In today’s business environment, it’s not a matter of “if” but “when” an organization will face legal proceedings. Being prepared for such situations, especially with a robust data protection plan, is crucial. One essential component for businesses using Office 365 to protect themselves from legal risks is litigation hold. This article explains how litigation hold works in Microsoft Office 365 and why it’s important for businesses.

What Is Litigation Hold and How Does It Work?

Litigation hold in Office 365, sometimes referred to as legal hold, prevents data from being permanently deleted or altered. Normally, when a user deletes an item from their mailbox, it goes into the Deletions subfolder in the Recoverable Items folder. The item stays there for a specific period before being permanently purged. However, with litigation hold in place, no item can be purged or automatically deleted. The data remains accessible for eDiscovery and active in Archive mailboxes.

Once the litigation hold is removed, the standard retention policies resume, and any previously scheduled deletion actions are carried out immediately.

It’s essential to note that litigation hold does not recover lost data. Instead, its primary function is to “freeze” electronically stored information (ESI), ensuring it cannot be deleted or altered unlawfully during legal proceedings.

Why Is Litigation Hold Necessary?

In today’s legal landscape, email is frequently used as evidence. To ensure emails are admissible, they must be preserved in their original form. Failing to retain emails properly can expose an organization to serious legal and financial risks, including potential legal scrutiny, adverse judgments, and even fines.

Consider the scenario where a department, such as Legal or HR, needs to collect data for litigation. Simply accessing a user’s mailbox isn’t enough. Email content can be easily altered or deleted by the user, even accidentally. Without litigation hold, such modifications could render the data inadmissible in court.

By placing a mailbox on litigation hold, any attempt to delete or modify data is prevented, preserving both the original and any altered versions of emails for discovery purposes, even if they were initially deleted by the user.

Document Archiving Solutions

Organizations must maintain accurate and easily accessible records of all business-related emails in case of an eDiscovery request or litigation hold. Two common methods for email retention are journaling and archiving.

Email Archiving

Email archiving involves moving messages from the active mailbox to a secure data store, where they are preserved without the risk of deletion or alteration. This strategy ensures that emails are stored in a manner that complies with the organization’s retention policy. Archiving allows organizations to collect, secure, and retrieve large volumes of email, providing easy access if needed for legal or compliance reasons.

Email Journaling

Journaling works by creating a copy of each email communication and storing it in a separate mailbox, essentially an ongoing backup of all messages. This system ensures that if an email is deleted or the original mailbox becomes inaccessible, the message is still retained in the journal.

Archiving vs. Journaling

To simplify, archiving is typically used as a backup solution in disaster recovery plans, while journaling serves as a continuous audit of email communications.

Key Considerations for Using Litigation Hold

There are a few important things to consider when using litigation hold in Office 365:

1. Retention Duration: You can set a specific hold duration to ensure deleted or modified items are preserved for a set period. Alternatively, you can keep the content indefinitely or until the litigation hold is lifted.

2. No Retroactive Protection: Litigation hold doesn’t protect data deleted before the hold was applied. It only covers content that is deleted after the hold is active, unless that content is already under a retention policy.

3. Collaboration with Legal Teams: Before enabling litigation hold, it’s crucial to involve your legal team. Typically, the legal department triggers the litigation hold request.

4. Difference from Backups: Litigation hold is not a substitute for a backup. While litigation hold retains data within the user’s mailbox, it does not create a secondary copy of that data. In the event of ransomware or another infection, there is no way to delete infected emails from a mailbox on litigation hold, nor can you restore unaffected data.

Enabling Litigation Hold in Office 365

Activating litigation hold in Office 365 is a critical compliance measure. Only users assigned to specific roles, such as those in the Discovery Management role-based access control group or those with the Legal Hold and Mailbox Search management roles, can enable this feature.