Tag Archives: x1 enterprise

February 12, 2026 · 10:15 AM

Navigating Legal and Compliance Risks When Corporations Expose Sensitive Data to AI

By Kelly Twigger and John Patzakis

Implementing AI within a corporate environment is no longer a matter of “if” but “how.” We recently addressed these challenges in our webinar, “Navigating Legal and Compliance Risks in AI,” where our panel of experts discussed the strategic transition required to build a robust risk mitigation framework. While the efficiency gains of AI—such as automating workflows and surfacing deep insights—are compelling, introducing sensitive enterprise data into these models without a tactical plan can lead to unintended consequences. These risks range from the dilution of trade secrets to complex eDiscovery obligations and substantial regulatory exposure under the GDPR.

To leverage AI safely, counsel should focus on the following grounded strategies for risk management.

Protect Trade Secrets
Under federal law, trade secret status is contingent upon the owner taking “reasonable measures” to maintain secrecy. This is a rigorous standard; if proprietary information—such as source code or high-value technical data—is fed into an unsecured AI model without strict access controls, a company risks losing its legal protections entirely.

  • Review the Judicial Standard: In Snyder v. Beam Technologies, Inc., the 10th Circuit affirmed that failing to use confidentiality protections or allowing information to reside on unsecured devices can defeat trade secret status.
  • Maintain Active Safeguards: Courts emphasize that consistent and active safeguards are required to maintain secrecy. Lax internal controls during AI interactions can be cited as evidence that “reasonable measures” were not maintained.
  • Implement No-Prompt Zones: Establish “No-Prompt Zones” for your organization’s most sensitive intellectual property. By isolating core IP from third-party cloud models, you maintain a defensible record of “reasonable measures” that can withstand scrutiny in litigation.

Manage the eDiscovery Paper Trail
AI interactions—both the prompts submitted by employees and the responses generated by the tools—are considered discoverable Electronically Stored Information (ESI). These records are part of the corporate record and are subject to subpoena and legal holds.

  • Understand the Technical Reality: Microsoft has confirmed that Microsoft 365 Copilot interactions are logged through the Purview unified audit log, making them searchable, preservable, and producible via eDiscovery tools.
  • Assess Scope of Exposure: Because these chats are treated no differently than emails, they may inadvertently expose privileged or damaging material if not managed properly.
  • Map Information Logs: Update your legal hold workflows to specifically include AI conversation logs and audit trails. Mapping where these logs live before litigation arises ensures a more controlled and cost-effective discovery process.

Navigate GDPR and Data Privacy
Processing customer or employee data through AI models requires strict adherence to the GDPR principles of data minimization, purpose limitation, and lawfulness. Feeding sensitive data into AI models without a clearly articulated lawful basis—such as consent or legitimate interest—can result in significant administrative fines.

  • Meet Compliance Requirements: European authorities require organizations to demonstrate compliance by documenting purposes, limiting data inputs, and ensuring appropriate safeguards are in place.
  • Identify Special Categories: The GDPR is particularly restrictive regarding health information or data revealing racial or ethnic origin, requiring specific exemptions for processing.
  • Conduct Privacy Impact Assessments: Perform mandatory Privacy Impact Assessments (PIAs) for any AI tool that touches personal data. Documenting the purpose and necessity of the processing is critical for maintaining regulatory standing during an audit.

Leverage In-Place AI Functionality
A critical strategy for reducing risk is shifting where the AI processing occurs. Rather than routing data through external, third-party cloud-hosted AI services, organizations should consider prioritizing workflows where AI is applied in-place within the corporate network or controlled enterprise environment.

  • Secure the Data Perimeter: By keeping data and AI processing behind the organization’s own security firewall, you materially reduce the risk of trade secret leakage and data exfiltration.
  • Minimize Third-Party Footprint: Applying AI in-place narrows the scope of discoverable third-party records, as the interactions remain within your internal infrastructure rather than residing on a vendor’s servers.
  • Establish Full Governance Control: This model provides counsel with direct control over privacy, retention, and audit obligations—essentially giving you the “kill switch” for data that you simply do not have with external cloud vendors.

Tactical Governance and Ethical Oversight
Counsel must navigate the professional and technical nuances of AI deployment to ensure long-term stability.

  • Ensure Professional Competence: The ethical duty of technological competence requires attorneys to understand the limitations of the tools they use. AI should be treated as a “junior associate”—capable of great speed but requiring diligent human verification of all output.
  • Apply Risk-Based Tiering: Not all AI use cases carry the same weight. We recommend a tiered approach:
    o Tier 1 (Administrative): Low-risk tasks involving non-sensitive data.
    o Tier 2 (Internal/Marketing): Standard communications requiring routine oversight.
    o Tier 3 (High-Value/Restricted): High-stakes processing involving PII, health data, or proprietary IP, requiring senior legal sign-off and strict data handling protocols.
  • Execute Proactive Vendor Vetting: Move from consumer-grade tools to enterprise solutions that offer SOC 2 Type 2 attestations. Ensure contracts explicitly prohibit the vendor from using your data to train their global models.

In light of these risks, corporate counsel should take a proactive, structured approach to AI governance. This includes implementing data classification and usage controls to prevent sensitive trade secrets from being exposed to AI systems without safeguards; establishing clear policies governing AI prompts, outputs, retention, and eDiscovery treatment; and conducting privacy impact assessments to ensure personal data processing complies with GDPR and similar regulations. In addition, counsel should carefully evaluate AI deployment models and consider workflows in which AI models are deployed in-place within the corporate network or controlled enterprise environment, rather than routed through third-party cloud-hosted AI services. Keeping data and AI processing inside the organization’s security perimeter can materially reduce trade secret leakage risk, narrow the scope of discoverable third-party records, and provide greater control over privacy, retention, and audit obligations—while still allowing the enterprise to realize the benefits of advanced AI capabilities.

For a deeper dive into these strategies and more case studies, you can watch the full session here.

Leave a comment

Filed under Best Practices, compliance, Corporations, Cybersecurity, Data Governance, ECA, eDiscovery & Compliance, Enterprise AI, Enterprise eDiscovery, ESI, GDPR, Information Governance, Records Management

Tagged as , , , , , , , , , , , ,

November 13, 2025 · 11:13 AM

X1 Brings “AI In-Place” to the Enterprise—A Major Breakthrough for Secure, Scalable AI Deployment

By John Patzakis

Our latest announcement represents a true inflection point in enterprise AI. With X1 Enterprise’s newly introduced capability for AI in-place, organizations and their service providers will, for the first time, be able to deploy and execute large language models (LLMs) directly where enterprise data lives—without moving or copying that data.

This is more than a product enhancement; it is a fundamental shift in how AI is applied across the enterprise.

The Foundation: Efficient Text Extraction Is Critical for AI
Large language models (LLMs) are the core engines that power today’s AI revolution. These models rely entirely on textual input to perform reasoning, summarization, search, and analysis. That is why text extraction is the critical first step. LLMs can only operate once another process extracts the text from emails, documents and chats. Traditionally, that meant copying or exporting data to external systems hosted by third party vendors, a process fraught with risk, cost, and compliance challenges.

Solving the “Data Movement Problem” for Enterprise AI
So, the key barrier to enterprise AI adoption has been the reluctance to move sensitive corporate data to external AI platforms. Whether for security, governance or cost reasons, most enterprises simply cannot send their data outside their environment.

X1’s innovation solves that problem head-on. Instead of shipping sensitive data out to an AI system, X1 brings the AI to the data. Enterprises can now deploy their own proprietary models or open-source LLMs within the secure perimeter of their existing infrastructure, whether on premises or in the cloud. X1’s index-in-place architecture performs the text extraction and indexing where the data resides. By extending that same principle to AI—forward-deploying LLMs directly to enterprise data sources—X1 now enables AI in-place. The result: organizations can apply the analytical power of LLMs across their data without ever moving it.

Once the LLMs are deployed into the X1 micro-indexes, X1 will then auto-apply AI-informed tags, which a user can query globally from a central console and act upon through targeted data collection or remediation. Imagine petabytes of data on file servers, laptops M365 and other sources all AI-classified and then queried and collected on a highly targeted basis.

This means enterprises can now unlock powerful new use cases no matter the scale—AI-assisted compliance, risk monitoring, GRC audits, eDiscovery, and more—while maintaining full control of their data and eliminating the need for costly, risky data transfers.

Enabling Collaboration Between Enterprises and Their Advisors
William Belt, Managing Director and Consulting Practice Leader at Complete Discovery Source, described the impact succinctly:

“Enabling AI in-place where our corporate client’s data lives is game-changing. We look forward to working with our clients to deploy AI models that are either pre-trained or customized for a specific matter or compliance requirement utilizing the X1 Enterprise platform.”

This capability creates a new bridge between corporations and their professional advisors—consulting firms, law firms, and service providers—who can now collaborate directly with their clients to develop, fine-tune, and deploy customized AI models for specific business or legal needs.

Rather than relying on generic cloud-based AI tools, organizations can now build targeted, matter-specific LLMs that are tuned to their unique data and compliance requirements, all executed securely in-place through the X1 Enterprise Platform.

A New Era for Enterprise AI
With this release, X1 is redefining the architecture of enterprise AI. Its ability to perform distributed micro-indexing and in-place AI analysis across global data sources enables secure, scalable, and cost-effective intelligence—without ever duplicating or relocating sensitive data.

For enterprises and their partners, this represents a new era of possibility: true AI at enterprise scale, in-place.

X1 will host a webinar on Wednesday, December 10, featuring a detailed overview of this new capability and a live demonstration. You can register here.

Leave a comment

Filed under Cloud Data, Corporations, Cybersecurity, eDiscovery, eDiscovery & Compliance, Enterprise AI, Enterprise eDiscovery, Information Governance, m365

Tagged as , , , , , , , , , , ,

September 30, 2025 · 9:45 AM

The Business Case for In-House eDiscovery: Lessons from Two Prominent Corporate eDiscovery Counsel

By John Patzakis

Building a Business and Legal Case for In-House eDiscovery

In a recent webinar hosted by Ad Idem, a non-profit legal education provider for in-house counsel, attorneys Kelly Twigger and Eric Stansell offered a compelling roadmap for corporate legal departments looking to bring eDiscovery and information governance (InfoGov) in-house. Their insights cut through the complexity of traditional discovery models and emphasized the strategic, operational, and legal advantages of internalizing these processes. For legal professionals navigating mounting data volumes and rising litigation costs, their discussion provided both practical guidance and a call to rethink legacy workflows.

Eric Stansell, Senior Counsel for Discovery at Tyson Foods, opened with a candid reflection on how his role was created to address the company’s need for a more efficient eDiscovery program. He emphasized that building a business case for in-house capabilities starts with understanding the “why”—whether it’s cost savings, risk reduction, or process defensibility. Stansell emphasized that standardizing internal processes not only improves consistency but also enhances defensibility and reduces exposure by limiting data sprawl across external vendors.

Kelly Twigger — who is one of if not the top eDiscovery lawyer in the field in my opinion — built on Stansell’s narrative by stressing the importance of conducting a thorough assessment before launching any in-house initiative. She encouraged legal teams to break down business cases into manageable chunks, identifying quick wins such as revising email retention policies. Twigger noted that internal culture shifts and stakeholder alignment are just as critical as technology adoption. Her approach favors incremental change backed by measurable ROI, rather than sweeping transformations that risk overwhelming legal and IT teams.

Both speakers underscored the importance of engaging multiple stakeholders. Stansell shared Tyson’s experience with cross-functional collaboration, highlighting how legal, IT, audit, and compliance teams must be involved from the outset. As one example of such collaboration, Stansell noted that eDiscovery enterprise search and collection software procured by the legal team can also address key IT security priorities such as PII data audits and internal investigations.

Twigger also delivered a deep dive into the proportionality principles now codified under the Federal Rules of Civil Procedure, urging legal teams to build factual arguments early in the discovery process. She explained that proportionality isn’t just about cost—it’s about narrowing scope through targeted custodians, refined date ranges, and iterative search terms. Stansell added that understanding custodians’ roles and historical relevance can help avoid unnecessary data collection, further supporting proportionality claims in court.

One of the most pressing issues Twigger addressed was the evolving case law around hyperlinked files. She traced the trajectory from Nichols v. Noom, Inc.—where hyperlinks were deemed not attachments—to more recent rulings that treat them as discoverable content depending on technological capabilities. Twigger cited In re Uber and Young v. Salesforce to illustrate how courts are increasingly expecting parties to preserve and produce hyperlinked documents, especially when shared via chat platforms or collaborative tools.

Twigger warned that failing to understand your organization’s tech stack could lead to costly missteps. She recommended that in-house counsel proactively assess their systems—especially Microsoft 365 environments—to determine what’s feasible when it comes to hyperlink preservation and production. She also highlighted X1 Discovery’s capabilities, noting that X1’s software can automate the collection of contemporaneous versions of hyperlinked documents in M365, support targeted Teams chat collection as well as many other data sources, making X1 a valuable solution for defensible in-house eDiscovery.

In closing, both Twigger and Stansell made it clear that bringing eDiscovery and InfoGov in-house isn’t just a cost-cutting measure—it’s a strategic imperative. With the right mix of technology, process, and cross-functional collaboration, legal departments can gain control, reduce risk, and improve outcomes. Their insights serve as a blueprint for legal teams ready to evolve beyond reactive discovery and toward a proactive, integrated approach.

The recording of the webinar can be accessed here.

Leave a comment

Filed under Best Practices, Case Law, Cloud Data, Corporations, ECA, eDiscovery & Compliance, Enterprise eDiscovery, ESI, Information Governance, m365, MS Teams, Preservation & Collection

Tagged as , , , , , , , , ,

September 16, 2025 · 9:12 AM

X1 Expands Its Leadership in Microsoft Teams eDiscovery Collection

X1 Enterprise MS Teams Collection

By John Patzakis and Chas Meier

The rapid growth of Microsoft 365 has fundamentally changed the eDiscovery landscape. Among its most prominent data sources, Microsoft Teams now generates vast volumes of business-critical communications that must be identified, collected, and reviewed in litigation, regulatory, and compliance matters.

Yet most eDiscovery tools still rely on outdated methods: bulk copying massive amounts of sensitive data and transferring it to proprietary processing or review platforms. This approach is slow, costly, and disruptive. Bulk transfers frequently trigger Microsoft’s throttling controls, adding significant delays. More importantly, organizations that have invested heavily in Microsoft 365 do not want their data routinely exported out of its secure, native environment every time an eDiscovery matter or compliance investigation arises.

Recognizing these challenges, X1 has built upon its industry-leading Microsoft 365 collection capabilities to deliver unmatched support for Microsoft Teams—alongside OneDrive, Exchange, and SharePoint.

Key Benefits of X1’s Teams Collection Capabilities
Precision targeting of Channels at scale – Quickly search all available channels, select, and target specific Teams channels, even in organizations with tens of thousands of them. This feature is not even available in Microsoft Purview!
Granular control – Target individual custodians and message threads, avoiding unnecessary mass downloads.
Contextual collections – Automatically include a designated number of preceding and subsequent messages, preserving conversational context.
Seamless review integration – One-click upload of fully formatted in-context results directly into review platforms—no manual processing required.
Unified approach – Search and collect across Teams, OneDrive, SharePoint, Exchange, laptops, and file shares from a single interface.
In-place indexing – Leverage X1’s patented technology to index, search, and process data where it resides, eliminating reliance on expensive third-party processing.
True automation – A software-based solution that reduces dependency on manual, service-heavy workflows.

No other independent software provider matches the speed, precision, and scalability of X1’s Microsoft Teams eDiscovery collection. Our customers consistently report significant gains in efficiency, cost savings, and defensibility compared to legacy approaches.

As Teams usage continues to surge, legal and compliance professionals need solutions that deliver targeted, defensible collections without the inefficiencies of bulk exports. X1’s enhanced Teams support ensures organizations can meet these demands with speed, accuracy, and minimal disruption.

Seeing is believing—watch our short demo video to experience X1’s Teams capabilities in action.

Leave a comment

Filed under Best Practices, Cloud Data, Corporations, ECA, eDiscovery, eDiscovery & Compliance, Enterprise eDiscovery, Enterprise Search, ESI, Hybrid Search, Information Governance, m365, MS Teams, OneDrive

Tagged as , , , , , , , , ,

July 15, 2025 · 11:43 AM

Courts Favor Targeted eDiscovery Collections, but It Is Up to In-House Teams to Enable Such Cost Saving Proportional Efforts

By John Patzakis

In-House Legal Teams Enable Cost Savings

Corporate legal departments face ever-increasing costs and risk related to eDiscovery, driven largely by excessive and indiscriminate data collection. Many organizations default to an overbroad “collect everything” approach out of an abundance of caution or due to inefficient workflows imposed by third-party service providers or even outside counsel. Over collection results in far higher costs upstream, critical delays and increased risk. However, for this reason courts consistently endorse proportional and targeted discovery practices that balance the needs of litigation with cost-effectiveness and reasonableness. But in order to best realize the benefits of proportionality, organizations should establish an in-house eDiscovery capability supported by best-practices technology.

Courts Support Proportional and Targeted ESI Collection
The Federal Rules of Civil Procedure (FRCP) emphasize proportionality and reasonableness in discovery. Specifically, Rule 26(b)(1) limits discovery to information that is relevant to any party’s claim or defense and proportional to the needs of the case.

Courts have routinely upheld this principle, encouraging parties to avoid overbroad collections:

  1. The Sedona Conference Principles
    While not binding, courts frequently rely on The Sedona Principles, which advocate for “reasonable and good faith efforts” to identify relevant ESI. (See The Sedona Principles, Third Edition, 19 Sedona Conf. J. 1 (2018)). Courts cite these principles to support reasonable limits on preservation and collection.
  2. In re Bard IVC Filters Prods. Liab. Litig., 317 F.R.D. 562 (D. Ariz. 2016)
    Here, the court recognized the proportionality limits of Rule 26(b)(1) and ruled that the defendant’s proposed targeted discovery approach—using custodians, date ranges, and agreed-upon search terms—satisfied its obligations.
  3. Oxbow Carbon & Minerals LLC v. Union Pacific Railroad Co., 322 F.R.D. 1 (D.D.C. 2017)
    The court rejected broad discovery requests that lacked proportionality, holding that the producing party could limit its search for ESI to agreed-upon custodians and relevant date ranges. The court emphasized that broad, burdensome demands are contrary to Rule 26(b)(1).
  4. Hernandez v. City of Houston, No. 4:16-CV-3577, 2020 WL 2542625 (S.D. Tex. May 19, 2020)
    Here, the court denied a motion to compel additional production of ESI beyond agreed search terms, explaining that the requested expansion was disproportionate given the marginal relevance and substantial burden of additional collection.

These and other decisions (further analysis available here) demonstrate that targeted, proportional collection efforts are not only defensible but expected by the courts. Overcollection is hardly mandated by the court and, in fact, can increase risk by preserving irrelevant or privileged information unnecessarily.

So, the problem is not the law. The challenge is that many eDiscovery service providers favor full disk imaging or other forms of massive data over-collection for two reasons: 1) As they are not integrated into a company’s IT data architecture with an established and repeatable process, they revert to a reactive, once-off effort to collect everything that could possibly be relevant; and 2) They are financially incentivized to collect as much data as possible.

Advantages of In-House eDiscovery Capabilities for Targeted Collections
To align with the principles of proportionality, legal departments should move away from the outsourced collection model that favors bulk extraction. Instead, maintaining an in-house eDiscovery capability provides the following key advantages:

  1. Integrated, Precise Search and Collection
    Solutions like X1 Enterprise are designed to index data in place, allowing corporate legal and IT teams to search, cull, and collect only what is relevant—without moving massive volumes of unnecessary data. This reduces costs and minimizes data exposure.
  2. Iterative, Defensible Process
    With in-house capabilities, legal teams can collaborate directly with IT to conduct collections iteratively. They can refine search criteria and custodians in real-time, in response to case developments or meet-and-confer negotiations, ensuring defensibility and responsiveness.
  3. Faster Response Times and Lower Costs
    Deeply integrated technology removes reliance on expensive, reactive third-party vendors who often require full data exports up front. By indexing data where it resides, in-house teams can respond quickly to litigation holds and discovery deadlines.
  4. Enhanced Compliance and Risk Management
    By avoiding massive data dumps, corporations reduce the risk of producing irrelevant, privileged, or sensitive data unnecessarily. Proportionality helps mitigate privacy risks and comply with data minimization principles under privacy laws like the GDPR and CCPA.
  5. Control and Repeatability Across Multiple Use Cases
    In-house solutions preserve institutional knowledge and workflows. Future cases can reuse workflows and search parameters, creating repeatable, consistent, and auditable processes. Further, the same process can be readily leveraged for various information governance and other compliance use cases.

Conclusion
Courts expect discovery to be proportional, targeted, and reasonable—not excessive or indiscriminate. Establishing an in-house eDiscovery capability with proven integrated technology like X1 Enterprise allows your organization to operationalize this legal standard. By doing so, you will reduce costs, minimize risks, and demonstrate good faith compliance with discovery obligations.

Leave a comment

Filed under Best Practices, CaCPA, Cloud Data, Corporations, ECA, eDiscovery, eDiscovery & Compliance, Enterprise eDiscovery, ESI, GDPR, m365, Preservation & Collection, proportionality

Tagged as , , , , , , ,