This is the start of a set of blog posts about Electronic Discovery (eDiscovery) and specifically the Microsoft implementation of it in its two Office 365 variations: Core eDiscovery and Advanced eDiscovery. As with most things, we need to start with the foundation.
eDiscovery refers to discovery in legal proceedings such as litigation, government investigations, or Freedom of Information Act requests, where the information sought is in electronic format.
An important underpinning to effective eDiscovery in any organization is information governance. This isn’t just a fluff phrase – not having good information governance in your organization can have real financial consequences. It’s what ensures content is retained for as long as it should and disposed of as soon as it should and is required to meet the legal, regulatory and contractual obligations of your organization.
Example: If your organization is required to remove customer financial records 2 years after the customer is no longer active, you need to ensure this happens. eDiscovery uses search to find relevant content across Office 365 workloads. If an eDiscovery case is launched for a customer, and financial records are found in a SharePoint site extending beyond the 2 year time period, this non-compliance may take the form of legal action and/or financial penalty for your organization.
Good information governance also means less data to search thru in the event of an eDiscovery case. This could translate into less time and fewer resources to review and analyze the results. Referring to the Electronic Discovery Reference Model (EDRM) image below… as the eDiscovery process advances through its phases (from Identification thru Presentation), the goal is to reduce the case search results to contain only the most relevant content once the presentation phase is reached. If you initially have a high volume of content to analyze, this will cost more in both time and resources to check it for relevancy.
Both Office 365 Core and Advanced eDiscovery have intelligent capabilities to help reduce the result set using technologies such as: de-duplication, email threading, relevance, and themes. As good as these technologies are, they don’t negate the benefit of starting with a smaller result set attained thru well-established information governance.
Tackling Information Governance
Does your organization need to improve information governance across its workloads? You’re not alone. In any organization, there are 3 main groups involved in establishing and maintaining it.
Business information workers – these are the people working with the content daily in your tenant for the sole purpose of getting their work done. They need to understand how to handle content in a safe and secure manner to avoid putting the organization at risk. E.g. apply sensitivity labels to documents, dispose of working copies of documents when the final document is prepared, know how to safely share documents externally, etc.
IT teams – these are the people who implement the technical controls for information management and governance. Across Office 365, this includes technologies like: Azure Information Protection, Data Loss Prevention, Retention, Conditional Access, and Cloud App Security.
Legal, Risk, Compliance teams – these are the people who understand the legal, regulatory, and contractual obligations of the organization and its data. They are responsible for security and data classification schemes, retention schedules, records management, security policies, and much more. At times, these teams work closely with the IT teams as partners in implementing the controls.
It takes a coordinated and intentional effort from the above 3 groups to ensure good information governance practices are adhered to in an organization. Once you’ve established these practices, it will lay a strong foundation for the eDiscovery work to begin.
In the following posts in this eDiscovery series, we’ll dig into how to set up your eDiscovery teams and the different capabilities of Office 365 eDiscovery.
Thanks for reading.