Each year, some companies receive thousands of third-party subpoenas, garnishments, law enforcement requests, and other third-party “requests” for information. Most receive quite a bit fewer. Regardless of the volume, the company itself has nothing to gain or lose from the underlying dispute. As a result, dealing with these demands is just a drain on time and resources. But as some have unfortunately learned, the failure to give sufficient attention to the appropriate responses can lead to increased legal costs and even direct liability.

As painful as it might be, spending just a little time thinking through your third-party request process can decrease costs, increase efficiency, and mitigate risk. Here are just a few ideas worth considering.

Where Is Your Data

It’s been said over and over again: getting your arms around the location of your data in advance will save untold headaches down the line. In addition to collecting and producing responsive information, subpoenas and similar demands also impose a duty to preserve such information. Therefore, beyond the normally tight deadlines imposed by third-party subpoenas, there is some urgency to identify potentially responsive data upon its receipt.

When a company has no data map or inventory prepared in advance, one of two things usually happens. One is that an in-house lawyer or paralegal starts sending out e-mails to various business functions, waits for responses, follows up with those who might have responsive information, sets up calls and meetings, and so on until the responsive data is collected. In other words, they spend a lot of time tracking things down.

The other common approach is that the lawyer or paralegal makes targeted, direct requests for information from the “obvious” document custodians. For example, a subpoena for customer records might lead to an information pull from the CRM system, ignoring the potential e-mails exchanged with or regarding that customer.

The first approach can be unnecessarily repetitive and costly. The second approach can lead to follow-up demands, extended back-and-forth with the issuer, and, in extreme cases, sanctions.

Even a basic inventory of data can streamline the collection and identification process while decreasing risk. Such an inventory can include:

  • the categories of third-party requests that are received (e.g., wage garnishments, records related to customer transactions, law enforcement requests for customer accounts, etc.)
  • the locations of potentially responsive information for each category
  • the format of the information (e.g., a schema)
  • the custodian for such information
  • the default retention period for such information.

Have a Plan for Objections

Litigators love the words “vague,” “overly broad,” and “unduly burdensome.” Those three phases can seem magical in fending off an irritating subpoena…at first. But sometimes, the issuer pushes back. At that point, the company must justify its objections, which often means even more time from the lawyer. And of course, if the issuer files a motion to compel with the court, outside counsel start to get involved (cha-ching). Further, in the case of law enforcement requests, objections are not as useful.

On the other side of the equation, companies often fail to avail themselves of obvious objections, which, if nothing else, can be used for negotiating purposes with the issuer. Was the subpoena issued out of a court that has jurisdiction over the company? Is the venue for production of documents appropriate? If the information implicates the data of a customer, employee, or vendor, is a protective order necessary to protect confidential information? Companies should examine all of these issues and more.

Of course, identifying objections on the fly for each third-party request can be time-consuming and lead to inconsistency. A better approach would be mapping out potential objections in the context of creating the data inventory. For example, you might note that a large number of custodians exchange customer-related e-mails, and thus decide that asserting a burden objection is the default response for such e-mails.

Have a Process, Not Just a Person

“Sam handles all the subpoenas” is not a process, especially when Sam is on vacation or busy with higher priorities. The process does not have to be complicated. But calendaring internal and external deadlines, identifying the contacts in each business function, and tracking third-party demands and their responses are all part of a process that can prevent additional time and expense.

Do Outlook and Excel Count as a “Tech Solution”

As with many routine tasks, e-mails and spreadsheets might be the go-to tools for handling and tracking third-party requests. And such an approach might be sufficient. But unless the company only receives a handful of subpoenas a year, sorting through old e-mails to find out “when we responded” can quickly become an overwhelming burden.

Luckily, there are cost-effective technology platforms that are designed specifically for the intake, processing, and response to third-party demands. Such tools serve as a central repository for all information regarding responses and can dramatically improve efficiency.

Are You Recovering Your Costs

Finally, most court rules allow for the recovery of costs in responding to certain third-party requests, such as civil subpoenas. And most recipients are keenly aware of the expense they incur when a subpoena requires the collection, review, and redaction of thousands of pages of documents.

But what about more streamlined requests, where gathering responsive documents is a simple matter of running a report? Even such “go and get” subpoenas take valuable time and resources, and it is often worth asking for the issuer to agree to pay some fair compensation. If the company recovers only $100 to $200 for each such subpoena, those recoveries can quickly add up.

Many companies do not attempt the recovery of costs due to the time it takes to request, collect, and direct such funds internally. But once again, technology can come to the rescue, with tools such as a paywall that requires a credit card before someone can download responsive documents.

In Conclusion

No one really wants to deal with third-party requests (or even read an article about them). But a few proactive steps can go a long way towards lessening the irritation, decreasing the risk, and maybe even recovering compensation for some of the time spent.