Category Archives: eDiscovery & Compliance

Significant Microsoft 365 eDiscovery Challenges Require a New Approach

By John Patzakis

The adoption of cloud-based Microsoft 365 (“MS 365”) by enterprises continues to grow exponentially, with the company recently reporting 300 million monthly active users, and the addition of over 100 petabytes of new content each month. There is no question that MS 365 is now a major data source for eDiscovery, second only to file-shares and laptops, and as such provides challenges to every legal and eDiscovery practitioner.

While MS 365 includes built-in eDiscovery tools in the Security and Compliance Center, many users look to third party alternatives due to the high cost, perceived concerns over the accuracy of search results, and other key challenges. However, most non-MS eDiscovery tools collect from MS 365 by simply making bulk copies of data associated with individual accounts, and then attempting to transfer that data en masse to their own proprietary processing and/or review platform. This problematic approach is counter-productive to the very purpose of why you put data in the cloud.

Such an effort is very costly, time consuming, and inefficient for many reasons. For one, this bulk transfer triggers data transfer throttling by Microsoft, causing significant time delays. But the main problem is that clients who are investing in MS 365 do not want to see all their data routinely exported out of its native environment every time there is an eDiscovery or compliance investigation. Organizations are fine with a targeted set of potentially relevant ESI leaving MS 365. What they do not want is a mass bulk export of terabytes of data at great expense because eDiscovery and processing tools need to first broadly ingest that data in their disparate platform in order to even begin the indexing, culling and searching process.

Additionally, organizations, especially larger enterprises, rarely house all or even most of their data within MS 365, with hybrid cloud and on-premise environments being the norm. MS 365 eDiscovery tools can only address what is contained within MS 365. Any on-premise data, including on-premise Microsoft sources (SharePoint, Exchange) cannot be readily consolidated by MS 365, and neither can data from other cloud sources such as Google Drive, Box, Dropbox, etc. And of course, laptops and file-shares are critical to eDiscovery collections and are also not supported by the MS 365 eDiscovery tools, with Microsoft indicating that they do not have any plans to address all of these non-MS 365 data sources.

So, eDiscovery software providers need to have a good process to perform unified search and collection of MS 365 and non-MS 365 sources. To achieve requisite efficiency and the minimization of data transfer, this process should be based upon a targeted search and collection in-place capability, and not simply involve mass export of data out of MS 365 for downstream processing and searching.

To answer this unmet critical need, X1 has added MS 365 data connectors to our X1 Enterprise Collect platform. X1 Enterprise Collect provides users the unique ability to search and collect MS 365 data in-place. X1’s optimized approach of iterative search and targeted collection enables organizations to apply proportionality principles across both cloud and on-premise data sources with clear and consistent results for effective eDiscovery. The search results are returned in minutes, not weeks, and thus can be highly granular and iterative, based upon multiple keywords, date ranges, file types, or other parameters. This approach typically reduces the eDiscovery collection and processing costs by at least one order of magnitude (90%).

The X1 Enterprise Collect Platform is available now from X1 and its global channel network in the cloud, on-premise, and with our services available on-demand. For a demonstration of the X1 Enterprise Collect Platform, contact us at sales@x1.com. For more details on this innovative solution, please visit www.x1.com/x1-enterprise-collect-platform.

Leave a comment

Filed under Best Practices, Cloud Data, Corporations, Data Audit, ECA, eDiscovery, eDiscovery & Compliance, Enterprise eDiscovery, ESI, Information Governance, Information Management, OneDrive, Preservation & Collection, SharePoint

The Traditional Workplace is Not Coming Back, with Major Implications for eDiscovery

By John Patzakis

The world has in many ways returned to life as it was prior to the pandemic. Restaurants and hotels are packed again. Children are all back in their classrooms. Rock bands and philharmonics are playing in front of full audiences. But this is not so for the office.

Only about a third of knowledge workers are back in the office more than once a week, but, according to CNN, only 5 percent of employers are requiring in-office attendance five days a week. And it doesn’t look like these trends are going to change dramatically any time soon. In fact, the trend toward remote work should continue as office leases continue to expire. The vast majority of knowledge workers prefer some form of hybrid or remote work, and executives are increasingly coming to accept that reality. Remote and hybrid work is here to stay. And this has major repercussions for eDiscovery practices.

This is because the legacy manual collection workflow involving travel, physical access and one-time mass collection of custodian laptops, file servers and email accounts is a non-starter for the new era of remote and distributed workforces. Manual collection efforts are expensive, disruptive and time-consuming as many times an “overkill” method of forensic image collection process is employed, thus substantially driving up eDiscovery costs.

When it comes to technical approaches, endpoint forensic crawling methods are now a non-starter. Network bandwidth constraints coupled with the requirement to migrate all endpoint data back to the forensic crawling tool renders the approach ineffective, especially with remote workers needing to VPN into a corporate network. Corporate network bandwidth is at a premium, and the last thing a company needs is their network shut down by inefficient remote forensic tools.

For example, with a forensic crawling tool, to search a custodian’s laptop with 20 gigabytes of email and documents, all 20 gigabytes must be copied and transmitted over the network, where it is then searched, all of which takes at least a day or so per computer. So, most organizations choose to force collect all 20 gigabytes. But while this was merely inefficient and expensive pre-pandemic, it is now untenable with the global remote workforce.

Solving this collection challenge is X1 Enterprise Collect, which is specially designed to address the challenges presented by remote and distributed workforces. X1 enables enterprises to remotely, quickly and easily search across up to thousands of distributed endpoints and data servers from a central location. Legal and compliance teams can perform unified complex searches across both unstructured content and metadata, obtaining statistical insight into the data in minutes, and full results with completed collection in hours, instead of days or weeks. The key to X1’s scalability is its unique ability to index and search data in place, thereby enabling a highly detailed and iterative search and analysis, and then only collecting data responsive to those steps.

X1 operates on-demand where your data currently resides — on desktops, laptops, servers, or the cloud — without disruption to business operations and without requiring extensive or complex hardware configurations. After indexing of systems has completed (typically a few hours to a day depending on data volumes), clients and their outside counsel or service provider may then:

  • Conduct Boolean and keyword searches of relevant custodial data sources for ESI, returning search results within minutes by custodian, file type and location.
  • Preview any document in-place, before collection, including any or all documents with search hits.
  • Remotely collect and export responsive ESI from each system directly into a Relativity or RelativityOne® workspace for processing, analysis and review or any other processing or review platform via standard load file. Export text and metadata only or full native files.
  • Export responsive ESI directly into other analytics engines, e.g. Brainspace®, H5® or any other platform that accepts a standard load file.
  • Conduct iterative “search/analyze/export-into-Relativity” processes as frequently and as many times as desired.

To learn more about this capability purpose-built for remote eDiscovery collection and data audits, please contact us.

Leave a comment

Filed under Best Practices, ECA, eDiscovery, eDiscovery & Compliance, Enterprise eDiscovery, ESI, Preservation & Collection

Relativity and X1 Publish Updated Joint Legal Whitepaper on ESI Collection Best Practices

By John Patzakis

Relativity and X1 have published an updated joint legal whitepaper addressing full-disk imaging as a disfavored collection practice in civil litigation, with Relativity eDiscovery attorney David Horrigan as the lead author. This paper is a substantive update from the original published a year ago, adding discussion of important and relevant new case law published in the past 12 months. The paper notes that “if the preliminary data from the first five months of 2022 are any indication, we may be seeing that the law of proportionality is becoming more settled — and that courts continue to disfavor full-disk imaging.”

The paper delves into all the legal reasons, including detailed analysis of case law, the Federal Rules of Civil Procedure, and the Sedona Principles establishing why forensic collection is not required in civil litigation. The paper primarily focuses on the principles of proportionality in its legal analysis as well as case law issued prior to the 2015 amendment to the Federal Rules of Civil Procedure, which gave greater prominence and clarification of the proportionality rules.

One of the recent updated cases included is Besman v. Stafford, where the appellate court reversed and remanded a trial court’s order of a forensic examination of a law firm computer, holding the trial court erred in failing to take precautions to protect the privileged and confidential information on the device. “Generally, courts are reluctant to compel forensic imaging, largely due to the risk that imaging will improperly expose privileged and confidential material contained on the hard drive,” Judge Anita Laster Mays wrote for the appellate court.

This is an important topic as a key problem in eDiscovery that drives inefficiencies and higher costs is that default collection methods often involve full-disk imaging—a forensic examination of an entire computer—when searching for responsive data. As the whitepaper notes, “it turns out full-disk imaging is not required for most eDiscovery collections. In fact, courts often disfavor the practice.”

A copy of the whitepaper can be found here.

Leave a comment

Filed under Best Practices, Case Law, collection, eDiscovery, eDiscovery & Compliance, Enterprise eDiscovery, ESI, proportionality, Relativity

Industry Experts: Proportionality Principles Apply to ESI Preservation and Collection

By John Patzakis

Under Federal Rule of Civil Procedure 26(b)(1), parties may discover any non-privileged material that is relevant to any party’s claim or defense and proportional to the needs of the case. Lawyers that take full advantage of the proportionality rule can greatly reduce cost, time and risk associated with otherwise overbroad eDiscovery production. In a recent webinar, eDiscovery attorney Martin Tully of Redgrave LLP, addressed how to use processes and best practices to operationally attain this goal, particularly in the context of preservation and collection. In addition to being a partner at the Redgrave firm, Tully is currently the chair of the Steering Committee of the Sedona Conference Working Group on Electronic Document Retention and Production (WG1), providing additional import to his comments on the subject.

During the webinar, Tully noted that the “duty to preserve is directly aligned with what is within the scope of discovery….so if something is not within the scope of discovery – that is its either not relevant or its not proportional to the needs of the case — then there should not be an obligation to preserve it in the first place.” Tully discussed at length the recent case of Raine Grp. v. Reign Capital, (S.D.N.Y. Feb. 22, 2022), which holds that under FRC 26(a), parties “have an affirmative obligation to search for documents which they may use to support their claims or defenses.” In meeting these obligations, the court provided that a producing party may utilize search methodologies, specifically mentioning search terms. Tully explained that the court—in addressing the concept of reasonable, proportional discovery under the Rules – provides that producing parties are obligated to search custodians and locations it identifies on its own as sources for relevant information as part of its obligations under Rule 26, but that such identification and collection efforts should be proportional.

Further to these points, Tully weighed in on overbroad practice of full-disk imaging, noting that it should not be the default practice for eDiscovery collection: “Too often there is a knee jerk approach of ‘let’s just take a forensic image of everything – just because.’” According to Tully, alternative and more targeted search and collection methods were more appropriate for eDiscovery and can better effectuate proportional efforts: “Indexing in-place is key because it doesn’t just preserve in-place and reduce costs, but it can give you insight (into the data) to further justify your decision not to collect it in the first place, or if you need to, you are in much better shape to go back and collect the data in a tailored and focused way.”

Co-presenter Mandi Ross, CEO of Insight Optix also provided keen insight, outlining her typical workflow applying the aforementioned proportionality concepts through custodian and data source ranking and keyword searching performed in an iterative manner to identify key custodians, data sources, and the potentially relevant data itself. To effectuate this, Mandi noted that the enterprise eDiscovery collection and early data assessment process should enable a targeted, remote, and automated search capability, with immediate pre-collection visibility into custodial data.

In fact, both Tully and Ross emphasized in their comments that none of the cost-saving, targeted collection efforts permitted under the Federal Rules can be realized without an operational capability to effectuate them. Ideally, the producing party can employ a defensible, targeted, and iterative search and collection process in-place, prior to collection to effectuate the proportional discovery process approved by the court in this decision. However, without such a capability, the alternative is an expensive, over-collection effort, where the data is searched post collection. Enabling the search iteration and targeted collection upstream brings dramatic cost savings, risk reduction, and other process efficiencies.

A recording of the webinar on proportionality can be accessed here.

Leave a comment

Filed under Best Practices, Case Law, Case Study, eDiscovery, eDiscovery & Compliance, Enterprise eDiscovery, ESI, Information Management, Preservation & Collection, proportionality