publication of the International Legal Technology Association
Issue link: https://epubs.iltanet.org/i/1161254
I L T A W H I T E P A P E R | L I T I G A T I O N A N D P R A C T I C E S U P P O R T 8 T here are different procedures for the handling of client data and firm work product when a litigation case is closed. Many firms operate with a document retention policy (DRP) although some firms follow best practices to guide them in the document lifecycle. Each should dictate which documents are records and specify the applicable laws, regulations and obligations regarding the retention and destruction of those documents. The guidance regarding the destruction or deletion of documents is a very important component of a DRP or best practices. The DRP is part of the information governance framework which manages the information lifecycle. In a litigation matter, clients provide data (i.e. financials, business trade secrets, etc.) to a law firm and the attorneys working on their case will use that data to produce work product (i.e. charts, memos, motions, briefs, etc.) to develop the case. It is especially important from a privacy and compliance perspective to distinguish between client provided data and internally produced work product in a litigation matter. This is particularly the case at the close of the matter. The client should be presented with the option of return or destruction of the data. This is important for a number of reasons, including cost and risk management. Often the data is subject to the clients own internal retention and disposition policies. Failure to return or completely dispose of client data could inadvertently expand any future discovery reach to the law firm. On the other hand, internally produced work product related to a litigation matter is the property of the firm and will generally be subject to the firm's DRP, with most default destruction limits being 7 years. Once a firm receives client produced data every safeguard should be employed to protect that data. Often clients will specify management controls for their data, including the specification of who has access to the data, encryption method, geographic Case Closure, Best Practices, Part 2 (Compliance) B Y K AT H R Y N M C R A E