[Podcast] HaystackID® in the EDRM Illumination Zone: Nate Latessa, Chief Revenue Officer

On a December 2025 episode of the EDRM Illumination Zone podcast, HaystackID’s Chief Revenue Officer and Executive Vice President of Advisory Services, Nate Latessa, described how corporate data has become both a risk surface and a strategic asset. The conversation, hosted by EDRM’s Mary Mack and co-host Holley Robinson, revisited Latessa’s earlier appearance on the series and traced how his work and HaystackID’s advisory practice have advanced as cloud platforms and regulatory expectations have matured.

Latessa noted that when he first joined HaystackID, much of the focus centered on building out advisory capabilities to support litigation and investigations. In the time since, those capabilities have expanded into a broader vision he refers to as “corporate data intelligence” — helping organizations understand what data exists, where it resides, who can access it, and how it should be managed throughout its lifecycle. That shift sets the stage for a clearer examination of the recurring challenges enterprises face.

Four Challenges Shaping Corporate Data Programs

During the discussion, Latessa grouped common obstacles into four categories: volume and velocity, visibility and classification, oversharing, and fractured ownership.

Data growth continues to accelerate as organizations adopt collaboration platforms and AI-assisted tools that generate content at scale. Information no longer sits only in email archives and file shares; it now spans chat, shared workspaces, SaaS platforms, endpoints, and personal devices. As content grows and fragments, the difficulty of forming an accurate inventory of corporate data increases, which complicates both legal response and cyber risk management.

Visibility and classification form the second challenge. Many organizations have policies describing how information should be handled, but lack systematic methods for classifying data by sensitivity, business importance, and regulatory obligation. Without that foundation, decisions on what to protect, where to apply retention controls, and what may be disposed of defensibly remain largely manual and reactive.

The third challenge, oversharing, arises when access rights expand far beyond business need. Latessa referenced assessments in which new hires could access millions of documents across collaboration environments from their first day. Shared drives, Teams and SharePoint sites, Slack channels, and other repositories can accumulate permission drift over the years, leading to exposure that is difficult to detect without focused effort.

Finally, ownership is often dispersed. Legal, security, privacy, IT, and business units all influence data decisions, yet frequently operate with different objectives and vocabularies. Even strong policy frameworks can falter when cross-functional execution is inconsistent. Addressing these four categories in a coordinated way, Latessa suggested, is essential to building a sustainable corporate data intelligence program.

These structural issues, in turn, shape how organizations should think about information before and after matters arise.

Before and After Litigation: From Readiness to Defensibility

Latessa drew a clear distinction between pre-litigation data management and active-matter execution. Before litigation or investigation is anticipated, the objective should be readiness. That includes building and maintaining practical data maps, aligning retention schedules with legal and regulatory expectations, and implementing access models that support least privilege. Technologies such as data loss prevention and sensitivity labeling can help locate and protect high-value, high-risk information.

Once a matter is active, the focus shifts from preparation to defensibility. Legal holds must be documented and enforced, collections must preserve chain of custody, and culling and review workflows must be consistent and repeatable. At this stage, questions concentrate on what is relevant and proportional, yet those decisions are bounded by the groundwork laid during the readiness phase.

Latessa emphasized that retention and disposal decisions made years earlier often become part of the narrative presented to courts and regulators. In that way, corporate data intelligence is not only an internal governance practice; it also shapes how an organization explains its actions when scrutiny arises. This linkage naturally extends into the expanding variety of data types at issue in modern matters.

Multimodal Evidence and an Evolving EDRM

Addressing a question from Mary Mack on multimodal data, Latessa noted that evidence today spans far more than documents and email. Chat messages, collaboration artifacts, voice and video recordings, structured system logs, and transactional data all contribute to a more complete picture of events. Each mode captures different aspects of behavior and context.

Effective investigation and litigation strategies increasingly require the ability to correlate across these modalities. A pattern apparent in chat may be supported by file activity in a collaboration site or by entries in an application log. Conversely, risk can surface simultaneously in email, messaging tools, and line-of-business applications.

Within this context, the familiar EDRM workflow remains relevant but must adapt. Preservation, collection, and review now encompass conversations, workspaces, and system traces, not just static documents. This more complex landscape is influencing how providers design services and how organizations structure their internal programs, which led the discussion to HaystackID’s own evolution.

From Projects to Lifecycles: HaystackID’s Advisory Expansion

Responding to Holley Robinson’s questions on how HaystackID is evolving, Latessa explained that the organization continues to handle high-intensity discovery and investigation projects while expanding into lifecycle advisory. This includes assisting with data mapping and classification, legal hold preparedness, retention and disposal models, and ongoing analytics that support legal, cyber, and privacy objectives.

A significant part of this work involves helping clients maximize investments in platforms such as Microsoft 365 and Purview. By capturing and organizing information closer to its point of creation, organizations can reduce future review volumes, improve security and privacy posture, and respond more efficiently when matters arise. In this model, discovery becomes one outcome of a broader data intelligence program rather than an isolated process.

To support this shift, HaystackID combines professionals from eDiscovery, cybersecurity, privacy, and information governance with technical specialists, including data architects and engineers. This multidisciplinary structure seeks to ensure that governance approaches are both legally defensible and operationally viable in production environments.

The conversation then turned to international work, where many of these themes converge.

Global Data, Local Rules, and International Experience

In response to a question from Mary Mack on international capabilities, Latessa observed that data may move freely across borders, but legal and regulatory frameworks do not. For multinational organizations, key custodians and systems frequently reside in Europe, the United Kingdom, Asia-Pacific, and Latin America, each with distinct expectations for data protection, transfer, and access.

Successful cross-border matters require attention to local privacy laws, state secrecy rules, and employment protections, as well as sensitivity to regulator expectations in each jurisdiction. Latessa noted that international support must rely on more than nominal coverage; it should reflect teams that live and work in those regions and have firsthand experience guiding clients through high-pressure decisions on hosting, collection, and transfer.

This emphasis on practical, grounded experience led to a lighter closing segment on Latessa’s own background.

From Panels to Platforms: A Technical Beginning

When asked for a new fun fact, Latessa shared that his first “real” job was as a trained electrician in the New York and New Jersey area. Early work included residential and commercial projects and later factory automation, where panel building and machine assembly were part of everyday responsibilities. That technical foundation continues to influence how he approaches complex systems.

Latessa remarked that wiring an environment and mapping a corporate data landscape share common themes: understand the components, document how they connect, and assume that design choices will be tested under stress. Even today, he still handles electrical projects at home, carrying forward a builder’s mindset into advisory work.

More About Nate Latessa

As the Chief Revenue Officer at HaystackID, Nate Latessa oversees the company’s sales initiatives, business development, and global advisory services, further advancing HaystackID’s transformation into a premier provider of data-driven legal and regulatory solutions. He supports the company’s continued growth in AI-powered legal solutions and cybersecurity-driven compliance services and reinforces its commitment to delivering innovative, technology-enabled solutions for its clients.

With over two decades of experience in governance, risk, and compliance (GRC), cybersecurity, and data protection, Latessa has built a career at the intersection of technology, regulatory compliance, and business strategy. His expertise spans enterprise sales, business development, and advisory services, making him a key driver of growth in high-stakes, compliance-driven industries. He has successfully scaled technology and services companies throughout his career, leading go-to-market strategies that drive market expansion and operational excellence.

A recognized leader in regulatory advisory, Nate has played a critical role in third-party monitoring and corporate compliance programs mandated by the Committee on Foreign Investment in the United States (CFIUS), highlighting his ability to navigate complex legal and cybersecurity challenges. His thought leadership in the industry is also widely acknowledged, exemplified by his contributions to publications and discussions on emerging eDiscovery and data security trends. With a proven track record of innovation—including a patent for remote endpoint data processing—he brings both technical acumen and strategic vision to HaystackID at a time when the company is emerging as a premier data services provider.