Subpoena triage with Claude

---
name: subpoena-triage
description: Triage an incoming subpoena, third-party document request, or law-enforcement request. Extract metadata, classify by type, identify implicated custodians, flag privilege exposure, and emit a structured intake report for counsel review. Never auto-acknowledges service; never auto-issues holds; always escalates to counsel.
---

# Subpoena triage

## When to invoke

Use this skill when paralegal or legal-ops has received a subpoena (or third-party document request, or law-enforcement request) and wants a structured triage report before counsel routing.

Do NOT invoke this skill for:

- **Auto-acknowledging service** — counsel decides.
- **Foreign letters rogatory / Hague Convention requests** — different procedure; halt and escalate to international counsel.
- **Replacing counsel's privilege analysis** — the skill flags; counsel decides.
- **Issuing legal holds** — separate workflow; the skill flags but does not issue.

## Inputs

- Required: `subpoena_path` — path to the subpoena document (Markdown, plain text, or pre-extracted from PDF).
- Required: `classification_rubric` — path to the firm's classification rubric file.
- Required: `privilege_rules` — path to the firm's privilege-flag rules.
- Optional: `custodian_map` — path to a current custodian-of-record map.

## Reference files

- `references/1-subpoena-classification.md` — classification rubric template.
- `references/2-privilege-flag-rules.md` — privilege-flag rule template.

## Method

Six steps.

### 1. Extract metadata

From the subpoena document, extract:

- **Issuer** — court (with jurisdiction, division), agency name, or requesting party (with their counsel of record).
- **Case caption** — full caption including parties, case number, court.
- **Service date** — when service was effected. If unclear from the document, ask the user.
- **Response deadline** — the date by which the firm must respond. Compute from service date + the jurisdiction's response window if not stated explicitly.
- **Jurisdiction** — court's jurisdiction, governing rules (FRCP, state rules, agency rules).

If any of the five cannot be determined from the document, halt with a "metadata extraction incomplete — counsel to confirm before triage proceeds" message. Do NOT guess.

### 2. Classify by type

Per the rubric:

- **Civil third-party subpoena** — issued in litigation between two third parties; firm is a non-party witness.
- **Civil party subpoena** — firm is a party; the subpoena is from the opposing party. Different counsel ownership.
- **Grand-jury subpoena** — federal grand jury investigation. Confidential by nature; restricted handling.
- **Regulatory** — SEC, DOJ civil division, state AG, FTC, etc. Subtype by agency.
- **Foreign legal-process** — letters rogatory, Hague Convention requests, foreign agency requests. Halt and escalate.
- **Law-enforcement request** — federal or state law-enforcement; subtype by whether warrant-backed (less latitude to object) or pen-register / NSL / etc. (different latitude).

Output: classification + counsel owner per the rubric + jurisdiction-specific timeline.

### 3. Extract requested document categories

The subpoena's requests are typically itemized (Request No. 1, Request No. 2, ...). Extract each. Tag with the firm's document-category taxonomy:

- Contracts (commercial, employment, M&A)
- Communications (email, Slack, SMS, etc.)
- Financials (transactional records, accounting, tax)
- Technical specifications / source code
- HR records (personnel files, comp data)
- Marketing materials
- Other (catchall, surface to counsel for taxonomy expansion)

Flag overbroad requests:

- "All documents related to X" without temporal limit → flag for objection.
- "All communications" without scope → flag.
- Time period exceeding the relevant statute of limitations or the firm's records-retention policy → flag.

### 4. Estimate custodian implications

From document categories + matter context, identify likely custodians:

- Named individuals if the subpoena names them
- Roles likely to hold responsive material (e.g. "Communications" + "marketing campaign in 2023" → marketing team; "Contracts" + "Acme deal" → deal team + legal department)

Output: list of custodians with role + reasoning. Mark as "estimate — counsel to confirm before any hold is issued."

If `custodian_map` is provided, validate that the named custodians still hold the role. Stale roles trigger a flag.

### 5. Flag privilege exposure

Per the privilege-flag rules:

- **Attorney-client communications** — flag if requests cover communications with named counsel, in-house lawyers, or outside firms.
- **Work-product** — flag if requests cover analyses, drafts, or strategy documents prepared in anticipation of litigation.
- **Joint-defense / common-interest** — flag if the matter has joint-defense agreements covering related parties.
- **Settlement communications** (FRE 408) — flag if requests overlap with settlement discussions.
- **Other privileges** — per firm rules (clergy, marital, doctor-patient, etc.).

Each flag includes paired guard:

- "Flagging because category 'all communications with counsel' implicates attorney-client privilege; recommend privilege log preparation."
- "Flagging because category 'litigation strategy memos' implicates work-product doctrine; recommend Rule 26 work-product objection."

### 6. Emit triage report + audit log

Write the structured report. Append a JSONL audit-log line per intake — counsel needs the audit chain for matter-management.

Audit log line:

```json
{
  "subpoena_id": "uuid",
  "received_at": "ISO-8601",
  "issuer": "...",
  "classification": "civil-third-party",
  "deadline": "ISO-8601",
  "custodian_estimate_count": 5,
  "privilege_flags": ["attorney-client", "work-product"],
  "skill_version": "1.0",
  "model": "claude-sonnet-4-6",
  "service_acknowledged": false
}
```

The `service_acknowledged: false` is explicit — the skill never acknowledges service.

## Output format

```markdown
# Subpoena triage — {subpoena_id}

Triaged: {ISO timestamp} · Skill v1.0

⚠️ Service NOT acknowledged. Counsel handles acknowledgement.

## Metadata

- **Issuer:** {court / agency / requesting party}
- **Case caption:** {caption}
- **Service date:** {date}
- **Response deadline:** {date} ({N} days from service)
- **Jurisdiction:** {jurisdiction}

## Classification

- **Type:** {civil-third-party / grand-jury / regulatory / etc.}
- **Counsel owner (per firm rubric):** {role / name}
- **Timeline (per jurisdiction rules):** {N days standard, with motion-to-quash deadline at +{M} days}

## Requested document categories

| Request No. | Category | Scope | Flag |
|---|---|---|---|
| 1 | Contracts | "All MSAs with Customer Acme 2020-2024" | none |
| 2 | Communications | "All communications regarding the dispute" | overbroad — no temporal limit |
| 3 | Financials | "All revenue records 2020-2024" | none |

## Custodian estimate (counsel to confirm before hold)

- Named: Jamie Liu (Acme deal owner)
- Role-based: Legal Department (privilege concerns), Finance (financials), Customer Success (Acme account)

Custodian count: 5-8 implicated.

## Privilege flags

- ⚠️ Attorney-client privilege: Request 2 covers "all communications" which implicates attorney-client communications. Recommend privilege log preparation.
- ⚠️ Work-product doctrine: Request 4's "litigation strategy memos" is core work-product. Recommend Rule 26 objection.

## Recommended actions for counsel

1. Acknowledge service per jurisdiction rules.
2. Confirm custodian list and issue litigation hold (see [litigation hold orchestration](/en/workflows/litigation-hold-orchestration-n8n/)).
3. Prepare objections per overbroad-request flags (Requests 2, 5).
4. Plan privilege-log preparation for Requests 2, 4.
5. Confirm response deadline calendar entry.

## Provenance

- Subpoena: `{path}`
- Rubric: `{path}` SHA `{short}`
- Privilege rules: `{path}` SHA `{short}`
- Audit log: `audit/2026-05.jsonl` line {N}
```

## Watch-outs

- **Citation hallucination.** *Guard:* findings cite rubric / privilege-rule sections; without citation, flagged as "rubric does not cover."
- **Privilege miss.** *Guard:* over-flag is the default posture.
- **Service implication.** *Guard:* every report and audit line includes `service_acknowledged: false`.
- **Grand-jury confidentiality.** *Guard:* grand-jury classifications route to restricted destination per firm procedure; not written to standard tracking.
- **Foreign-process miscategorization.** *Guard:* halt and escalate, not classify.

# Subpoena classification rubric (firm template)

The triage skill classifies incoming subpoenas per this rubric. Copy and customize for the firm's counsel ownership and procedure.

## Classification by type

### Civil third-party subpoena (firm is non-party witness)

- **Counsel owner:** Senior in-house counsel, litigation specialist if available.
- **Jurisdiction rules:** FRCP Rule 45 (federal) or state equivalent. Default 14-day response window for objections.
- **Routing:** legal-ops opens matter, counsel reviews, paralegal prepares response.
- **Common posture:** comply with reasonable scope, object to overbroad, prepare privilege log.

### Civil party subpoena (firm is party)

- **Counsel owner:** Outside litigation counsel (per matter assignment).
- **Jurisdiction rules:** Per the case's scheduling order; party subpoena timelines differ from third-party.
- **Routing:** outside counsel leads; in-house supports document collection.

### Grand-jury subpoena (federal investigation)

- **Counsel owner:** General Counsel + outside criminal-defense counsel (default per firm policy).
- **Confidentiality:** restricted handling. Do NOT write to standard tracking systems; counsel determines storage per matter.
- **Jurisdiction rules:** F.R.Crim.P. Rule 17 (federal). Tight response windows; objections require court motion.
- **Routing:** GC notified within 24 hours; outside criminal counsel engaged immediately.

### Regulatory subpoena (SEC, DOJ civil, state AG, FTC, etc.)

- **Counsel owner:** Senior in-house counsel (regulatory focus) + outside regulatory counsel.
- **Subtype by agency:**
  - SEC enforcement → SEC enforcement counsel
  - DOJ civil → DOJ civil counsel
  - State AG → in-house government-affairs counsel + outside (jurisdiction-specific)
  - FTC → competition counsel
- **Jurisdiction rules:** Per agency rules; SEC has its own subpoena power under Securities Exchange Act §21(a).
- **Routing:** GC notified within 4 hours.

### Foreign legal-process

- **Counsel owner:** International counsel (per firm's international footprint).
- **Procedure:** Hague Convention on Taking of Evidence (1970), letters rogatory, EU evidence regulation, etc.
- **Routing:** Halt skill triage; escalate to international counsel for procedure determination.

### Law-enforcement request

- **Subtypes:**
  - **Search warrant** — court-ordered, less latitude to object. Counsel reviews scope, supervises execution.
  - **National Security Letter (NSL)** — gag order may apply; restricted handling per firm policy.
  - **Pen-register / Trap-and-trace** — limited to non-content metadata; counsel reviews scope.
  - **2703(d) order** — court order for stored communications; counsel reviews ECPA implications.
  - **Subpoena (administrative)** — IRS, USPS, etc. Counsel reviews jurisdiction.
- **Counsel owner:** GC + outside (criminal or civil per request type).
- **Routing:** GC notified immediately for warrants; within 24 hours for other types.

## Document-category taxonomy

The firm's standard categories for tagging subpoena requests:

| Category | Description | Typical custodians |
|---|---|---|
| Contracts | Commercial agreements, MSAs, NDAs, employment, vendor | Legal, deal team, procurement |
| Communications-internal | Email, Slack, SMS, video meeting recordings | Custodian-specific |
| Communications-external | Email and other comms with third parties (counsel, customers, vendors) | Custodian-specific; legal flagged |
| Financials | Transaction records, invoices, payment data, accounting records | Finance, accounting |
| Tax records | Returns, schedules, supporting documents | Finance, tax, outside CPA |
| Technical specifications | Source code, design docs, technical specifications | Engineering |
| HR records | Personnel files, comp data, performance reviews | HR, People Ops |
| Marketing materials | Marketing collateral, public statements, advertising | Marketing |
| Customer records | Customer data, support tickets, account history | Customer Success, Support |
| Other | Catchall — surface for taxonomy expansion | TBD |

## Overbroad-request flags

The skill flags requests with any of:

- "All documents related to" without temporal limit
- "All communications" without scope (party / topic)
- Time period exceeding the firm's records-retention policy (typically 7 years for most categories)
- Custodian count >10 implied
- Production-volume estimate >100 GB

## Counsel routing matrix

Per type × jurisdiction:

| Type | Federal | State | Foreign |
|---|---|---|---|
| Civil third-party | Litigation counsel | Litigation counsel | International counsel |
| Civil party | Per case assignment | Per case assignment | Per case assignment |
| Grand-jury | GC + outside criminal | n/a | n/a |
| Regulatory (SEC) | SEC enforcement counsel | n/a | n/a |
| Regulatory (DOJ civil) | DOJ civil counsel | n/a | n/a |
| Regulatory (state AG) | n/a | Government-affairs + state-specific counsel | n/a |
| Regulatory (FTC) | Competition counsel | n/a | n/a |
| Law-enforcement | GC + criminal counsel | GC + criminal counsel | International counsel |

The skill's classification step references this matrix for the routing recommendation.

## How to update this rubric

When the firm hires new counsel, restructures the legal team, or expands into new jurisdictions:

1. Update the counsel-owner column for affected types.
2. If a new agency is encountered, add a row to the regulatory subtype list with the agency-specific counsel and procedure.
3. Document the change in the rubric file's changelog. The audit log captures the SHA per triage; rubric changes are visible in retrospect.

# Privilege flag rules (firm template)

The triage skill flags requests that likely overlap with privileged material. The rules are conservative — over-flag rather than under-flag, because missed privilege is harder to claw back than over-flagged scope is to negotiate.

## Privilege types covered

### Attorney-client privilege

Triggers a flag when a request covers any of:

- Communications with named in-house lawyers, by name OR by role ("legal department," "in-house counsel," "GC's office").
- Communications with named outside law firms, by name OR by role ("outside counsel," "litigation counsel," "regulatory counsel").
- "All communications" or "all email" requests where any of the firm's lawyers may be in the corpus (almost always true).
- "Legal advice on X" or "legal opinions regarding Y" requests.

Recommended response posture: privilege log preparation; assertion under FRE 502 (federal) or state equivalent.

### Work-product doctrine (Hickman v. Taylor / FRCP 26(b)(3))

Triggers a flag when a request covers any of:

- "Litigation strategy memos" or "case analysis."
- "Drafts" of pleadings, motions, briefs.
- Materials prepared "in anticipation of litigation" — the test is whether the document was prepared because of the prospect of litigation, not in the ordinary course of business.
- Investigations conducted by counsel (internal investigations).
- Counsel's notes from meetings or interviews.

Recommended response posture: Rule 26(b)(3) objection; if non-opinion work product, may produce on substantial-need showing but withhold opinion work product.

### Joint-defense / common-interest privilege

Triggers a flag when:

- The firm has joint-defense agreements covering the matter (counsel maintains the JDA registry).
- Communications cross between the firm and joint-defense counterparts about shared legal strategy.

Recommended response posture: assert with JDA cited; may need to redact or withhold depending on scope.

### Settlement communications (FRE 408)

Triggers a flag when a request covers:

- "Settlement discussions" or "negotiations to resolve."
- Communications with mediators or settlement counsel.
- Communications labeled "FRE 408" or "settlement-confidential."

Recommended response posture: object under FRE 408 (admissibility) and any applicable confidentiality agreement.

### Self-evaluation / critical analysis privilege

Limited recognition. Triggers a flag in jurisdictions that recognize it for:

- Internal audit findings (limited recognition under HHS regs for healthcare).
- Peer-review of medical care (state-by-state recognition).
- Self-critical environmental audits (limited recognition in some states).

Recommended response posture: counsel to research jurisdictional recognition before asserting.

### Other firm-specific privileges

Add per the firm's industry and jurisdiction:

- **Clergy** — for religious institutions.
- **Doctor-patient** — for healthcare providers (HIPAA also implicates).
- **Academic peer review** — for universities.
- **Trade secret** — protection from disclosure (not strictly privilege but commonly grouped).

## Flag severity

Each flag carries a severity:

- **High** — privilege is clearly implicated; assertion is the default.
- **Medium** — privilege may be implicated; counsel reviews scope.
- **Low** — privilege exposure is theoretical; counsel notes for awareness.

The triage report's privilege-flag section orders by severity.

## Per-flag guard language

Every flag in the triage output pairs with a recommended action. Sample guard language:

### Attorney-client (high)

> Request {N} covers "{quoted phrase}" which captures attorney-client communications. Recommend privilege log preparation per the firm's standard practice and assertion under FRE 502. Privilege log entries should include date, sender, recipient, subject (general), basis for privilege.

### Work-product (high)

> Request {N} covers "{quoted phrase}" which is core work product (litigation strategy / case analysis prepared because of prospect of litigation). Recommend Rule 26(b)(3) objection. Opinion work product (counsel's mental impressions) should be withheld absolutely; non-opinion work product may be produced on substantial-need showing.

### Joint-defense (medium)

> Request {N} may overlap with material covered by the joint-defense agreement with {counterpart}. Counsel to review JDA scope before producing or asserting.

### Settlement (medium)

> Request {N} covers settlement discussions in the {matter} dispute. Recommend objection under FRE 408 and any confidentiality terms in the settlement-discussion agreement.

## What the skill does NOT do

- Does NOT decide which privileges to assert (that's counsel's call).
- Does NOT prepare the privilege log (that's a separate workflow / paralegal task).
- Does NOT redact documents (that happens during production prep).
- Does NOT advise on waiver risk (counsel evaluates whether prior disclosures waived privilege).

The skill's role is to flag — comprehensively, conservatively, with paired guards — so counsel doesn't miss exposure during triage.

## Updating these rules

When the firm encounters a new privilege issue, or when a court ruling shifts the landscape:

1. Add the new trigger to the relevant section.
2. Document the citation (case law, statute, ethics opinion).
3. Set severity per counsel's assessment.
4. Bump the file's version line. Audit-log captures the SHA per triage.