI.
Your IT department should be a key partner when working to put IG policies in place. Make sure that the team addresses and puts the following in place:

  • ESI Lifecycle Plan—Know how long you legally need to keep ESI and how to destroy ESI completely when that time has passed.
  • Education—Make sure any person who has access to important ESI is aware of how to handle it properly.
  • Security—Take government regulations and industry standards for cybersecurity as baselines to exceed. Use as many tools as practical, including firewalls, passwords and encryption.
  • Understandable file structure—Organize ESI intuitively so anyone authorized to do so can locate relevant information quickly. A crisis will not wait until the only person who understands the system gets back from vacation. When designing the basic file structure, answer these questions:
    • What is the information?
    • When was the file created?
    • When was the file last modified?
    • Where is the information stored?
    • Who has access to the file?
    • Why is the information being retained?
    • How is the data being stored and protected?
  • Updated storage technology—Make sure to transfer important files from outdated storage formats to newer ones as technology advances. Do not strand information on floppy disks.
  • Backup—Remember, courts are not kind to defendants who have lost relevant data due to a hard drive crash. If nothing else, poor backup procedures set organizations up for spoliation fines. On the other hand, a complete electronic record can be your best defense.

Be Prompt. Be Able. Be Prepared.

The best advice for handling eDiscovery is to be prepared. An organization’s ability to limit liability is directly related to how quickly and completely requests for ESI can be met. So being able to control, preserve and produce requested data quickly and effectively is essential.
Importantly, have an eDiscovery partner and legal counsel on retainer long before the need for their services arise. Have them work with your company’s IT team to develop a plan for each likely situation. Preparations like these will give you peace of mind and, potentially, save your organization.
Rene Novoa, who serves as vice president of the North Bay Chapter of the High Technology Crime Investigation Association, is a certified forensic investigator and manager of eDiscovery and digital forensics at DriveSavers. Novoa develops proprietary forensic processes for failed devices and has performed data recovery on thousands of storage devices plagued with mechanical failures, physical damage and logical corruption. He can be reached at [email protected]
Read more:

Back To Top