How do the identification, preservation, and collection stages hand off to each other without breaking chain of custody?
The early stages of e-discovery move from knowing what might be relevant, to keeping it from changing, to gathering it for review. Each handoff is a moment where evidence can be lost or its integrity questioned, so the goal is an unbroken, documented trail. These stages map to the broader e-discovery workflow.
What each stage contributes
- Identification locates potentially relevant information: the people (custodians), systems, repositories, and data types in scope. The output is a defensible map of where evidence lives.
- Preservation stops that information from being altered, deleted, or overwritten, typically through a legal hold and by suspending routine disposition. Under the U.S. Federal Rules of Civil Procedure, a duty to preserve generally arises when litigation is reasonably anticipated; specifics and timing vary by jurisdiction, including state courts and other countries.
- Collection copies the preserved data into a controlled environment for processing and review, ideally without changing the originals or their metadata.
How the handoffs stay clean
The link between stages is documentation. Identification feeds preservation a precise scope, so holds reach the right custodians and sources. Preservation feeds collection a stable, unchanged set, so what is gathered matches what was identified.
Chain of custody is the record that connects these steps: who handled the data, when, what was done, and how integrity was verified. Practical safeguards include:
- Written legal hold notices and tracked acknowledgments showing scope and timing.
- Hash values (digital fingerprints) generated at preservation and re-verified after collection to prove nothing changed.
- Metadata preservation, capturing originals rather than altered copies.
- A custody log documenting each transfer, tool, and operator.
Why it matters
If any handoff is undocumented, an opposing party can challenge whether evidence is authentic or complete, risking sanctions or excluded evidence. The Sedona Conference offers widely cited, principle-based guidance on defensible preservation and collection.
The standard is reasonableness and good faith, not perfection. Coordinated work among legal, records/information governance, and IT, recorded contemporaneously, keeps the chain intact across every transition. Because requirements differ by jurisdiction and matter, confirm specifics with qualified counsel.
Sources & further reading
Authoritative government and non-profit references.
- Federal Rules of Civil Procedure — U.S. Courts
- The Sedona Conference publications — The Sedona Conference
How to cite this page
APA
RM University Editorial. (2026). How do the identification, preservation, and collection stages hand off to each other without breaking chain of custody?. Records Management University. https://www.recordsmgmt.org/questions/how-identification-preservation-collection-stages-hand-off-chain-of-custody/
MLA
RM University Editorial. "How do the identification, preservation, and collection stages hand off to each other without breaking chain of custody?." Records Management University, 16 June 2026, www.recordsmgmt.org/questions/how-identification-preservation-collection-stages-hand-off-chain-of-custody/.
Related questions
- A key custodian left the company—how do we preserve and collect their email and files after they're gone?
- An employee admitted to deleting emails relevant to a lawsuit—what do we do now?
- Are curative measures or monetary fines available when lost data can be replaced through other sources?
- Can a company be sanctioned for spoliation when an employee auto-deleted text messages or ephemeral chats?
- Can a court order cost-shifting or limit search terms when keyword searches return an unmanageable hit count?