Relativity Home logo

Your single source for new lessons on legal technology, e-discovery, and the people innovating behind the scenes.

Managing Third-Party Subpoenas in RelativityOne: A Comprehensive Workflow

Drew Muffett
Managing Third-Party Subpoenas in RelativityOne: A Comprehensive Workflow Icon - Relativity Blog

At a time when drowning in data and the over-preservation of electronically stored information (ESI) is a reality across most companies with large data profiles, being at the receiving end of a third-party subpoena can be a daunting experience.

Today, half of all new matters in RelativityOne involve legal data intelligence challenges beyond litigation. Indeed, over 200,000 professionals across leading law firms, legal service providers, corporations, and government agencies are currently using RelativityOne to manage a broader range of use cases, including responding to third-party subpoenas in a defensible, secure, and strategic way.

In this blog post, we will deep dive into third-party subpoenas: exploring what they are, best practices in creating a response plan, and how RelativityOne enables organizations to streamline their third-party subpoena workflows.                 

Third-Party Subpoenas: The What & Why

When a subpoena is issued to an entity that is not a party to the underlying litigation, it is referred to as a third-party subpoena.

Here’s a real-world example that puts it in context: 

In 2020, Apple and Epic Games—the gaming company that created Fortnite—were locked in a high-profile legal spat after the latter filed an antitrust suit against Apple alleging monopoly behavior on the iOS App Store. Soon after, Apple served a third-party subpoena to a third company: Valve, the company behind Steam, one of the largest PC game distribution platforms in the world. Even though Valve had no connection to the lawsuit, Apple needed its sales data to make the case that game distribution was a competitive market.   

Other examples include:

  • A company receives a third-party subpoena from an employee’s spouse in the course of their divorce proceedings.
  • A software provider receives a third-party subpoena from a regulator conducting a probe into one of its customers.

Since they aren’t directly involved in the litigation, organizations cannot anticipate third-party subpoenas and may therefore lack the preparedness needed to address them with confidence.

According to the American Bar Association (ABA), third-party subpoenas are governed primarily by Rule 45 of the Federal Rules of Civil Procedure (FRCP). However, the discovery that can be sought via such subpoenas can match the scope of the discovery permissible under Rule 26—the same part of the FRCP that prescribes detailed rules on how discovery can be conducted between parties directly involved in a civil litigation. 

When the Third-Party Subpoena Is Overly Broad and Burdensome

The subpoena can request any information or testimony relevant to the action so long as that information is not privileged; further, the subpoena should not unduly burden the individual or entity receiving it. 

Sometimes, the information sought by the subpoena may present a risk to confidential information such as the third party's trade secrets. In such situations, counsel representing the third party (also called the nonparty) should communicate with the attorney(s) serving the third-party subpoena and attempt to narrow down the scope of the data request. 

When communication with the requesting side does not resolve the issue, the third party has recourse, under FRCP’s Rule 45, to file a motion to quash the subpoena so that the court can either limit the scope of the subpoena or declare it invalid. Often, the nonparty will make a written request to quash the subpoena alongside filing a motion for a protective order under Rule 26 of the FRCP.

In the course of the legal battle between Blake Lively and Justin Baldoni that dominated headlines recently, Marvel Entertainment sought a protective order and filed a motion to quash a third-party subpoena served by Baldoni’s legal team. The subpoena sought details about the creative development of “Nicepool,” a new character debuting in the Deadpool franchise that was allegedly created by Ryan Reynolds to lampoon Baldoni.

Generally, it’s advisable for the nonparty to file a motion to quash and/or move for a protective order as soon as possible after receiving the subpoena. Even if the date of compliance specified in the subpoena is more than 14 days after service, it is, according to the ABA, considered good practice to move to quash within 14 days after receipt of the subpoena as Rule 45 requires.

In other cases, the scope of the third-party subpoena can seem overly broad, and therefore place undue burden on the party being subpoenaed. Complicating factors like complex ESI collection and unreasonably large data sets could put undue burden on the nonparty. In these situations, the nonparty can make a request to the court to shift the subpoena compliance costs onto the parties in the lawsuit.

For example, in United States v. Columbia Broad. Sys., Inc., the court awarded the reimbursement of discovery costs to nonparty witnesses, after their discovery costs exceeded $2 million.    

Best Practices for Responding to Third-Party Subpoenas

  • Do a preliminary search before collecting the data for review: An early analysis provides a general sense of the project’s size, the volume of data, and the time required. This helps set expectations and facilitates negotiations with the requesting party.
  • Negotiate scope to minimize burden: According to the Legal Data Intelligence (LDI) model, the FRCP and state equivalents in the U.S. protect third parties from undue burden when responding to subpoenas. Scope must be negotiated by limiting the number of custodians, data sources, or by the date range to minimize burden and ensure that the document production does not turn into a fishing expedition.   
  • Validate the third-party subpoena request against jurisdictional requirements: For example, in California, subpoenas seeking personal records (bank records, medical files, or employee personnel files) require notice to the consumer or employee whose records are sought. That person has the right to object, effectively pausing compliance.
  • Get on the same page with the requesting party: It is always better to agree on an ESI protocol with the requesting party to ensure defensibility of responsive review and to avoid introducing irrelevant data into the review queue. Agree early on search criteria, the number of custodians, data sources, and the date range.

Managing Third-Party Subpoenas on RelativityOne

Once you have successfully negotiated the scope of the project, established clear ESI protocol, and agreed on a review methodology with the requesting party, you can go to work in RelativityOne.

Here’s what a typical workflow looks like when managing a third-party subpoena in RelativityOne:

Collect: Defensible and targeted ESI collection in RelativityOne.

  • Collect data straight from the source with fast, secure, and defensible collections from some of the most widely used enterprise platforms. In RelativityOne, you can retrieve data from Bloomberg, Box, ChatGPT Enterprise, Google Workspace, iManage, Microsoft 365, Refinitiv Eikon, Slack messages, and X1, and a growing list of new and emerging cloud data sources.
  • In keeping with the scope and ESI protocol negotiated with the requesting party, you can collect data based on the custodians, data sources, and the date range, and the search criteria delineated in the review protocol.

Process and Focus Your Data Set: Turn raw data into a normalized, searchable, and review-ready format.

  • RelativityOne offers several deduplication capabilities to reduce your document workload; for example, the custodial deduplication option ensures that duplicates of documents belonging to the same custodian are not pushed up for review.
  • Create a processing profile based on the ESI protocols negotiated with the requesting party and applicable instructions pursuant to the subpoena request. 
  • By processing data in RelativityOne, you can defensibly cull the data set while still retaining all item-level metadata.
  • If you are processing data from Staging and have your data organized by custodians, using quick create sets will automate creation of Custodian document objects.
  • Use RelativityOne’s early case assessment workflow to ensure that your review team can focus on the documents that truly matter and meet production deadlines without getting slowed down.
  • Enable automated workflows to streamline critical actions such as:
    • Structured analytics operations like email threading, near-duplicate analysis, language identification, and repeated content identification to categorize documents based on their content, analyze that content, or create tools to more effectively filter content.
    • dtSearch index so that reviewers can start running complex queries right away. 
    • By automating imaging sets, you let RelativityOne convert defined native file types into static images as soon as processing finishes and save time. 

Note: Using the same search terms that were used to identify potentially responsive documents during the collection, create your search term reports (STRs). In addition, any terms or search queries used to collect data should be re-applied to the processed documents while accounting for modifications to match dtSearch syntax. The resultant documents from these saved searches, in conjunction with structured analytics such as email threading and near-duplicate identification, will be used to identify the universe of documents that need to be reviewed.

  • Subpoenas often list multiple requests for production (RFPs), numbered (for ex. RFP No. 1, RFP No. 2, et cetera). In RelativityOne, you can add a custom field when mass coding documents and their family to specify the specific subpoena request (RFP No.) that the document and its family are likely responsive to.

Review: After documents have been processed and ECA workflows applied, proceed with preparation for document review.

  • If there is a possibility of personally identifiable information (PII) or other sensitive information in the review data set that should not be produced, create automated Redact projects. With Redact in RelativityOne, you can apply markups to imaged documents, spreadsheet files, and PDF files automatically. You determine how a project applies markups by creating rules that establish what words, terms, or regular expressions will receive markups. For example: specific words (“Confidential” OR “CBI”), terms (names of certain people), and patterns via regular expressions (e.g., phone numbers, social security numbers, credit card numbers)

Note: Ideally, Redact projects should be run prior to review so the QC of automated Redact projects can occur concurrently with responsive review. However, it is possible that more information requiring redaction may surface as review is underway. It is important that review teams keep the workspace administrator informed of these items as they arise so that Redact projects can be updated accordingly, thereby reducing the need for future manual redactions.

  • If all documents need to be manually reviewed, you can create a saved search review queue in Review Center. If documents should be prioritized for production based on relevance pursuant to an agreement with requesting counsel, use a prioritized review queue. Regardless of the queue type, the goal of the review team will be to confirm responsiveness and accurately label responsive documents pursuant to Federal Rule of Civil Procedure 45(e)(1)(A). Therefore, it is important that in addition to a binary responsiveness field, nested choices or conditional coding rules are configured on the coding layout for this purpose.

Note: With prioritized review, RelativityOne leverages AI to predict which documents are most likely to be coded positive, and it serves those up first.

  • If you will be reviewing with AI, consider creating an aiR for Review project using an issues analysis to identify and code documents based on the RFPs. After the project has been created, you can use the Draft with AI feature to automatically create a draft of the prompt criteria. The prompt criteria fields generally align with a traditional review protocol or case brief in that it describes the matter, entities involved, and what is relevant to the legal issues at hand. A source document that may be useful here would be a copy of the subpoena rider, specifically where categories of responsive documents are described (i.e., requests for production).

Note: For optimal results, refer to Relativity’s aiR for Review workflow guide, which outlines best practices for identifying sample documents, iterating on the prompt criteria, and validating results.

  • To streamline and expedite privilege review, create an aiR for Privilege project after review is complete. The data source for the project would be all documents coded as responsive, plus family. If you are delivering productions to requesting counsel on a recurring or rolling basis, each “proposed production” would constitute a new aiR for Privilege project, and you have the option to produce the privilege log at the conclusion of rolling productions. The benefit of this approach is that aiR for Privilege will benefit from the iterative learnings of the previous projects, thereby reducing manual annotations. The draft privilege log generated by aiR for Privilege should be reviewed and QCed prior to release.

Generate Output

  • Produce documents pursuant to applicable production specifications. Exporting a list of produced documents with the RFP and Bates numbering fields will allow for documents to be properly identified in the subpoena response.

Note: As review is underway, create a “placeholder” production set that meets the requirements of the subpoena production specifications (i.e., numbering, sort method, branding for confidentiality designations, etc.).

  • If a privilege log is required to be produced for withheld or redacted documents, export the log with the subpoena response and final production.

Streamline Third-Party Subpoenas with the Right Technology

Third-party subpoenas will only grow more complex as the volume and complexity of data continue to rise, but with RelativityOne, organizations can address them with precision and confidence.

With advanced AI-driven workflows and unparalleled security, performance, and support, RelativityOne enables legal teams to protect sensitive information, meet tight deadlines, and transform third-party subpoena response into a secure, strategic, and repeatable workflow.

Graphics for this article were created by Caroline Patterson.

See What Relativity Can Do For You


Drew Muffett is on Relativity's success team, where he helps legal teams optimize workflows, onboard new tools, and participate in the development cycle. Previously, he served in the legal office of the California Air Resources Board for 9 years.

The latest insights, trends, and spotlights — directly to your inbox.

The Relativity Blog covers the latest in legal tech and compliance, professional development topics, and spotlights on the many bright minds in our space. Subscribe today to learn something new, stay ahead of emerging tech, and up-level your career.

Interested in being one of our authors? Learn more about how to contribute to The Relativity Blog.