E-Discovery Policy

The University at Buffalo (UB, university) is committed to operating to the highest ethical and legal standards. Complying with federal and state laws regarding preservation of documents, whether electronic or in any other form, in connection with a legal dispute is an important aspect of this commitment. Upon notice that a lawsuit has commenced against the university, or upon reasonable anticipation that a lawsuit may be brought, the university and its relevant personnel are under a legal duty to preserve all Electronically Stored Information (ESI) related to the legal dispute.

University officers, employees, agents, and authorized users who use electronic storage systems and programs must:

• Manage records and ESI in compliance with applicable laws, regulations, policies, and retention schedules
• Recognize and report a potential Triggering Event to the State University of New York (SUNY) Office of General Counsel (OGC, Counsel)
  • SUNY Counsel will advise the Research Foundation (RF) Counsel and University at Buffalo Foundation (UBF) Counsel, when appropriate
• Cooperate with Counsel to identify, preserve, maintain, and produce ESI that is subject to a legal hold

Counsel will determine what constitutes a Triggering Event. When appropriate, Counsel’s Office will issue a Legal Preservation Notice, direct the Legal Hold process, and notify the E-Discovery Response Team (Team). The Team will oversee the preservation, review, and production of ESI including communication, oversight, and management of the process.

All university systems, programs, and devices must allow for UB Information Technology (IT) administrative access. Employees do not have a privacy interest in university records and ESI, regardless of where they are stored.

Back-up systems are for the purpose of disaster recovery only. Time frames and cycles of such systems should adhere to university policies including the Record Retention and Disposition Policy and Central Email Policy.

Failure by any university officer, employee, agent, or authorized user to adhere to this policy may result in discipline and expose them to legal sanctions.

The university is responsible for complying with information demands made by the public, oversight agencies, parties in litigation, and the courts. Such demands may arise in the context of litigation, administrative proceedings, audits, investigations, and Freedom of Information Law (FOIL) requests. With the proliferation of electronic information storage capabilities and systems, the task of complying with these requests has become more complicated and challenging.

This policy applies to all university officers, employees, agents, and authorized users who use electronic storage systems and programs.

Counsel

Attorney of the SUNY OGC, including attorneys designated as campus counsel or outside legal counsel involved at the request of OGC.

Custodian

Officer, employee, or agent of the university who possesses, controls, or maintains any record, information, or data of the university.

Distributed IT Director

Head of a departmental IT staff unit. Also referred to as Node Director.

E-Discovery (Electronic Discovery)

Process of preserving, securing, reviewing, and exchanging ESI in the context of modern litigation or other legal processes.'=

E-Discovery Response Team

Manages overall compliance by assessing, implementing, and monitoring the university’s E-Discovery processes. The E-Discovery Team includes Counsel, UBIT Personnel, and the Records Management Officer (RMO); other individuals may be asked to participate as needed.

Electronically Stored Information (ESI)

Any information, record, document, file, or data that is stored electronically. ESI may reside on a university system, device, or server of any kind; on an employee’s personal device or account if such device or account is used for conducting university business; or on cloud technologies or services. ESI may include but is not limited to audio recordings, video, voice mail, email, instant messages and chats, text messages, documents, spreadsheets, databases, calendars, telephone logs, contact information, internet usage files, metadata, portable electronic media, social media, and all other electronic information created, received, and/or maintained on computer systems.

Key Person

University officer, employee, or agent who possesses, controls, or maintains any record, information, or ESI that is subject to a Legal Hold. A Key Person may also be someone who is in a position of leadership or someone who has been designated as a campus liaison to Counsel.

Legal Hold

Process by which UBIT Personnel preserve certain records and ESI pursuant to a Legal Preservation Notice issued by Counsel’s Office. The Legal Hold remains in effect until advised by OGC.

The basic steps to implementing a Legal Hold are:

1. OGC issues a litigation hold notice to individuals involved in legal action
2. OGC sends a copy of the notice to the RMO
3. RMO assigns the notice a tracking ID
4. RMO resolves the names in the notice to UBIT names
5. RMO determines which IT units support the individuals named in the notice
6. RMO notifies UBIT units or the distributed IT directors using a standard message and includes litigation hold notice and pointers to the policy and inventory sheet
7. RMO receives and records confirmation of receipt from the distributed IT director(s); reports to OGC
8. UBIT creates storage space in centrally managed e-discovery storage and gives access to UBIT and distributed IT staff as necessary
9. UBIT and distributed IT staff gather electronic records from named individuals and transfer records to central e-discovery storage area
10. UBIT/distributed IT director(s) receive inventory sheet from user(s) detailing where ESI is stored
11. Inventory sheets are forwarded to the RMO for record keeping
12. RMO reports status to OGC

Legal Preservation Notice

Set of written instructions that is sent from Counsel’s Office to Key Persons and their supervisors, with notice to the E-Discovery Response Team in order to initiate a Legal Hold when an event gives rise to a reasonable anticipation of litigation.

A Legal Preservation Notice may be issued by Counsel’s Office electronically; however, it should follow with an appropriate acknowledgment of receipt. At a minimum, a Legal Preservation Notice should include information related to:

• Nature of the Triggering Event giving rise to the Legal Hold
• ESI or other records that are subject to the Legal Hold
• Brief recitation of the legal obligations related to Legal Holds in general
• Instructions for preserving the relevant ESI (including any transfer instructions)
• Contact information for both legal and IT advice
  

Records Management Officer (RMO)

Individual responsible for developing and administering a records management program for systematic control of records at the university. The RMO ensures proper retention and disposition of records at the campus level.

Triggering Event

Any event or set of circumstances that causes Counsel to reasonably anticipate litigation or another legal process that gives rise to a preservation obligation. Factors to consider in determining whether a Triggering Event has occurred include, but are not limited to:

• Likelihood of litigation or other legal processes, including communication from potential parties to a lawsuit or their representatives
• History of the institution related to a potential matter in dispute
• Location, durability, and control of potential ESI
• Media coverage
• Seriousness or magnitude of potential legal action
• Relative burdens and costs of preservation effort
• Common sense and professional judgment

University at Buffalo Information Technology (UBIT) Personnel

Chief Information Officer or designee.

• Follow the Record Retention and Disposition Policy.
• Eliminate unnecessary copies/drafts of records and documents, and delete unnecessary email on a routine basis. 
  • Limit the amount of ESI stored on systems and devices under your control that does not have a legal, operational, or historical value to the university.
• Notify Counsel’s Office of threats of legal action and other potential Triggering Events.
• Comply with directives of the E-Discovery Response Team. 
• Preserve relevant information as instructed in a Legal Preservation Notice, regardless of location, including personal accounts and devices.
• Document steps taken when complying with a Legal Preservation Notice and provide such documentation to Counsel’s Office when requested.

• Provide guidance to university leadership.
• Issue a legal preservation notice upon occurrence of the following Triggering Events:
  • Receipt of administrative complaint (e.g., from the Equal Employment Opportunity Commission, U.S. Department of Health and Human Services Office for Civil Rights, New York State Department of Human Rights)
  • Receipt of Notice Of Intent to File a Claim, claim, summons, or complaint
  • Appeal of a disciplinary matter to arbitration
  • Receipt of an attorney demand letter or threat of litigation by an attorney
  • Catastrophic events involving injury to persons or property reported in the media
• Educate Key Persons on how to identify possible triggering events.
• Consider issuing a Legal Preservation Notice upon occurrence of any event that may give rise to a reasonable anticipation of litigation or another legal process for which ESI may be relevant. Such events may include:
  • Initiation of an investigation by state or federal law enforcement
  • Initiation of an investigation by the Inspector General
  • Injury to persons or property
  • Major employment actions, such as tenure denial or filing a grievance
  • Major contract actions(e.g., breach, early termination)
  • Major student actions (e.g., dismissal, interim suspension)
  • Receipt of FOIL request
  • Audit by outside agency (e.g., Office of the State Comptroller, Department of Health)
  • Knowledge of litigation or investigation for which the university may become a real party in interest
  • Receipt of a subpoena
  • Complaint of discrimination or harassment against a university employee, volunteer, or student
  • Verbal notification of intention to commence lawsuit
• Work with applicable campus leadership and the E-Discovery Response Team to identify Key Persons who will assist in the preservation of ESI when a Triggering Event occurs.
• Describe litigation facts and issues sufficiently to facilitate identification of relevant documents or information. Determine appropriate search terms or key words for use in search tools/software on an ongoing basis.
• Identify the appropriate time period for the legal hold and determine whether it is retrospective or continuing.
• Define scope of ESI for recipients of the Legal Preservation Notice. Counsel will consider:
  • Nature of the issues raised or likely to be raised in litigation
  • Amount that is or is likely to be in controversy
  • Nexus of the information to issues that may be involved in the litigation
  • Costs to preserve and potentially restore information
  • Whether preservation would affect ongoing or future business activities
  • Whether there are other sources of such information
• Work with UBIT Personnel to determine the appropriate method for preserving ESI.
• Issue instructions with respect to future communications (e.g., limit use of e-mail, save relevant emails in particular folder, refrain from speaking or otherwise communicating with others concerning matter at issue).
• Monitor compliance with the Legal Preservation Notice through communications with Key Persons and the E-Discovery Response Team.
• Issue periodic reminders that a Legal Hold remains in effect.
• Manage any necessary production of ESI and other records in consultation with UBIT Personnel, RMO, Attorney General (if engaged in litigation or if Assistant Attorney General is assigned), and other appropriate parties.
• Coordinate efforts with applicable third parties (e.g., vendors, unions) and the Attorney General’s Office to meet E-Discovery obligations.

• Oversee E-Discovery projects from the time Counsel determines a Triggering Event has occurred through preservation, review, and production.
• Inform Key Persons of their duties related to E-Discovery projects.
• Report to the responsible executive or designee regarding current E-Discovery projects and compliance initiatives.
• Provide training to the campus regarding compliance with the E-Discovery process.

• Educate Counsel’s Office and Custodians on basic operations of systems, devices, and programs under their control, including back-up, archiving, and automatic deletion functions or programs.
• Assist Counsel’s Office in identifying potential ESI sources.
• Work with Counsel’s Office and Key Persons to implement Legal Holds including direct responsibility over ESI collection and preservation activities. 
• Take steps to preserve relevant ESI upon direct receipt of a Legal Preservation Notice, or at the instruction of Counsel. This may include using administrative controls to lock down devices or copy information without the user’s knowledge.
• Work with Key Persons to ensure preservation of relevant data created after receipt of a Legal Preservation Notice.
• Assist Counsel in reviewing, producing, and explaining relevant ESI during any related legal proceedings.
• Preserve records and ESI associated with persons who become unaffiliated with the university.

• Preserve relevant information as instructed in a Legal Preservation Notice, regardless of location, including personal accounts and devices.
• Provide Counsel’s Office and the E-Discovery Response Team with information on the potential sources, locations, nature of relevant ESI, and other records in your possession or control.
• Do not delete, destroy, purge, overwrite, or otherwise modify existing relevant ESI (or newly created relevant ESI) even if it is a duplicate, draft, or personal.
• Provide UBIT Personnel and Counsel’s Office access to all relevant records and ESI so that the information can be preserved and retrieved.
• Comply with all directives of the E-Discovery Response Team.

• Manage records and ESI according to applicable laws, regulations, policies, and retention schedules. This includes limiting the amount of ESI that is stored on systems and devices under your control that does not have a legal, operational, or historical value to the university.
• Act as the primary E-Discovery liaison with Counsel, unless the president makes another designation. 
• Serve as the custodian of preserved material.
• Preserve relevant information as instructed in a Legal Preservation Notice, regardless of location, including personal accounts and devices.
• Do not delete, destroy, purge, overwrite, or otherwise modify existing relevant ESI (or newly created relevant ESI) even if it is a duplicate, draft, or personal.
• Provide Counsel’s Office and the E-Discovery Response Team with information on the potential sources, locations, nature of relevant ESI, and other records in your possession or control.
• Communicate with Key Persons when directed by Counsel.
• Provide UBIT personnel and Counsel’s Office access to all relevant records and ESI so that the information can be preserved and retrieved.
• Understand the basic operations of electronic storage systems and programs that you use.
• Notify Counsel of threats of legal action and other potential Triggering Events.
• Manage records and ESI in accordance with university policies and procedures, including those associated with separated employees.

• Act as the primary E-Discovery liaison with Counsel’s Office.
• Chair the E-Discovery Response Team.
• Promote campus-wide compliance with records management policies and best practices.
• Communicate directly with Key Persons and serve as a custodian of preserved material, at the direction of Counsel.