I often have discussions with people looking to understand the eDiscovery space better as part of the eDiscovery Advisory Strategy Practice. One of the most recent conversations was around understanding how organizations that are doing in-house culling will impact the volume of downstream data going into the traditional eDiscovery process ending in contract review. Many of my clients over the years have implemented toolsi Nuix, Relativity, ProSearch, CloudNine Law, OpenText EnCase, Forensic Tool Kit (FTK) as well as legal hold tools like Zapproved, IBM Atlas, or Exterro to identify and triage data as part of the initial identification and collection process.
It is my experience that the larger, highly regulated organizations typically have a mature workflow around data culling to reduce the data as early as possible in the EDRM lifecycle. But where does that leave the rest of the organizations in the corporate world where it doesn’t make sense to invest heavily in advanced eDiscovery technologies? What can these types of organizations do to cull data down by date, users, and search terms to reduce their downstream eDiscovery costs?
I believe that Microsoft 365 (M365) may be the tipping point for smaller organizations making a significant dent in downstream eDiscovery data. M365 comprises of messaging (Exchange) and file sharing (OneDrive) along with underlying services like MS Office, SharePoint, and Teams. Underneath the hood is an indexing engine and administrative tools to manage all the data. eDiscovery functionality is found in the Microsoft Compliance Center which manages the data in the M365 ecosystem.
Within the M365 Advanced eDiscovery technology (which requires an E5 license or comparable academic license) exists the functionality to search the indexable data stored in the Microsoft tenant as well as place the data on preservation/legal hold. From there the data can be moved into the review module for more advanced indexing including optical character recognition (OCR) for concept searching and technology assisted review (TAR). The data can then be tagged for relevancy and privilege to ultimately being exported to a load file with native data and/or PDF.
This sounds incredibly simple, but there is nuance to the workflow to ensure the defensibility of the process especially around data processing reporting. There are powerful automation capabilities using scripting with PowerShell to aid the manual steps with the “out of the box” solution.
For smaller organizations that don’t want to invest heavily in eDiscovery collection and culling tools in-house, M365 Advanced eDiscovery becomes a viable solution to organizations wanting to significantly cull their data down before sending it to an eDiscovery processing & hosting provider. Controlling costs is always a good thing, but we need to be aware of the risks associated when incorporating M365 Advanced eDiscovery into the eDiscovery workflow.
Users need to be aware of the nuances within the M365 tenant around indexing and searching their data. The initial “content search” to identify the potentially relevant data in M365 is based tenant’s standard index. This does not include encrypted data or unindexed data that requires OCR
There is a significant amount of documentation required to support the defensibility of the eDiscovery process in M365 Advanced eDiscovery. eDiscovery practitioners are used to having a great deal of control and insight into the data going through the workflow. This information is contained within the M365 the Advanced eDiscovery workflow but it’s not the easiest to get to or easiest to control. Advanced practitioners can use automation and PowerShell scripting to help, but this requires planning and investment upfront.
It is even more critical for organizations to have a documented workflow to track the end-to-end eDiscovery process in some kind of eDiscovery Playbook. This is often overlooked by smaller organizations and this could be the crucial documentation to prove the defensibility of an eDiscovery program.
Organizations need to consider the people and resources to make sure the eDiscovery workflow is being followed. Training the in-house technology and legal team on their roles as well as the tools is important so avoid simply pointing the users to the tools and saying “Go!!”.
M365 Advanced eDiscovery does not help organizations using outside systems like Box, Google’s G Suite, or other outside data sources used by businesses to manage their data. Collaboration tools like Slack or Trello aren’t covered in this workflow easily so be aware that M365 Advanced eDiscovery is not holistic solution. For those types of technologies, you still need other tools to help manage your overall eDiscovery data collection and processing.
Is M365 the tipping point to finally reduce the significant volumes of data going into the eDiscovery process? Maybe.
From my perspective, it is a little too early to say but organizations that properly embrace M365 eDiscovery functionality can significantly reduce their downstream data volumes.
What are your thoughts?