5 Steps to Protecting Ediscovery Data When an Employee Exits

[Editor’s Note: EDRM is pleased to amplify the educational articles of our trusted partners.]

5 Steps to Protecting Ediscovery Data When an Employee Exits-Zapproved
Image: Kaylee Walstad, EDRM

Businesses are facing more uncertainty around talent and employee management than ever before. Whether it’s challenges around working from home, employee burnout, the “Great Resignation,” or the threat of recession-fueled layoffs, it’s not easy to chart the best course for your people. 

Even when they leave the company.

Exiting or terminated employees can be a major risk if you don’t have a thorough plan in place for their exit and the transition of their responsibilities. This is especially the case if they are active custodians for open matters. There’s always a risk that terminated employees will take or destroy sensitive data, but custodians that leave may also delete or damage important evidentiary data—and that can have a huge impact on the outcome of pending litigation.   

There’s always a risk that terminated employees will take or destroy sensitive data, but custodians that leave may also delete or damage important evidentiary data—and that can have a huge impact on the outcome of pending litigation.   

Drew Lazzara

Your legal and ediscovery teams should be a big part of the exiting process for a number of reasons. They’ll help you:

  • Keep data and intellectual property safe from the risk of theft
  • Improve data quality and data literacy across business units
  • Preserve and collect relevant data for legal matters for better litigation outcomes
  • Increase the defensibility of your process and reduce the risk of spoliation

Here are the five steps your ediscovery team should take to support a smooth transition for exiting employees and protect data across your organization.

1. Determine who is exiting the company and when

If this one seems a bit obvious, well, it’s “Step 1” for a reason. Besides, common sense often runs up against unexpected challenges in complex organizations, and staying abreast of every custodian that exits the company is a case in point.

That’s because cybersecurity and data-privacy measures preclude access to HR databases for most legal and ediscovery teams. So when an employee is terminated, exits the company, or even simply changes departments for a new role, Legal must rely on HR to report this change. While many large companies have standing policies to ensure this reporting takes place—think large, national retailers who may have hundreds of employees exit daily—businesses that have low turnover or face unexpected layoffs may not. 

It’s important for ediscovery teams to meet regularly with HR to stay on top of exits and anticipate future personnel moves that could impact custodians. You might also consider strategic investment in ediscovery tools that integrate with common HR databases like Workday or ADP, so when an employee status is changed by HR, your ediscovery team is notified automatically.

2. Identify all past and active legal holds associated with the employee

Once you’ve established a clear record of who is exiting the company, your ediscovery team’s biggest priority is ensuring that data relevant to open matters is preserved and collected. 

This is part of good custodian management through the legal hold process, but a single employee may be a custodian for multiple matters managed by different parts of the legal team. You need visibility to make sure you preserve data for a terminated custodian (more on that in a moment), and it’s also a good opportunity to reconfirm the scope of the hold in terms of date ranges, data sources, and data types.

You should also review closed matters associated with the exiting custodian, too. You may find that you are holding on to previously collected data unnecessarily. Ediscovery teams are most focused on preserving relevant data than purging old data, but storing and managing duplicate or unnecessary data is costly. An employee exit is a good opportunity to reduce this kind of data and review retention/deletion policies. Speaking of which…

3.  Notify Database Administrators to enable immediate data retention and collection orders

This step is crucial for increasing the defensibility of your processes and reducing the risk of spoliation. If the exiting employee is an active custodian, data retention policies will already be in place for relevant electronically stored information (ESI). But employee termination may also trigger additional layers of retention policies that overlap or conflict with your legal hold. 

For example, if your organization’s standing policy is to wipe laptops of exiting employees after seven days, you’ll need to coordinate with IT, HR, or other database owners to ensure that device is imaged before important data is lost. You may be especially at risk if you rely on self-preservation methods whereby custodians are asked to set aside relevant ESI independently.    

4. Identify any additional custodians that need to be added to open holds in place of exiting custodians

Once you’ve taken steps to ensure the preservation/collection of relevant data for an exiting employee, it’s important to revisit the legal hold to see if their replacement should be added when they take over the role. 

This is most commonly (and most importantly) applied to custodians that are responsible for managing data repositories wherein the data isn’t necessarily created or owned by the custodian—these are referred to as “non-custodial data sources (NCDS).” For instance, if your company Controller or VP of HR exit, their responsibility as manager of financial reporting and employee databases will pass to their successors. Since data within these NCDS will be relevant to open matters, new database managers should be added to existing legal holds. 

5. Document, Document, Document

If you don’t properly document all your activities regarding exiting custodians, you’re really taking a risk on the defensibility of your process. It’s best-practice to create a written record of what actions were taken, when they took place, and who took the action for each of the steps outlined above. 

This is another area where ediscovery software can be a huge advantage. When your tools are integrated with employee databases, every activity related to that employee—up to and including termination—will be automatically recorded and saved. These tools will automatically link to the appropriate matters, holds, and custodians while also making it simple to create reports that prove defensibility. Many tools also permanently record every action taken in the ediscovery process, eliminating accidental deletions or mistakenly undocumented steps.

Good ediscovery processes around employee exits can make your legal team more efficient and your practices more defensible in court. But excellence in ediscovery can also benefit the rest of the business by helping to defend against cyberthreats and creating a more structured approach to data management across teams.

Most importantly, these ediscovery practices can ease some of the uncertainty around managing people—even if it’s only to help them on to the next stage of their careers.  


  • Drew Lazzara

    Drew Lazzara is the Senior Content Manager at Zapproved. Drew is an experienced editor, writer, and project manager. Drew develops and curates content to bring stakeholders from across this value chain together to achieve tangible business results.

    View all posts