Know When to Hold Em: Preservation Pitfalls and How to Avoid Them

In our last post, we discussed the best practices for issuing the legal hold – from effectively communicating the legal hold notices to tracking custodian compliance and managing custodian engagement to leveraging technology to streamline administration, all leading to building a defensible legal hold program.

No discussion of best practices would be complete without discussing what could go wrong. While preserving electronically stored information (ESI) is one of the most fundamental obligations in litigation and investigations, many organizations – even sophisticated organizations – make mistakes that lead to preservation failures that open the door to allegations of spoliation, sanctions, and even reputational damage. The Federal Rules of Civil Procedure—particularly Rule 37(e)—make clear that parties must take “reasonable steps” to preserve relevant ESI once litigation is reasonably anticipated. But what constitutes “reasonable” depends heavily on execution.

Across industries, four categories of preservation failures appear most frequently: 1) delayed implementation of legal holds, 2) incomplete scoping of documents and data placed on hold, 3) failure to suspend auto-deletion, and 4) poor custodian communication. Each represents a breakdown in process, coordination, or oversight – and each can create significant risk if not addressed proactively. In this post, we’ll discuss these preservation pitfalls and how to avoid them.

Delayed Holds: When Timing Undermines Defensibility

One of the most common and consequential preservation failures is simply waiting too long to issue a legal hold. Organizations may underestimate how early preservation obligations arise. The duty to preserve does not necessarily begin when a complaint is filed; instead, it begins when litigation becomes “reasonably anticipated”. That trigger may be an internal complaint, a demand letter, a regulatory inquiry, a serious incident, or even escalating business negotiations that show signs of imminent dispute.

Delays can occur because internal stakeholders hesitate to involve legal, or because legal takes a while to fully scope the hold obligations. In fast-moving digital environments, even short delays can result in lost emails, deleted chats, overwritten cloud files, or purged mobile content. Modern collaboration tools like Slack, Teams, and Google Workspace magnify the problem because data turnover is constant and often automated. Without immediate intervention, relevant ESI may disappear before the legal team realizes it existed.  Note that legal hold memoranda can always be amended!

Courts routinely emphasize that timeliness is a key measure of “reasonable steps” under Rule 37(e). A prompt legal hold shows diligence; a late one can suggest indifference instead of thoroughness. Organizations can avoid this failure by establishing internal escalation protocols, training frontline teams on litigation triggers, and empowering legal to act early – often long before a lawsuit is formally filed.

Incomplete Scoping: When You Don’t Preserve What Matters

Even when a legal hold is timely, preservation failures can arise from poorly scoped holds. The initial instinct may be to cast an overbroad net, preserving large amounts of data “just in case.” However, regardless of how broadly the net is cast, critical sources, custodians, or data types may still be overlooked.

Incomplete scoping occurs when:

• Key custodians are missed because legal does not understand the nuances of the business operations.
• Cloud systems such as OneDrive, Google Drive, Jira, or Box are omitted.
• Teams collaboration channels, Slack threads, shared drives, or versioned documents are overlooked.
• Non-traditional data such as mobile messages, ephemeral chats, comments on documents, or shared links are not included.
• Cross-functional stakeholders fail to communicate the full picture of where information lives.

These types of failures are not uncommon in today’s modern data world as data becomes more fragmented across platforms and devices. In the past, email and network drives were largely sufficient; today, structured databases, SaaS environments, and mobile apps all may hold relevant information. A failure to include these sources can create material gaps that undermine the completeness of downstream discovery.

To avoid incomplete scoping, organizations must combine legal insight with strong data mapping, cross-departmental collaboration, and technology that identifies data sources by custodian, department, and system. Scoping is not a one-time event: it must be revisited as the matter evolves.

Failure to Suspend Auto-Deletion: When Technology Erases Important Data

The third major preservation failure can occur silently in the background: auto-deletion policies continue running even after a legal hold is issued. These policies are foundational components of information governance programs and are essential for managing storage and reducing ROT (redundant, outdated, trivial) data. But failure to suspend them for relevant custodians or systems can result in the permanent loss of evidence.

Auto-deletion risks appear in many forms:

• Email systems that delete messages after 30, 60, or 90 days.
• Slack or Teams channels set to purge content automatically.
• Text or chat messages (including those located in ephemeral messaging solutions) set to auto-delete on mobile devices.
• Cloud retention schedules that overwrite prior versions of files.
• Backup rotations that eliminate snapshots before they can be preserved.

Even well-intentioned organizations experience failures when legal teams assume IT has disabled auto-delete, or IT assumes legal will handle it elsewhere. Meanwhile, the system continues purging content that may be important to the case.

Modern preservation-in-place capabilities – offered by platforms like Microsoft 365, Google Workspace, and Slack Enterprise Grid – allow suspension of automatic deletion once a hold is active. But these must be configured correctly and tested regularly. The organizations most successful at avoiding data preservation problems are those with tight coordination between legal, IT, records management, and information governance teams.

Poor Custodian Communication: When People Don’t Understand Their Obligations

Finally, another source of preservation failure lies not in the technology itself, but in people. Custodians play a central role in preservation, yet they are often the least equipped to understand or carry out their responsibilities without clear guidance. Miscommunication, confusion, or lack of follow-through creates significant risk.

Custodian-related failures include:

• Custodians not understanding what data is relevant.
• Custodians ignoring or misunderstanding the hold notice.
• Custodians failing to pause personal deletion habits (e.g., inbox cleaning, file cleanup).
• Custodians using unofficial channels (WhatsApp, personal email, text messages) to communicate about the matter.
• Custodians who leave the organization before their data is preserved.

A legal hold notice cannot simply be sent – it must also be understood. That requires clear language, examples, resources for questions, periodic reminders, and ongoing support. Custodians should know who to contact, how to comply, and what actions may violate the hold. For high-risk matters, brief targeted training or direct meetings help bridge gaps.

Failing to communicate effectively can turn an otherwise defensible legal hold into a vulnerability, especially when key data sources are not centralized, but localized with custodians (e.g., phone-based content, chat histories, or personal file storage).

Building Resilience: Avoiding These Common Failures

Avoiding preservation failures requires more than issuing a timely legal hold. It also requires a coordinated, technology-enabled, and people-centered process. Organizations that succeed share several traits:

• Early legal involvement to ensure timely holds.
• Cross-functional collaboration to scope custodians and systems accurately.
• Automated preservation tools that are tested and verified to suspend deletion reliably.
• Clear, ongoing communication with custodians.
• Comprehensive documentation demonstrating the reasonable steps taken at every stage.

Like any other process, it takes the right combination of people, process and technology to avoid preservation pitfalls.

Conclusion

Preservation failures often occur quietly in the background, but when they surface, they can derail a case. By recognizing the most common pitfalls and developing proactive, repeatable strategies to avoid them, organizations can strengthen defensibility, reduce risk, and build a preservation program that meets modern legal standards.

In our next post, we’ll discuss recent case law rulings that illustrate best practices for issuing legal holds and preservation of data, including examples of where parties have succeeded or fallen short. Stay tuned!

For more regarding Cimplifi eDiscovery, litigation, and investigations capabilities, click here.