Category Archives: compliance

Kim v. Cushman & Wakefield: A Federal Court Confirms That Email Search Terms Don’t Work for Microsoft Teams

By John Patzakis

Blog header about the Kim v. Cushman & Wakefield case, discussing a federal court ruling on email search terms and their ineffectiveness for Microsoft Teams. Includes graphics of a gavel, documents, and message bubbles.

A recent decision out of the Central District of California should be required reading for any legal team that includes Microsoft Teams as data source in their discovery plan. In Kim v. Cushman & Wakefield U.S., Inc., 2026 WL 1353455 (C.D. Cal. Apr. 24, 2026), the court held that search terms that may be appropriate for email may not be sufficient for shorter, less formal communications on a collaboration platform like Teams.

The plaintiff, Ms. Kim, alleged pregnancy discrimination after being terminated upon her return from maternity leave. The defendant asserted the termination was part of a reduction in force; Ms. Kim alleged that rationale was pretextual. The discovery dispute arose when it emerged that the defendant had not searched Microsoft Teams at all—even though, as one of the defendant’s own witnesses testified, Teams was one of the primary communication methods used at the company. To its credit, upon discovering the gap, defense counsel immediately ran the existing email search terms against Teams and produced 47 pages of messages, two of which proved relevant to the pretext analysis.

That partial cure satisfied no one. The plaintiff demanded a nearly indiscriminate search of “all reasonably likely repositories,” while the defendant maintained it had already run the terms against Teams and “there’s nothing left.” The court’s response: “Neither position is quite right.”

The Teams Ruling: Keyword Searches Alone Are Not Enough
The heart of the opinion is the court’s recognition that rerunning email-oriented search terms against Teams data is structurally flawed. The defendant’s terms all required “Connie Kim” as an anchor—e.g., “Connie Kim” NEAR “terminat!”. As the court explained:

“It is arguable whether that may work well enough even for emails, but it cannot work for MS Teams chats about transition planning among managers who might say ‘the Smartsheet’ or ‘Brooke’s workload’ without mentioning Plaintiff by name. Keyword searches alone, without more advanced and thoughtful search techniques, will be inadequate for Teams data—a medium where conversations are shorter, more informal, and less likely to include full names than email.”

The court also underscored the certification obligation that attaches once a party elects to search: “An objecting party that elects to search and produce—rather than move for a protective order—undertakes an obligation to search reasonably. See Fed. R. Civ. P. 26(g)(1)(B).” And the Rule 26(b)(1) proportionality analysis weighed in the plaintiff’s favor as to Teams, since the messages already produced confirmed that relevant communications existed in that repository.

Notably, the court declined to dictate methodology, holding that how the defendant fulfills its supplemental search obligation— “whether through custodian-based collection, refined keyword queries, or technology-assisted review—is Defendant’s choice, so long as the search is reasonable and the production is complete.” The court also traced the root cause to a pro forma Rule 26(f) conference: had the parties conducted a substantive ESI conference identifying repositories, custodians, and communication platforms at the outset, the Teams gap would have been caught months earlier.

In his excellent writeup of this case, Michael Berman of E-Discovery LLC consulted eDiscovery expert Tom O’Connor of the Gulf Coast Legal Technology Center, who raised a critical practical question: what tool was actually used for the search? O’Connor explained that while keyword searches inside Teams work, Teams supports only basic keyword matching and a few command-style filters. Per O’Connor, the native “Teams search indexes chat differently than email,” in that it:

• “Prioritizes exact word matches;
• Does not index message metadata as richly as Outlook;
• Often misses partial-word matches; and
• Returns fewer results when the term is too specific.”

In other words, even well-crafted Boolean terms can silently underperform when run against Microsoft’s native Teams index.

Why Kim Illustrates the Case for X1 Enterprise
The Kim decision validates what we have long argued at X1: when addressing MS 365 data for eDiscovery, the search methodology applied to it must be purpose-built. As we detailed when we launched our advanced MS Teams support, X1 Enterprise enables a targeted, iterative search and collection of Teams data in-place, with the ability to target individual custodians and specific messaging threads—displacing any need to mass download channels—plus unified search across Teams, OneDrive, SharePoint, Mail, laptops, and file shares, and one-click upload into Relativity for review.

Critically, X1 does not rely on the limited native Microsoft Teams index that O’Connor describes. X1’s patented technology builds its own full-featured index of Teams data, enabling precisely the “more advanced and thoughtful search techniques” the Kim court demanded. That includes detailed Boolean queries with nested operators, proximity, and wildcard/stemming support that execute consistently across both email and chat data—so counsel is not forced to choose between Outlook precision and Teams looseness. X1 also includes the ability to search on emojis, which is critical for Teams and other chat platforms, where a reaction emoji may be the entire substance of a manager’s response to a message about a “transition plan.”

X1’s patented in-place search and classification capabilities extend this further. Through the X1 API, organizations can programmatically execute searches and apply AI-driven classification models directly where the data lives—before anything is collected. Applied to the Kim fact pattern, that means counsel can iteratively test and refine looser, Teams-appropriate search terms against live data, measure the results, and classify what comes back—building a defensible, documented search methodology of exactly the kind the court invited when it referenced “refined keyword queries” and “technology-assisted review.” And because it all happens in place, the proportionality benefits are built in as only potentially responsive data is collected.

The lesson of Kim is straightforward. Courts now expect parties to identify collaboration platforms like Teams at the Rule 26(f) stage, to search them with techniques suited to informal chat data, and to do so reasonably and completely. Meeting that expectation requires solutions designed for the job.

Learn more about the X1 Enterprise Platform, or contact our sales team to schedule a live demo.

Leave a comment

Filed under Best Practices, compliance, Corporations, Data Audit, Data Governance, ECA, eDiscovery & Compliance, Enterprise eDiscovery, Enterprise Search, ESI, Information Access, Information Governance, Information Management, law firm, m365, MS Teams

Navigating Legal and Compliance Risks When Corporations Expose Sensitive Data to AI

By Kelly Twigger and John Patzakis

Implementing AI within a corporate environment is no longer a matter of “if” but “how.” We recently addressed these challenges in our webinar, “Navigating Legal and Compliance Risks in AI,” where our panel of experts discussed the strategic transition required to build a robust risk mitigation framework. While the efficiency gains of AI—such as automating workflows and surfacing deep insights—are compelling, introducing sensitive enterprise data into these models without a tactical plan can lead to unintended consequences. These risks range from the dilution of trade secrets to complex eDiscovery obligations and substantial regulatory exposure under the GDPR.

To leverage AI safely, counsel should focus on the following grounded strategies for risk management.

Protect Trade Secrets
Under federal law, trade secret status is contingent upon the owner taking “reasonable measures” to maintain secrecy. This is a rigorous standard; if proprietary information—such as source code or high-value technical data—is fed into an unsecured AI model without strict access controls, a company risks losing its legal protections entirely.

  • Review the Judicial Standard: In Snyder v. Beam Technologies, Inc., the 10th Circuit affirmed that failing to use confidentiality protections or allowing information to reside on unsecured devices can defeat trade secret status.
  • Maintain Active Safeguards: Courts emphasize that consistent and active safeguards are required to maintain secrecy. Lax internal controls during AI interactions can be cited as evidence that “reasonable measures” were not maintained.
  • Implement No-Prompt Zones: Establish “No-Prompt Zones” for your organization’s most sensitive intellectual property. By isolating core IP from third-party cloud models, you maintain a defensible record of “reasonable measures” that can withstand scrutiny in litigation.

Manage the eDiscovery Paper Trail
AI interactions—both the prompts submitted by employees and the responses generated by the tools—are considered discoverable Electronically Stored Information (ESI). These records are part of the corporate record and are subject to subpoena and legal holds.

  • Understand the Technical Reality: Microsoft has confirmed that Microsoft 365 Copilot interactions are logged through the Purview unified audit log, making them searchable, preservable, and producible via eDiscovery tools.
  • Assess Scope of Exposure: Because these chats are treated no differently than emails, they may inadvertently expose privileged or damaging material if not managed properly.
  • Map Information Logs: Update your legal hold workflows to specifically include AI conversation logs and audit trails. Mapping where these logs live before litigation arises ensures a more controlled and cost-effective discovery process.

Navigate GDPR and Data Privacy
Processing customer or employee data through AI models requires strict adherence to the GDPR principles of data minimization, purpose limitation, and lawfulness. Feeding sensitive data into AI models without a clearly articulated lawful basis—such as consent or legitimate interest—can result in significant administrative fines.

  • Meet Compliance Requirements: European authorities require organizations to demonstrate compliance by documenting purposes, limiting data inputs, and ensuring appropriate safeguards are in place.
  • Identify Special Categories: The GDPR is particularly restrictive regarding health information or data revealing racial or ethnic origin, requiring specific exemptions for processing.
  • Conduct Privacy Impact Assessments: Perform mandatory Privacy Impact Assessments (PIAs) for any AI tool that touches personal data. Documenting the purpose and necessity of the processing is critical for maintaining regulatory standing during an audit.

Leverage In-Place AI Functionality
A critical strategy for reducing risk is shifting where the AI processing occurs. Rather than routing data through external, third-party cloud-hosted AI services, organizations should consider prioritizing workflows where AI is applied in-place within the corporate network or controlled enterprise environment.

  • Secure the Data Perimeter: By keeping data and AI processing behind the organization’s own security firewall, you materially reduce the risk of trade secret leakage and data exfiltration.
  • Minimize Third-Party Footprint: Applying AI in-place narrows the scope of discoverable third-party records, as the interactions remain within your internal infrastructure rather than residing on a vendor’s servers.
  • Establish Full Governance Control: This model provides counsel with direct control over privacy, retention, and audit obligations—essentially giving you the “kill switch” for data that you simply do not have with external cloud vendors.

Tactical Governance and Ethical Oversight
Counsel must navigate the professional and technical nuances of AI deployment to ensure long-term stability.

  • Ensure Professional Competence: The ethical duty of technological competence requires attorneys to understand the limitations of the tools they use. AI should be treated as a “junior associate”—capable of great speed but requiring diligent human verification of all output.
  • Apply Risk-Based Tiering: Not all AI use cases carry the same weight. We recommend a tiered approach:
    o Tier 1 (Administrative): Low-risk tasks involving non-sensitive data.
    o Tier 2 (Internal/Marketing): Standard communications requiring routine oversight.
    o Tier 3 (High-Value/Restricted): High-stakes processing involving PII, health data, or proprietary IP, requiring senior legal sign-off and strict data handling protocols.
  • Execute Proactive Vendor Vetting: Move from consumer-grade tools to enterprise solutions that offer SOC 2 Type 2 attestations. Ensure contracts explicitly prohibit the vendor from using your data to train their global models.

In light of these risks, corporate counsel should take a proactive, structured approach to AI governance. This includes implementing data classification and usage controls to prevent sensitive trade secrets from being exposed to AI systems without safeguards; establishing clear policies governing AI prompts, outputs, retention, and eDiscovery treatment; and conducting privacy impact assessments to ensure personal data processing complies with GDPR and similar regulations. In addition, counsel should carefully evaluate AI deployment models and consider workflows in which AI models are deployed in-place within the corporate network or controlled enterprise environment, rather than routed through third-party cloud-hosted AI services. Keeping data and AI processing inside the organization’s security perimeter can materially reduce trade secret leakage risk, narrow the scope of discoverable third-party records, and provide greater control over privacy, retention, and audit obligations—while still allowing the enterprise to realize the benefits of advanced AI capabilities.

For a deeper dive into these strategies and more case studies, you can watch the full session here.

1 Comment

Filed under Best Practices, compliance, Corporations, Cybersecurity, Data Governance, ECA, eDiscovery & Compliance, Enterprise AI, Enterprise eDiscovery, ESI, GDPR, Information Governance, Records Management

X1 Enterprise Is the Gold Standard for Data Separation in M&A Matters

By John Patzakis and Charles Meier

X1 is the Gold Standard in Data Separation

Corporate mergers and acquisitions are complex enough on their own — but when a deal involves the divestiture of an entire business unit or a carve-out of specific departments, the stakes for separating data correctly and efficiently become even higher. Legal and IT teams must identify and surgically separate emails, documents, and other unstructured electronic information to ensure that the right data goes to the acquiring party — and that what must be retained remains secure and compliant with privacy and legal requirements.

This data separation exercise is notorious for being time-consuming, extremely expensive, and highly disruptive. This is because traditional methods require heavy lifting by IT teams and service providers, endless back-and-forth with custodians, and mass data collections that literally double the risk. Worse yet, Microsoft Purview, with its known throttling and low throughput challenges for M 365 data, is not up to the task for data separation matters that invariably involve at least dozens of terabytes. These inefficiencies all lead to severe regulatory risks, runaway costs, and critical delays.

There is, however, a far better way — X1 Enterprise. Several major corporations have recently employed X1 Enterprise in high-stakes data separation matters. Once completed, the comments from our customers are the same: There was no other way they could have done it without spending millions of dollars on time-consuming and disruptive services.

Data Separation Is Not Just Another eDiscovery Project

Unlike standard eDiscovery, a divestiture-driven data separation project must carve out large volumes of live, operational data while the business continues to run. Legacy tools and processes require copying and moving the entire subject data set to a separate repository for indexing and searching — adding huge costs, time delays, and operational risk.

X1 Enterprise’s game-changing advantage lies in its distributed micro-indexing architecture and true index-in-place capability. This unique approach allows organizations to instantly search, categorize, and separate or otherwise remediate massive volumes of data where it resides — without duplicating and exporting entire data sets to third-party servers for processing.

In practical terms, this means:

Lightning-Fast Search: X1 Enterprise creates lightweight, local micro-indexes on endpoints and servers across the organization. Search results come back in seconds, no matter where the data lives — on laptops, file shares, or cloud repositories such as M365.

Minimal Disruption: Because the data stays in place, there is no need to duplicate or move sensitive content, minimizing the risk of data leakage, avoiding the bottlenecks that come with data copying and migration for centralized processing, and enabling the actual remediation to be infinitely more effective by working on the live data set. How do you execute data separation when you are working off a stale copy of the data for the categorization effort? The short answer: Up to millions of dollars in manual services to go back to the “original data” and manually separate the data for each employee and their respective data sources.

Scalability and Control: Whether the divestiture involves hundreds or thousands of custodians across geographies, X1 Enterprise scales seamlessly while giving legal and IT teams centralized control and real-time oversight.

Defensible Process: Legal teams can generate audit trails, reports, and logs to demonstrate a precise and defensible chain of custody, which is critical for regulatory and contractual compliance.

The Bottom Line: Much Faster, with Dramatically less Cost and Risk.

When time is money — and delays can put entire deals at risk — organizations cannot afford cumbersome, legacy eDiscovery workflows for carve-out data separation projects. X1 Enterprise’s innovative architecture empowers legal, compliance, and IT teams to execute precise data separations faster, with dramatically lower cost and business impact.

For any organization facing a merger, acquisition, or divestiture, X1 Enterprise is not just an upgrade — it is the modern standard for high-stakes data separation and governance.

Learn more about how X1 Enterprise can streamline your next M&A project. Schedule a demo today at sales@x1.com or visit  www.x1.com/solutions/x1-enterprise-platform.

Leave a comment

Filed under Best Practices, Case Study, Cloud Data, compliance, Corporations, Data Audit, ECA, eDiscovery & Compliance, Enterprise eDiscovery, ESI, GDPR, Information Access, Information Governance, Information Management, m365, Preservation & Collection, Records Management

X1 Enterprise Successfully Passes GDPR-Mandated Data Protection Impact Assessment

By John Patzakis

The European Union (EU) General Data Protection Regulation (GDPR) requires that subject organizations ensure and demonstrate the protection of personal data under their control. GDPR Article 35 mandates that when implementing new data collection technologies or engaging in a major new project involving significant data collection, an organization must perform a Data Protection Impact Assessment (DPIA).

Recently, a Fortune 500 company with global operations successfully implemented X1 Enterprise to address their eDiscovery and information governance requirements throughout the EU region, involving both Microsoft 365 and on-premises data sources. This implementation required the vetting of X1 Enterprise by auditors and the internal Data Protection Officer through an extensive DPIA process, which X1 passed. The effort provides important industry insights into how our Fortune 500 customer leveraged X1’s unique, on-premises index-in-place and targeted search and collection features, as well as other data minimization capabilities, to meet the DPIA requirements.

The EU provides official guidance and a checklist for conducting an Article 35 DPIA. Among the key requirements is the consideration of the “current state of the technology” in the area and that the technology and collection processes have adequate “proportionality measures” in their collection capabilities to “ensure data minimalisation.” If processes and technology engage in overly broad data collection, the guidance suggests considering alternative technologies and methods.

The team at our Fortune 500 customer emphasized the following unique data minimalization capabilities and features of X1 Enterprise in their DPIA:

  1. Index and Search Data In-Place. X1’s proprietary micro indexes enable the searching of data on laptops, file servers and Microsoft in-place so that only the potentially relevant data is collected for eDiscovery and data audits, which fulfills the GDPR’s proportionality requirements. In contrast, tools that require full disc imaging for basic eDiscovery collection are extremely problematic.

    As the court said in In re Ford Motor Company, 345 F.3d 1315: “[E]xamination of a hard drive inevitably results in the production of massive amounts of irrelevant, and perhaps privileged, information…” Even worse, the collected data is then re-duplicated, often multiple times, by the examiner for archival purposes. And then the data is sent downstream for processing, which results in even more data duplication. Load files are created for further transfers, which are also duplicated. Notably, EU guidance for a DPIA analysis requires that organizations consider alternative data collection technologies and methods that have better “proportionality measures” to “ensure data minimalization.”
  2. Blind Searches and User Enabled Review. Using X1 Enterprise, an administrator can run detailed system wide searches and receive a detailed search result report without having access or possession of the target data. Instead, the administrator can direct X1 to first present the search results to the end-user employee to review and apply tags to identify personal, relevant or non-personal data, thereby applying clear and detailed consent to the subsequent collection of any relevant information.
  3. Segmentation of Data Regions vs. Creation of Central Data Lakes. X1 can be deployed behind an organizations’ firewall or their own private cloud instance in the EU. Each custodian/employee is associated with a single micro-index. This allows X1 to target searches to specific EU counties and segments of users. This contrasts to archiving or other eDiscovery tools that require bulk copying and intermingling of all user data to a central location, where additional back-up copies are made, all which directly run afoul of the data minimalization and proportionality requirements of the GDPR.
  4. Delete Data In-Place. GDPR requires the deletion of non-compliant on demand. Purging data on managed archives does not suffice if other copies are on laptops, unmanaged servers and other unstructured sources. X1’s on-premises distributed architecture uniquely enables the systematic deleting of data in place.
  5. Platform to Enforce GDPR and Privacy Policies. In addition to asserting X1 met the requirements and standards under GDPR mandated DPIA, our Fortune 500 customer noted as further justification in their DPIA that they also planned to utilize X1 Enterprise to enforce privacy policies and provisions under the GDPR. X1 Enterprise is an ideal platform to respond to Data Subject Access requests, proactively audit data sources to identify and remediate personal information, as well as systematically purge unneeded data that may contain personal information of EU data subjects.

    Ready to Learn More?
    For companies navigating complex information governance and eDiscovery requirements, including those involving M365, the  X1 Enterprise Platform ensures compliance while protecting privacy. By implementing X1 Enterprise, organizations can not only reduce costs and save valuable time but also gain a strategic advantage in managing their information governance needs. For a demonstration of the X1 Enterprise Platform, contact us at sales@x1.com. For more details on this innovative solution, please visit www.x1.com/solutions/x1-enterprise-platform.

Leave a comment

Filed under Best Practices, Case Study, Cloud Data, compliance, Data Audit, eDiscovery & Compliance, GDPR, Information Governance, Information Management, law firm, m365, Preservation & Collection

Granting Microsoft 365 Super-Admin Privileges to eDiscovery Service Providers is Very Risky and Unnecessary

By John Patzakis and Chas Meier

In a world where data breaches are not just possible but expected, securing sensitive information becomes paramount. However, in many cases, organizations are unnecessarily handing over the security keys to the kingdom to eDiscovery Service Providers by providing them with very heightened security privileges to their Microsoft 365 tenants. This is because the more manual methods relied on by service providers often involve gaining high-level permissions usually only reserved for senior trusted IT directors and executives within the client organization. Such broad access can lead to unauthorized data access, including creating new accounts for others outside the organization, data overcollection, and unintended data modifications and even deletions. These unnecessary accommodations can cause severe irreversible damage, security breaches and overall complication with compliance efforts.

Clients are often told such high-level security access is absolutely necessary. In truth, service providers only resort to such measures when they fail to utilize best practices technology. In many cases, service providers, once they gain elevated administrative permissions, simply run basic scripts that they position as proprietary, which have little functionality other than the bulk download of M365 data. These scripts only work if very high-level access is granted to the user of the scripts. Once the service provider completes their mass data download from M365, they are off to the races with their traditional highly lucrative eDiscovery workflows of excessive data volumes due to overcollection, extensive processing and project management, and final eventual staging into review, all leading to excessive costs and unnecessarily extended timelines.

In contrast, our customers believe X1’s strategy for M365 Data Access is unique and disruptive to legacy approaches still utilized by many service providers. We designed our approach to maximize security, enhance operational efficiency, and ensure economic advantages for our clients, setting new benchmarks that challenge conventional industry practices.

  1. Uncompromised Security with Read-Only Access
    X1’s approach to accessing client information in a read-only least privileged manner exemplifies our commitment to security. In our approach a client grants read-only permissions to the X1 Enterprise solution licensed and controlled by the client, through an application that also remains under the control of our client and has a built-in expiration. No X1 employee ever needs to have access to or personally utilize the client’s M365 credentials. There is no ability for X1 to create new accounts or even delegate M365 permissions. This approach eliminates the risks associated with more invasive access levels that other eDiscovery providers often require.

    X1’s methodology ensures that the data remains pristine and untouched throughout the eDiscovery process. This approach not only supports stringent compliance with legal and regulatory standards but also shields organizations from the pitfalls of unauthorized data manipulation. It significantly reduces the potential for costly security incidents, reinforcing the trust our clients place in us to handle their most sensitive information.

  2. Index-in-Place: Elevating Data Integrity and Efficiency
    Our “index-in-place” technology stands in stark contrast to the traditional data extraction methods employed by many service providers. These providers often relocate substantial data volumes from clients’ M365 tenants to their environments—a practice driven by the desire to increase hosting volumes and, consequently, revenue. This not only introduces significant security risks but also strains client resources and infrastructure.

    By indexing data directly within its native environment, X1 maintains the integrity and security of the data. This approach significantly reduces the exposure of data to external threats during transfer and storage. It also enhances the speed and accuracy of search and collection processes, enabling quicker responses to legal inquiries and reducing the overall time and cost of eDiscovery.

    Moreover, this method highlights our principle of avoiding the “fox guarding the henhouse” scenario, where providers have incentives that might conflict with client interests. Our clients appreciate the transparency and integrity of keeping their data within their controlled environment, free from unnecessary external manipulation or exposure.

  3. Transparent Pricing Promoting Efficiency and Reuse
    X1’s innovative pricing model stands out by encouraging the efficient reuse of tools without penalizing clients for data volume. This approach directly contrasts with the common industry practice where costs escalate with the volume of data hosted or processed. Our pricing structure is designed to align closely with our clients’ needs for predictable and reasonable costs.

    By not charging based on data volume, we foster a more sustainable and rational use of resources, allowing our clients to plan and budget more effectively. This pricing strategy supports not just cost savings but also promotes a more strategic use of eDiscovery tools, encouraging practices that are both economically and environmentally more sustainable.

Conclusion
X1 is dedicated to setting a higher standard for secure, efficient, and cost-effective data management solutions in Microsoft 365 environments. Our innovative approaches to read-only access, index-in-place technology, and volume-independent pricing ensure that our clients receive unparalleled service that prioritizes their security, operational efficiency, and financial well-being.

We invite you to join us in this transformative journey and experience the peace of mind that comes from knowing your data remains in place until you target a collection to migrate into review. For a demonstration of the X1 Enterprise Platform, contact us at sales@x1.com. For more details on this innovative solution, please visit www.x1.com/x1-enterprise-platform.

Leave a comment

Filed under Best Practices, Cloud Data, compliance, Cybersecurity, eDiscovery, eDiscovery & Compliance, Enterprise eDiscovery, ESI, Information Access, Information Management, m365