Category Archives: GDPR

July 15, 2025 · 11:43 AM

Courts Favor Targeted eDiscovery Collections, but It Is Up to In-House Teams to Enable Such Cost Saving Proportional Efforts

By John Patzakis

In-House Legal Teams Enable Cost Savings

Corporate legal departments face ever-increasing costs and risk related to eDiscovery, driven largely by excessive and indiscriminate data collection. Many organizations default to an overbroad “collect everything” approach out of an abundance of caution or due to inefficient workflows imposed by third-party service providers or even outside counsel. Over collection results in far higher costs upstream, critical delays and increased risk. However, for this reason courts consistently endorse proportional and targeted discovery practices that balance the needs of litigation with cost-effectiveness and reasonableness. But in order to best realize the benefits of proportionality, organizations should establish an in-house eDiscovery capability supported by best-practices technology.

Courts Support Proportional and Targeted ESI Collection
The Federal Rules of Civil Procedure (FRCP) emphasize proportionality and reasonableness in discovery. Specifically, Rule 26(b)(1) limits discovery to information that is relevant to any party’s claim or defense and proportional to the needs of the case.

Courts have routinely upheld this principle, encouraging parties to avoid overbroad collections:

  1. The Sedona Conference Principles
    While not binding, courts frequently rely on The Sedona Principles, which advocate for “reasonable and good faith efforts” to identify relevant ESI. (See The Sedona Principles, Third Edition, 19 Sedona Conf. J. 1 (2018)). Courts cite these principles to support reasonable limits on preservation and collection.
  2. In re Bard IVC Filters Prods. Liab. Litig., 317 F.R.D. 562 (D. Ariz. 2016)
    Here, the court recognized the proportionality limits of Rule 26(b)(1) and ruled that the defendant’s proposed targeted discovery approach—using custodians, date ranges, and agreed-upon search terms—satisfied its obligations.
  3. Oxbow Carbon & Minerals LLC v. Union Pacific Railroad Co., 322 F.R.D. 1 (D.D.C. 2017)
    The court rejected broad discovery requests that lacked proportionality, holding that the producing party could limit its search for ESI to agreed-upon custodians and relevant date ranges. The court emphasized that broad, burdensome demands are contrary to Rule 26(b)(1).
  4. Hernandez v. City of Houston, No. 4:16-CV-3577, 2020 WL 2542625 (S.D. Tex. May 19, 2020)
    Here, the court denied a motion to compel additional production of ESI beyond agreed search terms, explaining that the requested expansion was disproportionate given the marginal relevance and substantial burden of additional collection.

These and other decisions (further analysis available here) demonstrate that targeted, proportional collection efforts are not only defensible but expected by the courts. Overcollection is hardly mandated by the court and, in fact, can increase risk by preserving irrelevant or privileged information unnecessarily.

So, the problem is not the law. The challenge is that many eDiscovery service providers favor full disk imaging or other forms of massive data over-collection for two reasons: 1) As they are not integrated into a company’s IT data architecture with an established and repeatable process, they revert to a reactive, once-off effort to collect everything that could possibly be relevant; and 2) They are financially incentivized to collect as much data as possible.

Advantages of In-House eDiscovery Capabilities for Targeted Collections
To align with the principles of proportionality, legal departments should move away from the outsourced collection model that favors bulk extraction. Instead, maintaining an in-house eDiscovery capability provides the following key advantages:

  1. Integrated, Precise Search and Collection
    Solutions like X1 Enterprise are designed to index data in place, allowing corporate legal and IT teams to search, cull, and collect only what is relevant—without moving massive volumes of unnecessary data. This reduces costs and minimizes data exposure.
  2. Iterative, Defensible Process
    With in-house capabilities, legal teams can collaborate directly with IT to conduct collections iteratively. They can refine search criteria and custodians in real-time, in response to case developments or meet-and-confer negotiations, ensuring defensibility and responsiveness.
  3. Faster Response Times and Lower Costs
    Deeply integrated technology removes reliance on expensive, reactive third-party vendors who often require full data exports up front. By indexing data where it resides, in-house teams can respond quickly to litigation holds and discovery deadlines.
  4. Enhanced Compliance and Risk Management
    By avoiding massive data dumps, corporations reduce the risk of producing irrelevant, privileged, or sensitive data unnecessarily. Proportionality helps mitigate privacy risks and comply with data minimization principles under privacy laws like the GDPR and CCPA.
  5. Control and Repeatability Across Multiple Use Cases
    In-house solutions preserve institutional knowledge and workflows. Future cases can reuse workflows and search parameters, creating repeatable, consistent, and auditable processes. Further, the same process can be readily leveraged for various information governance and other compliance use cases.

Conclusion
Courts expect discovery to be proportional, targeted, and reasonable—not excessive or indiscriminate. Establishing an in-house eDiscovery capability with proven integrated technology like X1 Enterprise allows your organization to operationalize this legal standard. By doing so, you will reduce costs, minimize risks, and demonstrate good faith compliance with discovery obligations.

Leave a comment

Filed under Best Practices, CaCPA, Cloud Data, Corporations, ECA, eDiscovery, eDiscovery & Compliance, Enterprise eDiscovery, ESI, GDPR, m365, Preservation & Collection, proportionality

Tagged as , , , , , , ,

June 17, 2025 · 2:56 PM

X1 Enterprise Is the Gold Standard for Data Separation in M&A Matters

By John Patzakis and Charles Meier

X1 is the Gold Standard in Data Separation

Corporate mergers and acquisitions are complex enough on their own — but when a deal involves the divestiture of an entire business unit or a carve-out of specific departments, the stakes for separating data correctly and efficiently become even higher. Legal and IT teams must identify and surgically separate emails, documents, and other unstructured electronic information to ensure that the right data goes to the acquiring party — and that what must be retained remains secure and compliant with privacy and legal requirements.

This data separation exercise is notorious for being time-consuming, extremely expensive, and highly disruptive. This is because traditional methods require heavy lifting by IT teams and service providers, endless back-and-forth with custodians, and mass data collections that literally double the risk. Worse yet, Microsoft Purview, with its known throttling and low throughput challenges for M 365 data, is not up to the task for data separation matters that invariably involve at least dozens of terabytes. These inefficiencies all lead to severe regulatory risks, runaway costs, and critical delays.

There is, however, a far better way — X1 Enterprise. Several major corporations have recently employed X1 Enterprise in high-stakes data separation matters. Once completed, the comments from our customers are the same: There was no other way they could have done it without spending millions of dollars on time-consuming and disruptive services.

Data Separation Is Not Just Another eDiscovery Project

Unlike standard eDiscovery, a divestiture-driven data separation project must carve out large volumes of live, operational data while the business continues to run. Legacy tools and processes require copying and moving the entire subject data set to a separate repository for indexing and searching — adding huge costs, time delays, and operational risk.

X1 Enterprise’s game-changing advantage lies in its distributed micro-indexing architecture and true index-in-place capability. This unique approach allows organizations to instantly search, categorize, and separate or otherwise remediate massive volumes of data where it resides — without duplicating and exporting entire data sets to third-party servers for processing.

In practical terms, this means:

Lightning-Fast Search: X1 Enterprise creates lightweight, local micro-indexes on endpoints and servers across the organization. Search results come back in seconds, no matter where the data lives — on laptops, file shares, or cloud repositories such as M365.

Minimal Disruption: Because the data stays in place, there is no need to duplicate or move sensitive content, minimizing the risk of data leakage, avoiding the bottlenecks that come with data copying and migration for centralized processing, and enabling the actual remediation to be infinitely more effective by working on the live data set. How do you execute data separation when you are working off a stale copy of the data for the categorization effort? The short answer: Up to millions of dollars in manual services to go back to the “original data” and manually separate the data for each employee and their respective data sources.

Scalability and Control: Whether the divestiture involves hundreds or thousands of custodians across geographies, X1 Enterprise scales seamlessly while giving legal and IT teams centralized control and real-time oversight.

Defensible Process: Legal teams can generate audit trails, reports, and logs to demonstrate a precise and defensible chain of custody, which is critical for regulatory and contractual compliance.

The Bottom Line: Much Faster, with Dramatically less Cost and Risk.

When time is money — and delays can put entire deals at risk — organizations cannot afford cumbersome, legacy eDiscovery workflows for carve-out data separation projects. X1 Enterprise’s innovative architecture empowers legal, compliance, and IT teams to execute precise data separations faster, with dramatically lower cost and business impact.

For any organization facing a merger, acquisition, or divestiture, X1 Enterprise is not just an upgrade — it is the modern standard for high-stakes data separation and governance.

Learn more about how X1 Enterprise can streamline your next M&A project. Schedule a demo today at sales@x1.com or visit  www.x1.com/solutions/x1-enterprise-platform.

Leave a comment

Filed under Best Practices, Case Study, Cloud Data, compliance, Corporations, Data Audit, ECA, eDiscovery & Compliance, Enterprise eDiscovery, ESI, GDPR, Information Access, Information Governance, Information Management, m365, Preservation & Collection, Records Management

Tagged as , , , , , , , , , , ,

May 20, 2025 · 12:04 PM

Law Firms and Major Enterprises Are Rapidly Moving to X1 Search As Traditional Enterprise Search Becomes Obsolete

By John Patzakis and Chas Meier

Are you tired of wasting hours each week fruitlessly searching across emails, documents, cloud services, and local drives? You’re not alone. Law firms and major enterprises are increasingly recognizing the inherent limitations of legacy enterprise search solutions and turning decisively toward X1 Search.

X1 Search delivers a revolutionary user-based search experience that dramatically boosts productivity. Demand for X1 Search has skyrocketed this year—one major federal agency is expanding from 20,000 to over 40,000 licenses to equip every employee. Nearly half of AMLAW 100 firms now deploy or are actively considering X1. Why this rapid shift?

Traditional enterprise search solutions are fundamentally broken in today’s hybrid-cloud enterprise landscape. They rely heavily on outdated architectures that require mass data duplication and centralization—approaches rendered obsolete by remote work and distributed platforms such as Microsoft 365 and Google Workspace. Specifically, traditional tools face:

  1. Scalability Roadblocks: Centralizing terabytes of distributed unstructured data is now effectively impossible in the modern enterprise.
  2. Incompatibility with Modern Platforms: Legacy systems struggle to integrate effectively with platforms like Microsoft 365 due to restrictive APIs and loss of security permissions when the data is copied and exported en masse.
  3. Regulatory and Governance Challenges: Mass duplication of sensitive data violates critical data protection regulations and contradicts fundamental information governance principles. The GDPR specifically mandates data minimization, particularly when viable alternative technologies exist, as evaluated through a Data Privacy Impact Analysis (DPIA).

Employees in modern organizations effectively have two viable search options: the limited native Windows search or the robust, efficient capabilities of X1 Search. Microsoft Copilot itself recently highlighted X1 Search’s advantages:

“X1 Search offers advanced indexing, instant search-as-you-type capabilities, powerful filtering, keyword highlighting, and document/email previews, significantly surpassing standard Windows Search. Moreover, X1 seamlessly searches across emails, documents, cloud storage, archived data, and more—far beyond Windows Search capabilities.”

X1 Search introduces an entirely new, distributed search architecture uniquely suited to today’s enterprise environments:
Distributed Micro-Indexing: Patented technology ensures secure, permission-aligned indexing, granting employees immediate, secure access to authorized data only.
No Mass Data Duplication: Interact directly with original documents without unnecessary duplication, ensuring compliance and efficiency.
True Federated Search: Search instantly and iteratively across M365, Google Workspace, Slack, and local data sources within a single unified search field—a capability unmatched by any other solution.

The latest X1 Search transcends desktop limitations, instantly searching Microsoft Email, Teams, Slack, OneDrive, SharePoint, local files, and now Google Drive and Gmail, all from one intuitive interface. This empowers users to reclaim hours each day, dramatically boosting productivity.

Leave a comment

Filed under Best Practices, Business Productivity Search, Cloud Data, Corporations, Data Audit, Desktop Search, eDiscovery, Enterprise Search, ESI, GDPR, Google Workspace, Hybrid Search, Information Governance, Information Management, m365, MS Teams, OneDrive, SharePoint

Tagged as , , , , , , , , , , ,

February 12, 2025 · 12:22 PM

X1 Enterprise Successfully Passes GDPR-Mandated Data Protection Impact Assessment

By John Patzakis

The European Union (EU) General Data Protection Regulation (GDPR) requires that subject organizations ensure and demonstrate the protection of personal data under their control. GDPR Article 35 mandates that when implementing new data collection technologies or engaging in a major new project involving significant data collection, an organization must perform a Data Protection Impact Assessment (DPIA).

Recently, a Fortune 500 company with global operations successfully implemented X1 Enterprise to address their eDiscovery and information governance requirements throughout the EU region, involving both Microsoft 365 and on-premises data sources. This implementation required the vetting of X1 Enterprise by auditors and the internal Data Protection Officer through an extensive DPIA process, which X1 passed. The effort provides important industry insights into how our Fortune 500 customer leveraged X1’s unique, on-premises index-in-place and targeted search and collection features, as well as other data minimization capabilities, to meet the DPIA requirements.

The EU provides official guidance and a checklist for conducting an Article 35 DPIA. Among the key requirements is the consideration of the “current state of the technology” in the area and that the technology and collection processes have adequate “proportionality measures” in their collection capabilities to “ensure data minimalisation.” If processes and technology engage in overly broad data collection, the guidance suggests considering alternative technologies and methods.

The team at our Fortune 500 customer emphasized the following unique data minimalization capabilities and features of X1 Enterprise in their DPIA:

  1. Index and Search Data In-Place. X1’s proprietary micro indexes enable the searching of data on laptops, file servers and Microsoft in-place so that only the potentially relevant data is collected for eDiscovery and data audits, which fulfills the GDPR’s proportionality requirements. In contrast, tools that require full disc imaging for basic eDiscovery collection are extremely problematic.

    As the court said in In re Ford Motor Company, 345 F.3d 1315: “[E]xamination of a hard drive inevitably results in the production of massive amounts of irrelevant, and perhaps privileged, information…” Even worse, the collected data is then re-duplicated, often multiple times, by the examiner for archival purposes. And then the data is sent downstream for processing, which results in even more data duplication. Load files are created for further transfers, which are also duplicated. Notably, EU guidance for a DPIA analysis requires that organizations consider alternative data collection technologies and methods that have better “proportionality measures” to “ensure data minimalization.”
  2. Blind Searches and User Enabled Review. Using X1 Enterprise, an administrator can run detailed system wide searches and receive a detailed search result report without having access or possession of the target data. Instead, the administrator can direct X1 to first present the search results to the end-user employee to review and apply tags to identify personal, relevant or non-personal data, thereby applying clear and detailed consent to the subsequent collection of any relevant information.
  3. Segmentation of Data Regions vs. Creation of Central Data Lakes. X1 can be deployed behind an organizations’ firewall or their own private cloud instance in the EU. Each custodian/employee is associated with a single micro-index. This allows X1 to target searches to specific EU counties and segments of users. This contrasts to archiving or other eDiscovery tools that require bulk copying and intermingling of all user data to a central location, where additional back-up copies are made, all which directly run afoul of the data minimalization and proportionality requirements of the GDPR.
  4. Delete Data In-Place. GDPR requires the deletion of non-compliant on demand. Purging data on managed archives does not suffice if other copies are on laptops, unmanaged servers and other unstructured sources. X1’s on-premises distributed architecture uniquely enables the systematic deleting of data in place.
  5. Platform to Enforce GDPR and Privacy Policies. In addition to asserting X1 met the requirements and standards under GDPR mandated DPIA, our Fortune 500 customer noted as further justification in their DPIA that they also planned to utilize X1 Enterprise to enforce privacy policies and provisions under the GDPR. X1 Enterprise is an ideal platform to respond to Data Subject Access requests, proactively audit data sources to identify and remediate personal information, as well as systematically purge unneeded data that may contain personal information of EU data subjects.

    Ready to Learn More?
    For companies navigating complex information governance and eDiscovery requirements, including those involving M365, the  X1 Enterprise Platform ensures compliance while protecting privacy. By implementing X1 Enterprise, organizations can not only reduce costs and save valuable time but also gain a strategic advantage in managing their information governance needs. For a demonstration of the X1 Enterprise Platform, contact us at sales@x1.com. For more details on this innovative solution, please visit www.x1.com/solutions/x1-enterprise-platform.

Leave a comment

Filed under Best Practices, Case Study, Cloud Data, compliance, Data Audit, eDiscovery & Compliance, GDPR, Information Governance, Information Management, law firm, m365, Preservation & Collection

Tagged as , , , , , , , , ,

November 19, 2024 · 11:47 AM

Industry Experts Address Information Governance Challenges in Microsoft 365

By John Patzakis

Successful information governance in a Microsoft 365 environment can be extremely challenging. Organizations require ways to operationalize their compliance processes, in order to effectively address their information governance use cases, such as PCI compliance, ROT, Data separation, and GDPR. However, Microsoft’s Purview eDiscovery platform is a very expensive add-on to M365 that does not scale to the data throughput requirements of a typical information governance project.

This is because M365 is a massive data ocean that is not purpose-built for compliance and eDiscovery, and so a new “compliance index” must be created with data carved out of the M365 ocean to initiate an eDiscovery or compliance case in Purview eDiscovery to ensure proper and complete content indexing. As a result of this disjointed two-step process, users are encountering significant problems with low throughput and defensibility. Many customers report to us that Microsoft Purview Premium’s documented inability  to handle anything other than small matters due to their 2GB per hour throughput limit. A matter involving 100 custodians at 10GB of M365 data would take several weeks to complete with Microsoft Purview Premium.

Last week X1 hosted a webinar with industry leaders Randy Kahn and Chas Meier to discuss information governance challenges in an M365 environment. Kahn outlined information governance principles and priorities in general and then emphasized how technical automation is essential to enforce and execute on any implemented information governance policies and procedures.

Kahn’s overview segued into Meier’s discussion and demonstration on how the X1 Enterprise Platform is the best solution available for managing M365 data sources as well as on-premises sources like laptops and file shares. Meier highlighted recent case studies involving large-scale projects where X1 was able to search and analyze terabytes of M365 information very accurately and in a fraction of the time required for other means, including Microsoft Purview.

Meier explained how the X1 Enterprise platform’s unique architecture allows it to index nearly ten times the daily volume compared to Purview or other competitive “connector” technologies. X1’s patented distributed micro-index-in-place architecture, combined with horizontal scaling, makes X1 the only solution capable of handling rapid indexing, identification, searching, and remediation of massive data sets in the terabytes across M365 sources, including modern attachments and inactive mailboxes. Additionally, X1 effectively addresses both cloud and on-premises data sources in a unified manner, including distributed endpoints, network file shares, and multiple M365 services like Mail, OneDrive, Teams, and SharePoint.

A copy of the webinar recording can be accessed HERE.

For companies navigating complex information governance and eDiscovery requirements, including those involving M365, the  X1 Enterprise Platform ensures compliance while protecting privacy. By implementing X1 Enterprise, organizations can not only reduce costs and save valuable time but also gain a strategic advantage in managing their information governance needs. We invite you to explore how X1 can transform your data management processes and help you stay ahead in the ever-evolving digital landscape.

Leave a comment

Filed under Best Practices, Corporations, ECA, eDiscovery, eDiscovery & Compliance, Enterprise eDiscovery, ESI, GDPR, Information Governance, m365, Preservation & Collection

Tagged as , , , , , , , , , , , , ,