You’re a skilled general counsel embroiled in high stakes litigation, perhaps even a “bet the company” case. You’ve dotted your i’s and crossed your t’s, all in preparation for the ensuing battle. You’ve issued appropriate litigation hold letters, you’ve backed-up case-critical electronically stored information (ESI), you’ve taken steps to ensure that potentially relevant ESI  is preserved, and that nothing is modified, deleted or “rolls off the system” without you knowing about it first. You go to sleep believing that you’ve taken all reasonable steps to preserve the data that may one day be necessary for your lawsuit.

The next morning you wake up to an email from your IT department stating that a data breach has occurred, that the company is investigating the extent of the breach, and that more details will follow. You first think about your own files, hoping that nothing has been lost; but then your attention inevitably shifts to the lawsuit and all the data that you worked hard to preserve: What if any of the data has been compromised or, worse yet, lost? Can the company be blamed for a failure to preserve? Could this actually cause us to lose the case?