ooligo
EN
English en Español es Português (Brasil) pt-BR 日本語 ja Français fr Deutsch de
Subscribe
Tools Comparisons Workflows Stacks Learn
Verticals
RevOps Legal Ops Recruiting & TA
Language
English Español Português (Brasil) 日本語 Français Deutsch
GitHub Subscribe
ENTRY TYPE · definition

Legal Hold Process

By Marius Bughiu Last updated 2026-05-23 Legal Ops

A legal hold (also called a litigation hold or preservation hold) is the formal process by which an organization suspends its routine data-deletion practices and directs custodians to preserve electronically stored information (ESI) and physical documents that may be relevant to pending or reasonably anticipated litigation, a regulatory investigation, or an internal inquiry. It is not optional: the duty to preserve evidence is a legal obligation that can trigger sanctions — including adverse inference instructions or even case-terminating consequences — if violated. A legal hold is not a data backup, not an archive policy, and not the same thing as discovery collection. It is a directed preservation instruction issued to specific people about specific data.

What it is not

A legal hold is not the same as a document retention policy. A retention policy governs how long categories of data are kept under normal business operations before routine deletion. A legal hold overrides that policy for specific data in specific custodians’ control once a preservation trigger has been reached. The two co-exist: the retention policy describes what you delete in ordinary course; the legal hold suspends ordinary-course deletion for data in scope.

A legal hold is also not a collection order. Issuing a hold preserves data in place but does not copy it into a review platform. Collection is a separate eDiscovery step that happens later, typically after scope is better understood. Conflating hold with collection leads to either under-preservation (holding too little) or over-preservation that creates review cost without legal necessity.

The preservation duty under FRCP

For US litigation, the preservation framework comes from the Federal Rules of Civil Procedure (FRCP), principally Rules 26 and 37. Under FRCP Rule 37(e), if a party fails to take “reasonable steps” to preserve ESI that “should have been preserved in the anticipation or conduct of litigation,” courts may impose sanctions ranging from curative instructions to adverse-inference instructions to case dismissal. Rule 37(e) is not creating a new duty — it codifies the common-law duty established by cases including the Zubulake line of decisions (Zubulake v. UBS Warburg, SDNY, 2003-2004), which set out when the duty attaches and what reasonable preservation looks like.

The duty attaches not when a lawsuit is filed, but when litigation is “reasonably anticipated.” Courts assess this based on the organization’s knowledge at the time: receipt of a demand letter, commencement of a regulatory inquiry, significant escalation of a contract dispute, an internal investigation into conduct likely to produce a claim. The trigger is a question of fact and judgment; consult counsel for specific situations.

For matters outside the US, the EDRM (Electronic Discovery Reference Model, maintained under Duke Law) provides framework guidance on preservation obligations internationally, and local counsel should be engaged for jurisdiction-specific duties. The EDRM Preservation Guide describes preservation as needing to be “legally defensible, reasonable, proportionate, efficient, auditable, broad but tailored” — a useful summary of the standard regardless of jurisdiction (EDRM, edrm.net).

Stage 1: Trigger identification

A preservation trigger is the event that makes litigation or investigation “reasonably anticipated.” Common triggers include: receipt of a demand letter or cease-and-desist; service of a subpoena; commencement of a regulatory inquiry; a formal internal complaint or whistleblower report; a significant incident (data breach, product failure, workplace injury) that is likely to generate a claim; a contract dispute that has escalated to legal involvement.

The legal department — typically the General Counsel, Deputy GC, or the Legal Ops function responsible for matter intake — must have a documented process for recognizing trigger events and initiating the hold workflow. Many organizations define this in their legal hold policy, which should be reviewed periodically (consult counsel on policy design for your jurisdiction and risk profile).

Stage 2: Scope determination

Once a trigger is identified, the legal team determines who are the relevant custodians (individuals with potentially relevant data) and what data sources are in scope. This requires:

  • Interviewing key personnel familiar with the matter to identify who worked on it and what systems were used.
  • Mapping relevant data sources: email, file shares, collaboration tools (Slack, Teams), mobile devices, cloud storage, third-party SaaS applications.
  • Defining a time range for preserved data.

Scope should be broad enough to satisfy the preservation duty but proportionate to the matter. FRCP Rule 26(b)(1) emphasizes proportionality: discovery obligations (and by extension preservation obligations) should be proportionate to the needs of the case, weighing factors including the importance of the issues at stake, the amount in controversy, and the parties’ resources.

Stage 3: Hold notice issuance

A written legal hold notice is issued to each identified custodian. The notice must:

  • Describe the matter in enough detail for the custodian to understand what data is relevant.
  • Specify what types of data and which systems are covered.
  • Instruct the custodian to suspend routine deletion and not alter or destroy relevant information.
  • Provide a point of contact in the legal team for questions.
  • Request an affirmative acknowledgment that the custodian has received and understood the notice.

Notice format matters. Courts look at whether the notice was clear enough for the custodian to act on it. Notices should be written in plain language that non-attorneys can understand, not in legal boilerplate. Tailoring the notice to the custodian’s role — what specific systems and document types they should preserve — reduces ambiguity.

Acknowledgment tracking is critical. An unacknowledged hold is legally weaker than one where all custodians have confirmed receipt. In practice, acknowledgment rates of 100% are rare on first notice; reminder escalations are standard.

Stage 4: Technical preservation

For data held in systems controlled by IT (email servers, SharePoint, cloud platforms), the legal team coordinates with IT to implement system-level holds that suspend automatic deletion for the specified custodians and data types. Microsoft 365 litigation holds, Google Vault holds, and cloud-platform preservation features each have their own mechanics. Large organizations typically have IT workflows pre-built for common hold platforms — confirm these exist before a hold is needed, not after.

For data in custodians’ local control (personal laptops, external drives, personal cloud accounts), technical preservation relies on custodians’ own compliance with the notice plus periodic verification. This is the weakest link in most legal hold programs.

Stage 5: Ongoing monitoring and compliance

A hold issued and forgotten is a hold that fails. Active monitoring requires:

  • Acknowledgment follow-up. Non-responsive custodians receive escalating reminders (typically 7 days, 14 days, then supervisory escalation). Document every reminder and response.
  • Custodian changes. When custodians leave the organization, transfer to new roles, or change roles that affect their relevant data, the hold must be updated. This is the most common source of hold failures — data deleted during an employee offboarding that should have been preserved.
  • Scope amendments. As the matter develops, new custodians are identified, new data sources become relevant, or the scope narrows. Issue formal amendments to the hold notice.
  • Periodic reminders. Even acknowledging custodians benefit from periodic reminders (typically every 90-180 days) to reinforce compliance.

Documentation of all monitoring activity — who was notified, when, what was acknowledged, what escalations occurred — is what makes a legal hold defensible if challenged. Sparse documentation is almost as bad as no documentation.

Stage 6: Collection (when triggered)

When the matter reaches the point where document collection is needed for production or review, the preserved data is collected into an eDiscovery platform. Preservation and collection are separate steps: the hold can run for months or years before collection is triggered. Maintaining that separation prevents unnecessary data movement and controls who has access to potentially privileged material during the preservation period.

Relativity and Everlaw both offer integrated legal-hold workflows that bridge preservation notice management and eDiscovery collection. Relativity Legal Hold (a separate product from the review platform) handles the notice/acknowledgment cycle; Relativity One then provides the review platform. Everlaw integrates hold and collection workflows in a single interface.

Stage 7: Release

When the matter concludes — settlement, judgment, investigation closed — the hold is formally released. Release has two components:

  1. Formal notice to custodians that the preservation obligation is lifted and normal retention/deletion practices can resume.
  2. Formal notice to IT to disable system-level preservation for the affected custodians and data sources.

Document the release: date, triggering event (settlement agreement date, case dismissal order), and confirmation that normal operations have resumed. Do not assume custodians or IT will revert to normal operations without explicit instruction.

Where automation helps

Manual legal hold management — spreadsheets tracking custodians, email threads for notices and acknowledgments, manual IT coordination — is error-prone at the volume and complexity typical of organizations with active litigation programs. Automation helps across the lifecycle:

Notice generation and tracking. Legal hold software (Microsoft Purview eDiscovery, Exterro, Relativity Legal Hold) generates standardized notices from templates, sends them, tracks acknowledgments in real time, and automates reminder escalations. A dashboard shows compliance rates by custodian, by hold, by matter.

Custodian change detection. Integration with HR systems surfaces employee departures, role changes, and onboarding of new custodians relevant to active holds. This is the highest-value automation — it addresses the single most common cause of hold failures.

System-level hold automation. Direct integration with Microsoft 365, Google Workspace, and major cloud platforms allows system holds to be applied automatically when a legal hold is created, without manual IT ticket workflows.

Audit trail. Every action — notice sent, acknowledgment received, reminder escalated, amendment issued, release processed — is logged automatically, creating a defensible record for court challenge.

Common pitfalls

Issuing vague notices. A hold notice that says “preserve anything related to the Smith matter” gives custodians no guidance on which systems, what time ranges, or what document types to preserve. Vague notices produce inconsistent preservation and weak documentation. Guard: draft notice templates with explicit data-source and time-range fields, filled in per matter.

Not tracking departing employees. An employee who is a key custodian on an active hold leaves the organization; their data is deleted during standard offboarding. Courts do not accept “we didn’t know they were leaving” as a defense to spoliation. Guard: integrate hold systems with HR offboarding workflows to flag custodians on active holds before departure.

Conflating hold with collection. Collecting all preserved data into a review platform before counsel determines scope drives up review cost unnecessarily and may create privilege exposure for in-house counsel on overly broad collection. Guard: preserve broadly, collect narrowly, after scope is defined in consultation with litigation counsel.

Releasing too early or never releasing. A hold not released when a matter concludes keeps data under indefinite preservation, creating accumulation and storage cost. A hold released before a matter truly concludes exposes the organization to spoliation claims if subsequent related litigation surfaces. Guard: tie release to documented case-disposition events; have a scheduled hold-review process every 180 days to confirm active holds still have live matters.

  • eDiscovery — the downstream process that legal holds feed into
  • EDRM Model — Stage 3 (Preservation) of the EDRM is the legal hold process
  • Privilege review — the review step that runs after collection
  • Relativity — enterprise eDiscovery platform with integrated legal hold module
  • Everlaw — eDiscovery platform with integrated hold and collection workflows
Edit this page on GitHub