A lawsuit can be stressful and expensive for a company. Those who handle compliance well can move past it to grow, while those who don’t may face higher consequences.
In litigation, documentation can make or break a case. Think of every employee and contractor contributing to your software and each tool they use. Every email, chat (yes, even Slack!), wireframe, and digital board iteration could become critical evidence.
For SaaS companies, implementing effective legal hold processes — preserving documentation that may be needed for a legal case or investigation — is an important legal requirement. Your company needs a strategy and tools to manage documentation so you can protect your innovations, revenue, and competitive advantage as you grow.
Below, we’ll cover why it’s important for your company to manage your documentation — and strategies and tools for doing it well — so that you can protect your innovations and, critically, never have to compromise compliance for speed.
What is a legal hold?
A legal hold, or litigation hold, is a formal notice to preserve documentation that may be needed for a legal case or investigation. This takes place during eDiscovery, the phase in a lawsuit where legal counsel gather electronic information as potential evidence.
When a company issues a legal hold, they communicate a mandate to prevent employees from deleting or altering documentation related to a legal case, regulatory investigation, or intellectual property claim. A legal hold often encompasses emails, chats, documents, and other digital assets like boards.
The stakes are high if a company doesn’t comply with a legal hold or fails to issue one when needed. A single non-compliance event costs companies $14.82 million on average— 2.7 times the cost of compliance according to Globalscape. Fines are just one part of the cost, including lost revenue and productivity, and extra legal or data recovery fees.
The top compliance challenges for SaaS companies facing legal holds
Startups and mature companies alike need help knowing exactly where and how their teams store data they use for everyday tasks. The average small company uses 217 SaaS apps — in 2015, that average was eight. So you can imagine this number will only grow.
At the same time, regulatory changes have increased substantially since the 2008 financial crisis, making it harder and more expensive to keep up with compliance.
1. Managing distributed data
If you’re at a fast-growing SaaS company, it’s likely you store data across multiple cloud services and silos. Forty-eight percent of apps are considered shadow IT, meaning they’re purchased by individual teams or users, not at a company level. This makes it difficult to audit which information is stored where and to manage records.
2. Competing legal and technical requirements
Legal holds can sometimes come in direct conflict with regulations companies need to comply with. For instance, data privacy laws like GDPR and CCPA rules require companies to delete or anonymize data after a certain amount of time — posing a challenge for preservation. Technical challenges, like data storage on mobile and personal devices, also create hurdles.
3. Minimizing the risk of data spoliation
Accidental damage, loss, or changes to relevant data is common. SaaS companies without an enterprise-level IT department can be particularly vulnerable to data spoilation. That’s why it’s important to establish a chain of data custody to prevent the destruction of any potentially relevant data.
How a legal hold works
Although each case varies, most legal holds follow the same framework.
1. Triggering event
The triggering event for a legal hold could be external, like being served with a lawsuit or investigation. It can also be an internal decision made by a legal team in anticipation of future events.
2. Identifying custodians and defining the scope
To issue a legal hold, companies must identify custodians and define the scope of the hold. A custodian is a person who possesses or controls potentially relevant information. HR, Legal, and IT teams collaborate to make a list of all key employees with knowledge and access.
Then, the Legal team defines the scope of the legal hold, including the topic or project covered, the time frame, which types of electronic or physical records need to be preserved.
3. Issuing a legal hold notice
Next, Legal, HR, and IT collaborate to notify custodians about the legal hold. A good legal hold notice contextualizes the issue and gives a detailed description of the time requirements, types of data to be preserved, and who people can contact with questions.
4. Managing custodian responses
One key aspect of eDiscovery is documenting that you have notified custodians of a legal hold. In the legal hold notice, companies ask custodians to sign an acknowledgment of receipt and understanding.
5. Ongoing communications
Legal holds can continue for years, so companies need a way to track and communicate with custodians. Companies may also need to communicate when custodians leave the company, new employees join, or if the scope changes.
6. Releasing a legal hold
Finally, notify all custodians once the legal hold is released— freeing them up to delete old data and communications.
How Miro’s legal hold works
If you’re one of the 200,000 companies already innovating with Miro’s visual workspace, the good news is that you can comply with complex legal and regulatory needs as your company scales.
Enterprise Guard is Miro’s advanced security and compliance add-on that lets companies innovate while safeguarding their data. With Enterprise Guard, companies can implement legal holds to preserve, review, and export data contained in Miro boards. Here’s how it works.
1. eDiscovery Admins hold the keys
Whoever you designate as an eDiscovery Admin has the ability to manage cases and legal holds and notify custodians. They have a dashboard where they can see and manage legal holds and explore preserved Miro boards to prepare them for legal proceedings.
2. Create multiple legal holds for each case
Your admins can organize information by case and create multiple legal holds according to specific case needs.
3. Holds revolve around users and user actions
In Miro, companies create legal holds around users or teams that they designate as custodians. A legal hold first applies to boards that custodians create, own, or co-own at the time of the hold. Admins set criteria like a timeframe, legal hold type, and actions that trigger new boards being added to the legal hold.
When those users open, modify, or interact with any new board, that board is flagged under the legal hold and preserved. While the hold is active, the board cannot be permanently deleted or change ownership.
4. Continue innovating during the legal hold
Once a legal hold is created, teams can keep innovating and working while staying in compliance. They can edit and add to boards while the legal hold is active, with Miro creating an audit log of all changes. If a user deletes a board, it is archived and remains accessible to the eDiscovery Admin.
This means that you can plan, prototype, iterate, and grow without the burden of documenting each board version.
Compliance shouldn’t be a barrier to innovation
With a secure workspace, you don’t have to sacrifice speed to stay compliant. That’s why our Innovation Workspace comes equipped with advanced features for data protection and governance. The data discovery function lets you audit and search by keyword across user boards, while the eDiscovery feature gives you the power to create and manage legal holds.
Apps like Theta Lake give even more control to Miro users. Theta Lake integrates seamlessly with Miro content to provide cutting-edge board captures, archiving, and compliance supervision.
