Third-Party Subpoena Requests: What They Are and How to Respond

Third-Party Subpoena Requests: What They Are and How to Respond By Drew Lazzara, Zapproved
Image: Kaylee Walstad, EDRM

If your organization is served with a third-party subpoena to produce evidence, your first response might be to break out in a cold sweat. The word “subpoena” is a loaded term, and an instinctive pang of panic is common. But it doesn’t have to be. 

Third-party requests like subpoenas can be sudden, and that can throw a wrench in your day-to-day operations. To avoid these kinds of disruptions, it’s important to understand what a third-party subpoena is, avoid potential challenges, and develop a response plan.

What Is a Third-Party Subpoena Request?

Before your business can develop a systematic response to third-party requests that include defined processes, roles, and support tools, you need to know what you’re up against. 

Definition of Subpoena Request 

To put it simply, a third-party subpoena request (or as it’s formally known, a “subpoena duces tecum”) is a court order outlining evidentiary documents to produce on behalf of a party or parties outside your organization. Many types of businesses hold information that could be relevant or critical to civil litigation among external parties. For example, a financial institution may receive a subpoena request from litigants involved in a divorce proceeding.

If you’ve been blindsided by a subpoena request in the past, you know how important it is to formalize your approach.

Drew Lazzara, zapproved

Such subpoenas are directed at individuals or organizations that aren’t otherwise involved in a case. Compliance requires you or your organization to produce the requested documents, not to give testimony. But because you aren’t directly involved in the litigation, such requests can come as a surprise, making them difficult to plan for (but more on that in a moment). 

Additional Third-Party Requests

Subpoenas are also not the only kind of third-party request you may receive. A general records request can be:

            •           Governmental or related to the Freedom of Information Act (FOIA)

            •           Data Subject Access Requests (DSARs), whereby privacy regulation permits access to personal data held by your organization

            •           Required for internal compliance 

Depending on your industry, you may also be subject to regulatory requests. These are most frequently:

            •           Recurring in nature, subject to regulatory mandates

            •           Related to compliance audits

            •           Subject to strict timeframes and due dates 

What Are the Biggest Challenges Related to Third-Party Subpoenas?

Third-party requests are important to your business because they are typically court ordered or legally codified. That means compliance is required under state and/or federal law, and failure to comply can result in contempt of court charges. But organizations still face some common challenges related to such requests, including:

            •           Data format requirements—Data for third-party requests must be produced in pdf or other imaged formats, but they are often pulled from many different data sources in a wide range of native formats. That frequently leads to time-consuming conversion if you get served. 

            •           Strict guidelines and tight deadlines—Such requests are typically inflexible, leaving no room for error and making compliance more painstaking. They also often have very quick turnaround times, which can make your response seem more like a fire drill if you aren’t prepared. 

            •           Lack of institutional memory—As we mentioned, third-party subpoenas are frequently unexpected, and that makes them very difficult to plan for. Most organizations lack systematized processes, so they must reinvent the wheel each time. As your legal team can tell you, a lack of uniform process can expose you to risk. Businesses also usually don’t have the proper tools to easily support compliance, which means lots of manual work to convert, redact, and produce data. 

            •           Lack of staffing resources—Your organization may not have dedicated staff to handle subpoena requests, so they are handled on an ad hoc basis. Your team might simply lack the experience with such matters to work efficiently, and tight deadlines mean requests often displace other business-critical tasks. 

How Do I Successfully Respond to a Third-Party Subpoena Request?

As with any other business challenge, it’s always best to be proactive and develop a strong plan of attack before you receive a request. If you’ve been blindsided by a subpoena request in the past, you know how important it is to formalize your approach. Here are a few ground rules to help you respond to an existing request and prepare for the next one.  

Carefully review the entire request

Think of this as your “take a deep breath” step. It’s important to understand the full scope of the request and your obligations, especially as regulatory investigations may evolve over time. As you review, start to strategize about the information you will need to resolve the inquiry and identify the proper data sources. 

Start preservation immediately

Once you have handle on the scope of the request, identify any information that is directly responsive to the subpoena or that may be otherwise relevant. Once you’ve cataloged this, determine which custodians have control or ownership of that information. You’ll want to issue a timely hold notice that advises custodians of their obligation to preserve data and asks for their confirmation of receipt.

Preservation in these third-party instances is very similar to the work you do in ediscovery, so an automated legal hold software and previously drafted hold templates can expedite and simplify this step.

Provide ongoing updates to the requesting party

As you collect and review the requested information, make sure you stay in communication with the requesting party. This will help you agree upon and define a production schedule and identify deliverable deadlines. If you encounter unexpected problems that may delay your production, open lines of communication can help you address challenges quickly and remain compliant.  

Document your process as you respond

Given the tight deadlines associated with third-party subpoena requests, this step isn’t always possible in the moment. But it’s good practice to create some structured processes to handle such requests (or similar regulatory or governmental requests) in the future. Simple documentation can help you track FAQs or red flags to be aware of so you’re more efficient the next time you receive a request. 

Find the right technology

The same tools that create efficiencies and cost savings in the ediscovery process also support third-party requests. Technology can also be a huge help if you are subject to recurring regulatory audits. Ediscovery software can provide:

            •           Opportunities for automation—Automation reduces the need for dedicated staff in your subpoena response process and eliminates the need for manual production. It can be applied to all aspects of the legal hold process, simplify document redaction and conversion, and allow you to preserve in-place to reduce storage costs and avoid duplicate data.

            •           Greater consistency—An ediscovery platform unifies your approach to both litigation response and third-party response so you don’t have to start from scratch with each request.

            •           More empowered staff—The right software gives your people a dedicated resource for handling subpoena requests without adding headcount, so they can comply more quickly and get back to the activities that matter most for your bottom line. 

A third-party subpoena request can come out of the blue, but responding to it shouldn’t induce panic or create chaos for your business. With a clear plan of attack and the right tools to execute, third-party requests go from “cold sweat” to “no sweat”.

Author

  • Drew Lazzara

    Drew Lazzara is the Senior Content Manager at Zapproved. Drew is an experienced editor, writer, and project manager. Drew develops and curates content to bring stakeholders from across this value chain together to achieve tangible business results.