[Webcast Transcript] Mastering M365: Strategies for Streamlined Records Management and its Impact on eDiscovery

Editor’s Note: In the rapidly accelerating landscape of digital information management, the intersection of legal technology and records management is becoming increasingly important in light of increased data types and volumes. On February 21, 2024, HaystackID took an educational step towards demystifying this complex interplay with its webcast, “Mastering M365: Strategies for Streamlined Records Management and its Impact on eDiscovery.” This session brought together a distinguished panel of experts in M365 eDiscovery and records management, including Nate Latessa, Matt Miller, Shukra Kichambare, and Kelly Twigger, to offer invaluable insights into enhancing eDiscovery outcomes and reducing costs through robust records management.

The webcast provided a comprehensive overview of the best practices for managing legal holds and collections in M365 Purview eDiscovery. It also delved into the critical aspects of records management and data classification features within M365 Purview, aiming to improve the eDiscovery process.

Access the on-demand version of the presentation and follow along with the rich insights provided in this webcast transcript; we are confident that it will both inform and inspire your approach to considering and records management through the lens of M365 and eDiscovery.


[Webcast Transcript] Mastering M365: Strategies for Streamlined Records Management and its Impact on eDiscovery

Expert Panelists

+ Nate Latessa
Executive Vice President of Advisory Services
HaystackID

Nate Latessa is the Executive Vice President of Advisory Services at Haystack ID. With over two decades of experience, he is a prominent figure in information governance and eDiscovery. Nate has been instrumental in devising strategies for effective eDiscovery and information management, aiding corporations and law firms in handling electronic evidence. His expertise in using advanced eDiscovery tools has streamlined litigation processes, while his understanding of data and legal compliance has distinguished him in the field. Nate has worked with various organizations to help drive initiatives that merge technology with best practices in information governance, enhancing operational efficiencies, limiting exposure to cybersecurity breaches, and preparing for new and emerging privacy regulations. Additionally, he is recognized for his thought leadership, having spoken at industry conferences and written for esteemed publications, and is dedicated to mentoring and educating emerging professionals.


+ Matthew L. Miller, Esq.
Senior Vice President of Information Governance and Data Privacy, and Global Information Governance Advisory Services Leader
HaystackID

Matt Miller is Senior Vice President and Global Information Governance Advisory Services Leader at HaystackID, based in Los Angeles, CA. In his role, Matt enables clients to navigate highly complex data management and protection challenges by enhancing and integrating policies, processes, technologies, and managed services solutions.

After leaving traditional law practice in 2005, Matthew focused on forensics, legal hold, email archiving, and eDiscovery software solutions. Subsequently, he began delivering eDiscovery and Information Governance-related services. Mr. Miller has led dozens of high-profile, above-the-fold eDiscovery matters. He also leads multi-national, petabyte-scale data governance, records management, and privacy engagements. He has advised on large-scale migrations of data into M365 environments. Also, he advises on data breach scenarios and incident response-related forensic investigations and has been an adjunct professor of Cyber Security at Loyola Marymount University for the past four years.


+ Shukra Kichambare
Senior Manager, Information Governance
Cummins, Inc.

Shukra Kichambare is Senior Manager of Information Governance at Cummins Inc., a Fortune 500 energy solutions powerhouse. In his current role, he leads the buildout of the Information Governance program at Cummins, focusing on enabling machine learning and automation of information governance through the Purview suite. Shukra started at Cummins, leading quality management, and has since advised internally in operations and strategy.

Shukra is an ex-board member of the Association for Intelligent Information Management (AIIM) and is certified in Records Management through the iCRM.


+ Kelly Twigger
Principal, ESI Attorneys
CEO, eDiscovery Assistant

Kelly Twigger is a practicing attorney, consulting and testifying expert, software developer, consultant, writer, and speaker on issues in electronic discovery, the development and implementation of legal technology, and how to effectively use data in planning for and during litigation. She is one of the co-authors of Electronic Discovery and Records and Information Management and host of Case of the Week at eDiscovery Assistant.

Kelly has been recognized as a Fastcase 50 Honoree, an ABA Woman in LegalTech, is listed in Who’s Who in America, and is a ten-year member of the planning committee for the University of Florida eDiscovery Conference. Kelly also serves as an adjunct professor of eDiscovery Principles and Technology at the University of Colorado Law School in Boulder, Colorado.


Presentation Transcript*

Moderator

Hello everyone, and welcome to today’s webinar. We have a great session lined up for you today. Before we get started, there are just a few general housekeeping points to cover. First and foremost, please use the online question tool to pose any questions that you have, and we will share them with our speakers. Second, if you experience any technical difficulties today, please use the same question tool, and a member of our admin team will be on hand to support you. And finally, just to note, this session is being recorded, and we’ll be sharing a copy of the recording with you via email in the coming days. So, without further ado, I’d like to hand it over to our speakers to get us started.

Nate Latessa

Hello, and welcome to another HaystackID webcast. We hope you’re having a fantastic week. My name is Nate Latessa and I’ll be your expert moderator and leading today’s presentation discussion titled Mastering M365L Strategies for Streamlined Records Management and its Impact on eDiscovery. This webcast is part of HaystackID’s ongoing educational series designed to help you stay ahead of the curve in achieving your cybersecurity information, governance, and eDiscovery objectives. Today’s webcast is being recorded for future on-demand viewing. After today’s live presentation, we’ll make the recording and complete presentation transcript available on HaystackID’s website.

Our presenting experts, Matt, Shukra, Kelly, and I, have decades of experience in eDiscovery and records management. And our discussion today will address best practices for managing legal holds and collections and M365 Purview eDiscovery, and also explore how robust records management can enhance eDiscovery outcomes and reduce costs. Kelly’s going to chime in with some relevant case law, and then we’ll end the session there – after we get through the records management piece. We’re going to kind of start at the ending with eDiscovery and then work upstream to records management.

But first, I want to give a little background on our experts. I’m Nate Latessa, Executive Vice President of Advisory Services at HaystackID. I have over two decades of experience in information governance and eDiscovery. I’ve worked with several organizations to help devise strategies for effective eDiscovery and information management, aiding corporations and law firms in handling electronic evidence. My expertise is using advanced eDiscovery tools to help companies streamline litigation processes. I’ve also worked with various organizations to help drive initiatives that merge policies and programs with technology and automation and information governance, enhancing operational efficiencies and limiting exposure to cybersecurity breaches and preparing for new and emerging privacy regulations.

I’m joined by Matt Miller, who’s our Senior Vice President and Global Information Governance Advisory Services Leader at Haystack. He’s based in Los Angeles. In his role, Matt enables clients to navigate highly complex data management and protection challenges by enhancing and integrating policies, processes, technologies, and managed service solutions. After leaving traditional law practice in 2005, Matt focused on forensics, legal hold and email archiving and eDiscovery software solutions. Subsequently, he began delivering eDiscovery and information governance-related services. Matt has led dozens of high-profile, above-the-fold eDiscovery matters. He also leads multinational petabyte-scale data governance, records management, and privacy engagements. He’s advised on large-scale migrations into data in M365 environments. Also, he advises on data breach scenarios and incident response-related forensic investigations and has been an adjunct professor of cybersecurity at Loyola Marymount University for the past four years.

We’re also joined by Shukra Kichambare, who’s Senior Manager of Information Governance at Cummings Inc, which is a Fortune 500 energy solutions powerhouse. In his current role, he leads the build-out of the information governance program at Cummins, focusing on enabling machine learning and automation of information governance through the M365 Purview suite of tools. Shukra started at Cummins, leading quality management, and has since advised internally in operations and strategy. Shukra is an ex-board member of the Association for Intelligent Information Management and is certified records management through ICRM.

Kelly Twigger is Principal at ESI Solutions, she’s the CEO of eDiscovery Assistant. Kelly is a practicing attorney, consulting and testifying expert, software developer, consultant, writer, and speaker on issues in eDiscovery and the development and implementation of legal technology and how to effectively use data and planning for and during litigation. She’s one of the electronic discovery and records and information management and a host of Case of the Week at eDiscovery Assistant. Kelly has been recognized as a Fastcase 500 honoree and ABA Woman in Legal Tech is listed in the Who’s Who in America, and is a tenured member of the planning committee for the University of Florida eDiscovery Conference. Kelly also serves as an adjunct professor for eDiscovery principles and technology at the University of Colorado Law School in Boulder, Colorado.

So welcome, everybody, and thank you for joining. We’ve got a very big agenda today. We could really talk for hours about everything we’re going to do here. We want to talk about starting with some of the eDiscovery challenges in M365, we’re going to talk about just the challenges around legal hold and collections, talk about best practices for how to kind of overcome some of those challenges. We’re going to talk about some of the relevant case law too impacting M365 and other collaboration tools as well. And then we’ll move kind of upstream and talk about getting into more of the records management piece and how that impacts all those downstream eDiscovery processes and the data. So again, we’ve got a lot to cover, so I want to just dive right in and get right to our presentation.

I apologize I didn’t advance the slide there for our speakers, but you could see them all there. So getting right in, let’s talk about the challenges that M365 poses around eDiscovery. And Matt and Kelly, I want to defer to you on some of this stuff because we talk about this constantly. This is an issue for us that we deal with every day and for our clients, and there’s numerous challenges here with 365, we’ve listed some. And Matt, I want to talk to you first because I know you and I have talked about this, like I said, I think you and I talk probably every day about some of these things. Just want to get your perspective on obviously some of the features and functions of 365, but also some of the limitations here that we’re seeing.

Matt Miller

Yeah, thanks Nate. So what I would say first off is that there is a lot of capability within inside the 365 platform, and we know that about 80% of the big companies in the world are using this platform and they’ve got all the data in there. I would say that one of the problems that sticks out on a daily basis is that due to the way that the data volume has grown, the capabilities to perform the exact workflows and processes that eDiscovery professionals are used to having kind of grown up in this space from the identification and preservation to collection and processing, there are not the same capabilities, they don’t work in the same order. So you’ve got to adjust your processes and workflows internally to be able to work within the M365 environment. And without having done that, you’re at a disadvantage. Kelly, what do you think?

Kelly Twigger

I agree with what you’re talking about, Matt, and I think what’s listed here on this slide is important for people to recognize because no two instances of M365 are the same within organizations, and that’s really crucial for planning. I was telling you guys right before we started, we’re just putting out our case law report from 2023 and kind of our overarching theme is, look, you now have a lot of preparation that needs to be done in order to be able to mitigate risk and be prepared to provide information under the timing that you’re required to for litigation purposes.

And one of the biggest issues that we’ve seen, and we’ll talk about it in the context of some case law, is that M365, like most of the sources that we use to create, store, send and receive electronic information are not designed to be searched for eDiscovery. Microsoft has some tools Purview that are on the E5 license, which you guys can talk more about, I thought they had just changed the model to allow only a certain number of folks to have an E5 license within the organization, but historically it had been everybody had to have an E5 license and the cost of that was prohibitive for many organizations because their litigation portfolio was not in line with the cost associated with that. And the tool itself isn’t the easy button for eDiscovery, so it’s a cost-benefit analysis.

Nate Latessa

And I think that’s a great point. I think this is what we see in most organizations is that they do have some mix of these licenses. I know even with our own organization here, we have three licenses, we have frontline licenses, which are your frontline workers. We see a lot of that in retail or other organizations where you have hospitality, where you have folks that just need access to email but don’t need the whole suite of tools, which is fine, but your capabilities on the backend now are drastically different between F3 and E3 and E5. So in a large organization, Kelly, I think this is what you’re talking about, is that you have a different process depending on-

Kelly Twigger

Yeah, you need to understand what you have, what issues it creates, what kinds of litigation you have that may implicate those different individuals, and what that means for your ability to go and get data. One of the things some of our clients do that have this issue on a regular basis is they have an affidavit drafted that lays out how their 365 systems are set up and what the availability is of information at a given level so that we can essentially just slot in when the duty to preserve arises, when there are issues associated with that. So that’s one of the elements of planning that can be done effectively to really mitigate some of this risk.

Nate Latessa

Yeah. And I think really the challenge too around that, and Matt again kind of going to defer to you on this, is that Microsoft makes changes here fairly quickly on some of this stuff and doesn’t always communicate really well what those changes are and the impact. I mean, how do users deal with those rapid changes or those sudden changes and how that impacts their eDiscovery?

Matt Miller

Well, you know what, that is such a great segue into the next slide, Nate, because-

Nate Latessa

It’s almost like it was planned.

Matt Miller

Yes, the only constant in M365 is change. Here’s what I’ll say. This is a rapidly evolving product that has to deal with rapidly scaling to handle the amount of data that’s coming in in different formats, right? You’ve got your team’s products, you’ve got SharePoint, Exchange, all your Word documents, your PowerPoints, your Excels. Now in order to, like Kelly was getting at, have that playbook ahead of time, you got to understand what is your company using? What are the different modules we have? Where are we storing all these different types of data so that we can then get to it when we need to?

The part that troubles me the most is letter D right there, who can and should have access to what data? From a cybersecurity perspective, not having set up the proper controls and active directory to be able to limit people from getting to the most valuable data on the network can leave your organization at risk. And in order to do that, you need to conduct an exercise to understand the value of all the different types of data that are out there. And without having gone through a risk and valuation exercise for your data, then you’re going to struggle when it comes to data identification, and nevermind the fact that you’ve got to remediate stuff when it’s end of life so you’re not holding onto it longer than you should be and then it comes up again in an eDiscovery case, and it could have been deleted, but now it’s on legal hold because you never had retention policies managing all of these various types of data and in their formats inside M365.

Nate Latessa

Well, and just to throw a little curveball, and this isn’t something we talked about prior to this, but I want to come to you, Kelly, on this with Copilot coming out and all the other gen AI tools, we talk about how data is stored in 365, where it’s at. I mean, number one, Copilot is starting to become more and more widely used. We’re seeing people adopt it, but there’s this concern because they really don’t understand where data stored in 365, they don’t understand how it’s coming to Copilot, they don’t understand how Copilot is using it. And what we’re seeing is that organizations are potentially exposing themselves to additional risks because if they don’t have the proper controls in place, all that data is potentially available in something like Copilot. And I just want to get your thoughts on that because, again, we didn’t really talk about that much, but it really falls in line with this.

Kelly Twigger

Yeah, I mean, look, gen AI is new and shiny. It’s awesome. And I’m sure that Shukra has some thoughts on this too from an information governance perspective. It is about where the information’s being stored and what’s being looked at, but also whether or not the capabilities of the generative AI are really giving you the answers that you’re looking for and whether you’re relying on those answers is accurate. And so I think the accuracy of that is a big issue from my perspective. But where that data is being stored, what the results of that data are, whether people are owning the information that they’re asking Copilot and attributing it to Copilot so that other people can have that cautionary tale associated with the value of it, I think those are all open issues. So I’m going to turn it over to Shukra because I think he’s probably got some input there too.

Shukra Kichambare

Yeah, just thank you Kelly. And just a quick, I know we are at this slide and we have got plenty of more slides to cover, but just from a Copilot and gen AI perspective, right? Work in Cummins, we have seen multiple iterations. So we came in, we had IBM Notes at that time where you had a lot of semi-structured content, the gray backgrounds, and I just don’t want to remember it anymore. And then we got into SharePoint, which it’s the great new shiny thing, right? 12 years back and everyone loved it. Now you had the ability to communicate on demand, share, have a lot of capabilities which people really didn’t use and understand. But we muddled through it, we got through where we are now at a maturity where we are using Purview, and now this is all the automation and the machine learning, and suddenly we have Copilot, which is saying, “Hey, we will do a lot of things for you. It’s all automated, it’s all artificial intelligence.”

But the bottom line is change is going to be there. And I think the way we want to look at this is, how do we identify the risk? How do we classify it? So in Cummins, we have what we call our classification portfolio, it’s a policy that is applicable. But organizations need to classify their risk, and that can be done within information assets at a granular level. And then also being active and proactive about promoting the importance of records. So I know records management is this great place, I was asked by many people why we get in records management, who gets into it, right? It’s not the next new shiny thing. But the ability to distinguish and separate the wheat from the shaft, as we call it, to separate the value from the noise, is truly there in records management.

And what we have seen is the acceleration of our ability to identify critical pieces of information within the company that we want to keep versus sifting through petabytes of data that again, wastes money, wastes resources, wastes time. And in all of that, the value of records management, the automation, the gen AI is really shining through. Now, I agree that there’s a lot of fuss about gen AI, but as we have seen in the past, the fuss slowly goes away and only the value stays. So it’s almost better to adopt and learn and then see where you find the value. So yeah, it’s exciting times for sure.

Matt Miller

And before we move on, with what you guys are talking about right now, we’re talking about how all these new technologies are now being integrated into the Microsoft Suite. So the change is happening daily, rapidly. When I was just at LegalWeek, I had two different people I talking to, I mean, our conversations started to go into, “So have you seen the new menus in the Purview screens? Because they don’t look like they did a week ago.” And to be able keep up with the Gen AI and leveraging Copilot, which didn’t exist, and it isn’t in any of our processes and protocols last year, and now we’ve got to adjust, we’ve got to adapt our playbook for eDiscovery to be able to deal with that stuff. And Shukra, to your point, without having done that exercise classification, how are you going to be able to do your eDiscovery effectively? I think that that’s going to be the challenge.

Kelly Twigger

Dare I ask another question on top of that one, Shukra, and let you answer both of them? Because my question is, for organizations that don’t have a you, right, and they’re not going to have a you, how do they deal with that classification issue in order to leverage?

Shukra Kichambare

Yeah, I think that’s a great question, Kelly. And I think we are fortunate to have a team, a small team, albeit, but again, for organizations that don’t have a certified records manager or a very specific information governance team, I think there’s got to be some legal leadership there that is looking at the risk and having that sponsor in the legal firm or in the legal group or the legal department that says everything is about information ultimately, right? Whether we can distinguish the right ones from the wrong ones, whether we can see how far down the path we can go in 20, 30 years, it’s all about information storage. It’s no longer long stored in boxes at Iron Mountain, the most relevant ones are stored in data lakes and data warehouses and places where you don’t even know they exist. And so what do we do about it?

So I think it’s a call to action for legal teams and probably driven by litigation teams itself, right? This is a risk that they’re going to look at and if they don’t try to get it sorted out right away from a eDiscovery, from a what is our risk? And along with that, I should also call out cybersecurity because cyber is in the business of saying, “Man, this is a red-hot item on the heat map. Let’s get this taken care of right away.” If cyber is unable to understand that, I think those two teams are extremely, extremely important. And every firm, every organization has at least one person responsible for those two areas, litigation and cyber. And I would say just start from there. Just say, “What are your risks?” And ultimately it’ll come out that there’s just too much of this environment, of this information landscape for us to control, we can’t do it and people throw up their hands because it’s growing in the terabytes and petabytes now every year. So I would say that’s the biggest takeaway there.

Nate Latessa

And something Kelly, you and I talked about before, I mean we’re obviously focused M365 here, but that isn’t the only data source obviously when we’re in litigation. You’ve got so many different data sources and we talk about the need to have this kind of living playbook that definitely covers 365, but we do need to consider all the other places that data lives in the organization. I know Microsoft wants us in their ideal world to put everything in there, but that’s not the way that it works in the real world. So we need to take consideration for that. So you can talk a little bit about, I mean, obviously all the different collaboration tools, the different data sources, I mean, it could be overwhelming for a lot of people.

Kelly Twigger

Yeah, we don’t talk so much about a data map anymore, but to be honest, that’s still the tool that you need to be using. And whatever that looks like for your organization, however you choose to put that together, it can be as simple as a spreadsheet or a SharePoint portal or something, you can leverage what you already have. But you really have to understand by business unit and via IT what all the sources of ESI are so that when you have litigation, there’s something to already look to be able to identify. And the issue, as it always has been with ESI, is that a lot of these places have data retention policies that are set. And if you don’t know what they are and you neglect to go and preserve, I’m just going to make something up, benefits information from, say it’s got a seven-year retention period and suddenly your litigation goes back 10 years and someone didn’t change that setting within an appropriate amount of time, that can be a tremendous problem. So adoption of the cloud, in my view, is fantastic from the ability for businesses to leverage their information more effectively. However, it presents all kinds of challenges with you needing to put preservation in place across all those cloud-based services.

Nate Latessa

Well, and I think the problem too is they all work differently, right? I mean, they have different features and functions and capabilities so now you have to somehow be uniform across all of those and have-

Kelly Twigger

Well, the law requires that we make reasonable efforts, right? I mean, it’s not perfection, it’s reasonable efforts. So I mean, we could spend the whole hour talking about what’s reasonable efforts about this particular situation, but yeah, it’s tough. And I could say on our law firm side at ESI Attorneys, we are essentially outsourced discovery counsel, advisors on information governance and in discovery for litigation. And a lot of places, they may have a records manager, but they’re a paper records manager, they don’t have a lot of education, they don’t have a technological background, Shukra, like you do, and the ability to develop tools and things. And so yes, I see that role growing in the way more towards what you’re doing, but I see a lot of organizations who don’t have any sort of fundamental role right now and so the need to help them elevate to that is something for all of us to do.

Nate Latessa

Yeah. So I think we all agree, I mean really foundationally we need to understand what data we have, where it’s at, how it’s being used, who has access. The playbook is just vital to this, but it’s something that constantly needs to be evaluated and updated and regularly monitored.

One thing, the folks on the line haven’t seen this already as far as M365 goes, since they don’t really announce roadmap or some of the changes very well, you can go out to Microsoft if you just search for M365 roadmap, there’s their roadmap site out there that shows everything that they have in development, what stage it’s at, when it should be released. And this is just a screenshot of one of those, and I just happened to search for eDiscovery and it shows just some of the different changes that are coming that are in development right now. There’s 14 in development, 45 have already been launched, and it has the projected preview dates and the rollout dates. But one thing I think Matt pointed out was that we found one item in here that says it was going to be released in December 2023, and it shows that it’s still in development. So it’s behind schedule and it doesn’t show exactly when it’ll be released. But again, some of these things like this is actually a change to some of filters within the review set, within the review module. It could have a significant impact on some of the things you’re doing. And if you don’t know about this, if you don’t know about these changes and when they come out, it could have some serious downstream effects.

Kelly Twigger

Hey Nate, I’m going to ask a quick question and a little bit based off the comment that Leo just made, which he said Microsoft does a terrible job of doing feature release notes, which I think all of us would agree on. You guys mentioned talking to Microsoft folks at LegalWeek, Shukra I know you mentioned having been out at Microsoft. What are ways for people who are not as ingrained in this to understand what’s happening with Microsoft to be more involved in this and figure out how they can bring themselves up to speed to where we’re talking about today? You can factor that in anywhere you want to, but that was a question that came to mind.

Shukra Kichambare

Yeah, I mean this roadmap obviously is a great place to know, but again, you really want to be a little bit more technically inclined to understand everything in it and all. But if you have a Microsoft account and if you have an enterprise account, you probably have an enterprise manager, I’m giving you the most high level way to get into what’s happening. Reach out to that enterprise manager. And again, I’m not a Microsoft employee, but we have that luxury, and I’m guessing everyone has an account manager. Reach out to them and ask them, “What do you have that’s upcoming or that’s available to us in the information governance, in the eDiscovery, in the information classification capabilities?”

And their sole role is to help you be successful, right? So I always look at this as there’s a person who’s dedicated to you as an account and whose sole role is to make sure you understand what’s available to you and utilize it, that I’ve seen Microsoft excel at in terms of, “Hey, what do you guys need to do?” Because they’re always trying to upsell to you, or in the sense of, “Make use of all of this and here’s something new that’s coming.” So I would say if you’re not technically inclined and if you have an account, go to their enterprise account. If none of those apply, then you can obviously reach out to me, reach out to Nate, reach out to Matt. I mean, these guys are experts in this field and they can definitely help you navigate the spectrum.

Nate Latessa

Yeah. Well, Kelly, I want to go to you now on just some of the case law. I mean, there’s been a couple developments here, some recent ones, and I think you might have some other ones outside of this, but can you just talk about some of the case law that’s impacting really M365 and really all the collaboration tools?

Kelly Twigger

Yeah, so actually I mentioned to you guys before we started, we’re actually getting ready to release our 2023 case law reports. And so we just finished kind of wrapping up some of these topics. The Deal Genius cases, there’s a series of five or six decisions in the Deal Genius cases in which essentially O2Cool didn’t want to produce or didn’t think they had to produce Microsoft Teams messages. And the only way that Deal Genius found out was because they found a couple of what looked like emails that weren’t really complete emails, and they realized they were Teams messages. Well, they didn’t realize it, the special master realized they were Teams messages and said, “Wow, it’s very disturbing that 18 months into this litigation, you have not produced any messages from Teams.” So there’s ample case law out there now that only came up in 2023 on the fact that Teams data is discoverable.

The Lubrizol case was really about context. The Lubrizol case actually involved Slack, but it’s the same kind of context as Microsoft Teams messages. And Lubrizol was a dispute about the context of how many messages above and below needed to be provided for a responsive message based on search terms that the parties had agreed upon. So when you’re looking at planning for eDiscovery from Microsoft Teams, from Slack, from any sort of instant message based tool where you’ve got other collaboration features, you can link documents, you can add other platforms in there, link to them, you really need to be thinking in terms of planning about what’s the date range of preservation or information that’s going to be relevant, what are the kinds of search terms and data that are going to be relevant from that application that you need to be proposing to the other side, not them proposing to you, and then what’s the level of context?

So the takeaways from the case law are don’t agree to anything in an ESI protocol until you know that you can do what it is that you’re agreeing to because the courts will hold you to it. That was a case called NRA StubHub litigation, and these two cases that are here both make it clear that there is definite discoverability from collaboration platforms and context is going to be something the courts expect the parties to be bringing to them to help them understand what’s relevant.

Nate Latessa

Yeah, perfect. And the Deal Genius one really did stick out to me too, just because reading through that case law summary, I mean there was a lot of concern around the accuracy of the search results and 365 when you’re doing those searches.

Kelly Twigger

Yeah, yeah, I forgot to mention that. Thanks for remembering that. Yeah, the special master in that case specifically noted that it’s clear that the search functionality that’s in Microsoft 365 is not going to be sufficient to allow a party to meet their Rule 26 obligations for providing what’s relevant. And so that kind of goes back to what I said earlier, which is like a lot of tools, M365 is not designed to allow us to find for eDiscovery what we need to, it’s designed to create, store, send and receive all data. And so that search functionality alone, even in Purview, is not going to be sufficient for you. You’re going to need to pull data, a larger swath of that out and use eDiscovery tools to be able to get to what you need to.

Matt Miller

But Kelly, aren’t many organizations making the reasonableness argument that you talked about earlier that this is such a widely used product and that how do we question Microsoft and is it reasonable to use that search functionality?

Kelly Twigger

I can’t remember the name of the case map, there’s one company that tried to make that argument and it did not work.

Matt Miller

Not work?

Kelly Twigger

The question isn’t whether what your tools are or how reasonable you’re dealing with what the search terms are or whatever, the issue that Phil Favro, who is the special master in Deal Genius looked at was, “Look, I get that you’re looking at these search terms, but they’re not pulling back what we would expect them to pull back. You’re not getting the full context of what we would expect you to get here.” And the counsel’s role, as I see it, is that you need to be the one in that data, looking at it, making sure that you’re getting the full context of everything. In other Microsoft iterations, pre-M365 nomenclature, Microsoft Online email is the same as Exchange email was. And search in either of those applications has never been ideal, it’s always been that you need to pull a construct of certain custodian’s information for a certain date range and bring it out and then filter it based on search terms. You can use search terms to figure out what those constructs need to be, but the tools within Microsoft right now are not going to be sufficient to meet your Rule 26 obligations according to Phil Favro in Deal Genius. I’m pointing to my screen because it’s right there on it.

Nate Latessa

So we’re back to, I think, over-collecting at this point, right? I mean, just to ensure defensibility.

Kelly Twigger

Well, I think that you can do a lot more targeted things than folks do in terms of that over-collection, but it is not straight from Purview into a review platform, no.

Nate Latessa

Right. So I think that’s probably a good segue to really next topic, which we want to talk about records management. This is obviously Shukra’s expertise here and really talk about the impact. But Matt, could you just walk us through the slide real quick and talk about kind of the records management piece?

Matt Miller

Yeah. So at the core we have a logistical challenge here of protecting the organization, its data and the data itself, which it’s all your information assets and you need to have an idea of where it flows. I think Kelly’s point about the data map is actually totally relevant here. You’ve got your essential assets, the critical information for your organization, and knowing where all your sensitive IP lives, and you’ve got systems and applications and business units and the processes and policies of how that data is managed by the places that it flows internally. And I think on top of that, these little arrows on the outside, we’ve got third parties that need to maybe access some of that data inside your organization. So the accountability for where this data is, where it’s being accessed, where it’s flowing, and who’s allowed to have the rights and permissions to interact with that data like your customers and your contractors, so now you’re taking on that kind of responsibility for what they’re doing with it.

And if we click one or two more times, we’re going to see that the way to handle that, you have to have controls in place and there’s a number of different regulations and best practices that are out there. And these controls, this is going to make up the foundation of your cybersecurity program, and you can leverage that data map so that you can map your controls to these different types of data and where it’s moving throughout the organization. The controls can map downstream, they can map upstream to the standards and regs based on what’s changing. And as you build out your RIM program, you’ve got to take into account a lot of different things that Shukra was talking about with the governance and the risk and the compliance because the regulatory landscape is going to change so you need to adapt at the end.

So you’ve got this balancing act between compliance and efficiency. Can my employees find what they need or is it too locked down? And to see that effectiveness of coverage of the controls and maintaining that compliance and balancing that with the landscape changes and nevermind the fact that the tools themselves, the Microsoft environment keeps changing, there’s a lot. It’s like a never ending job. I mean, Shukra, do you agree with that? Or Kelly, go ahead.

Kelly Twigger

Well, I was just going to add that to your point about regulatory is that there was just an announcement from the FTC and the DOJ last month on the importance of data from mobile devices and the fact that they are updating language in standard preservation letters and specifications for all second request, voluntary access letters, compulsory legal process, including grand jury subpoenas to address the increased use of collaboration tools and ephemeral messaging platforms. So now they’re expecting organizations to be doing that, to be managing that information.

And that really gets back to mobile devices, lots of folks have moved to allowing their employees to use personal mobile devices for work and case law combined with what you’re seeing here on this regulatory update means that that’s a whole nother area of what you’ve got here on the screen on this data map that has to be considered. And those sources of data are very problematic because you’ve got not only user controls that are very easy to set, and we actually talk about a bunch of that in our case law report, but that data can go away like that, and it’s only available on the devices from and to.

Shukra Kichambare

Yeah, and to your point, Matt, and what you said, Kelly, I think fundamentally the way we work has changed. I know this is a cliche statement, but post-COVID, but if you look even before COVID, I mean, when I started my job, we had giant steel lockers that we kept files in, paper files that we got from suppliers when we did quality work, it’s all gone. I mean, when we had to remove those, when the lockers got full, we had to remove them and we had to make a determination, which ones are we going to keep and which ones are we going to shred, right? Now it is just changed where you not only have laptops, you have mobile phones, you have many other devices that now store, manage data. And that’s what really drives home the need to automate some of these controls and these capabilities.

If you think about it, Copilot can do a summarization of a document, but what if some gen AI capability could go in and automatically classify and serve up to any discovery expert, “Hey, here’s all the automatic classifications, not just a search and index, but here’s all the classified data that you can look at and you have to make a call on which ones you want to keep.” That would really serve a great purpose, that would actually solve or answer the question, the problem of how am I going to do this, right?

Additionally, just from a standpoint of records management, because I’m the expert there, keeping data for longer than it has to be kept absolutely has devastating impacts. And a lot of organizations don’t realize that not having retentions in place for file shares or for OneDrive or all of that capability is there, but the more you delay that decision on putting a retention policy and making it involuntary, what that means is it’s not dependent on the person to actuate that retention, it’s actually going to happen whether you like it or not, the cleanup will never happen, and you’ll just be facing mountains of digital landfills that you have to face in terms of eDiscovery and litigation.

So once again, that automation is so, so important, though it feels like it’s complete fuss right now, there are some nuggets of value there in terms of how it can impact privacy, RIM, especially RIM and in general benefit cybersecurity because now there’s less data, less redundant data to sift through or ROT as we call it, redundant, obsolete, and trivial data to sift through.

Nate Latessa

Well, and I think some of those things, it’s not obvious what the impact is on downstream things like eDiscovery, like privacy, like cybersecurity, and this is probably a good segue into something that Matt and I have worked on, which is how do we help organizations understand what that impact is downstream? What does their data profile look and what does the impact of not having a records program have on data and that growth over years?

So we actually created this ROI and risk calculator that helps kind of show them what that impact is. And this is just one snippet of it from the eDiscovery side, this was just taking a typical company that has 10 matters a year and say 25 custodians. And assuming that 20% of their data, if they don’t have a records program, if we can eliminate 20% of the data by implementing a records program, what’s the impact of that downstream from just an eDiscovery standpoint? And it’s pretty substantial. I mean, if we can reduce that by 20%, and what we’ve seen is a lot of corporations have north of 70% of their data is ROT, it’s beyond those retention periods. So this is just a very conservative number at 20%. If we could just reduce it by 20%, the potential downstream savings from an eDiscovery standpoint is substantial. And Matt, I want to give you a chance to talk about this.

Matt Miller

Well, you remind me of when I first started getting into this kind of crossover from eDiscovery into information governance, and it was related to a large manufacturer that made energy drinks, right? And in the ’90s, the scientists were communicating with each other and they were making jokes in email, and unfortunately they never had retention in place and so they saved everything forever. Well, a teenager drank too many of these energy drinks, he passes away, it’s tragic, it makes the news. And it comes out in discovery that these two scientists were joking around like, “Hey, if I drank six of these, my heart would explode,” keyword, heart, find it in the litigation.

And that prompted the CEO of that organization to in a sense take over and say, “This is never going to happen again at our organization. We need proper legal hold policy, we need proper retention schedules put in place and then operationalized on the network.” And without having done that, what you see is you’re overspending on not only storage, but downstream you’ve got so much more work to do because you’ve never done any cleanup. It’s not an easy task. It’s easy to say, “Let’s do cleanup,” but I mean, Shukra, in your experience, it’s not that easy. I mean, especially with the amount of data that’s out there, right?

Shukra Kichambare

Absolutely, no, the first reaction is why? What do you mean cleanup? Right? Isn’t storage cheap? Aren’t we getting terabytes for the price of pennies? Yeah, I think that’s a natural reaction. And generally speaking, it’s very difficult for an employee or for us to expect that an employee who’s designing an engine, who’s making a plan or putting in place a plan operation for them to say, “Okay, I’m going to go through millions of my documents or thousands of my documents and emails and try to clean up.” We started realizing very quickly that that is not going to happen, right? And so that part is pretty much where automation helps. But also just the idea that we have to clean up, I think we had a lot of resistance in general. “Why do we have to clean up? Don’t we have unlimited storage with OneDrive?” No, we don’t. In the early years, it’s the honeymoon period where we say, “Hey, unlimited storage,” yes, you have unlimited storage, but how are you going to even find the files?

So we didn’t want to put it as it’s a legal requirement, but we also use the double-edged sort of it’s also going to help you with productivity and collaboration, right? If you store 20 copies of the same file, how are you going to find the right one? I mean, you have to go filter by date and it’s just going to be messy so just do this. And I think it’s a lot of habit too. When we are in the file share space, I think everyone’s been there, you don’t have versioning in general, and you would create rev one all the way to rev 20, 30, and then just trying to find which ones you need was a pain.

So again, it’s a challenge, but I think a lot of people are starting to realize themselves that I can’t find the stuff, when I enter a search term, I’m finding all this crap, which it’s not even relevant. And so how do we get better at making sure we get served the information that we are looking for?

Matt Miller

And so… Oh, go ahead.

Nate Latessa

I just want to comment again just on the storage is cheap aspect. Again, when we think about you go to Best Buy and go buy a terabyte hard drive for $100 or whatever, this is not Best Buy hard drives, I mean, these are enterprise grade equipment. There’s a lot, there’s FTEs that are involved and maintaining that, the connectivity, the HVAC. When you add up all the costs, I think the number that Matt and I found in our research was $3,351 per terabyte per year is the cost to maintain and manage that data. That’s per year. And that was the lowest number we could find. I mean, some of the other numbers we found were closer to 10,000. So storage is not cheap. And again, that’s just to manage and maintain that storage, that’s not even all the other downstream, the cost of eDiscovery. If there’s a breach, the cost of having that data there and the cost of privacy, it’s just simply to store that data.

Kelly Twigger

That’s what I was going to add is cybersecurity breaches, everything else that’s happening in that space is setting those costs up, up, up.

Shukra Kichambare

And that’s why we don’t want employees to get, “Hey, here’s what we see in Best Buy.” And then that each another rationale in terms of, “Hey, why is this a big deal?” I think with the automation, it just takes that away. It takes away that decision making, it takes away, for better or worse, again, it takes away their ability to be able to say yes or no. Again, they can always create a record when they want to, but if they don’t assign a record, it’s going to go away after X years after it’s been last modified. That’s just default policy we have now.

Nate Latessa

So Shukra, let me ask you this because this comes up all the time, it’s, “We have a records management policy, but we haven’t operationalized because that’s really difficult.” Again, we talked about all the different systems, we’ve got different departments, we’ve got different legal obligations, compliance obligations, things like that. I mean, you’ve done this for a big organization. How do you get this off the ground? I mean, what is the process for getting this underway? Because I think most people just get stuck at step one, how do I even get started?

Shukra Kichambare

Yeah, I think that’s a great question. I think it’s going to differ for different organizations based on their maturity and based on how long they’ve been in general in existence, right? So Cummins has been around 100 years, so we have a little bit of that maturity in terms of legal obligations being really, really important, Cummins has that, we have it encoded in our ethics is we are going to do the right thing, whatever it takes. If you guys read the headlines, there’s like, “Hey, we just paid a fine. We are going to do the right things, whatever it takes.” And part of that played into the records management program here. Our chief legal counsel was very, very determined at that time and even today that we need to have our records program in the right place with the right resources assigned.

So for those of you who don’t have a records management program, everything you’ve read so far or heard, the privacy impact, the cyber impact because these were not there 10 years back as critical needs, right? Data privacy and cybersecurity. They were up and coming, but records management is big. I would ask that you look at those as a big stepping stone in order to get some focus and some highlight on this because it is not only going to get you compliant, it’s also in the long run going to save on cost. So say tomorrow a new system comes along and it is better than Microsoft like Microsoft was better than IBM for us a while back and now you have to migrate petabytes of information. Just from that standpoint, it is a Herculean task to ask employees to say, “Which one is important? What percentage of these files are important?” And you’re going to pay a big amount of cost just to do that migration. So think that’s one area you could get your executives to pay attention to.

Another area is just the risk. How much of risk can we take and tolerate in keeping stuff around for longer than we need to? How much of that is really, really required? So I would say, look at your legal departments, look at your cybersecurity departments and get a sponsor. And if you have the authority, ask them those questions and see where it takes you.

Nate Latessa

So Kelly, when we were talking too, one thing you mentioned was matter assessments and how you can leverage those to help here. Could you talk about that a little bit?

Kelly Twigger

Sure, yeah. One of the things that we do with clients is we look at what your three and five year sort of litigation views are backwards and forwards. What are the things that have caused you to spend a lot of money in the past? What were you spending on? How can you make changes to what you’re currently doing from a process tool perspective to an information governance perspective to understanding what all those tools are from a data map perspective? And so that assessment is really kind of taking both your portfolio, whether it’s regulatory, litigation based, internal investigations, employment, whatever it is, identifying where your biggest risks are from that perspective and then backing out and looking at the big picture and saying, “What can I do to minimize risk and cost here?”

And it varies for different organizations and maybe a Fortune 50 company that has a ginormous litigation portfolios assessment is completely different than a company that’s largely focused on internal investigations and smaller employment disputes. So everything that you’re doing in this space and in eDiscovery down the road is tailored to what is right for your organization. And same with sources of ESI, you don’t have to know every single thing that’s out there, but you do need to know the sources that your employees and people within your organization are using.

Nate Latessa

Matt, I don’t know, did you have any comments there?

Matt Miller

Of course. So one is Shukra brought up the general counsel taking a stand, right? So we’ve got a couple different clients that I’ve seen more recently have proactive efforts go into leveraging Purview to handle some of these records management tasks, which the byproduct is less data to collect, less document reviewers in the long run for eDiscovery. But I mean, I don’t think they were focused on the eDiscovery cost, I think that it grows out of this new concern with the exponential amount of cyber attacks that we’re facing from different nation states and even internal bad actors that finally there’s enough pressure because of these regulations that if you don’t do something now, it’s just going to bite you in the end.

So having that stakeholder group, Shukra talked about both having cybersecurity on the team and legal to be able to get, you need that buy-in, right? You need a stakeholder group to create an information governance council that gets together and says, “We all are going to benefit from this change. It’s not going to be easy.” I think the biggest debate is who ends up paying for it? It’s whose budget is it going to come out of to handle this problem?

And that probably brings us into that third question of, how do we balance our spend? And in this area, when we can see the ROI, we know those numbers are real, we know that our data’s locked up in the Cyberdyne laboratories, Rackspace co-location facility, how do we know that we need to go from E3 to E5 to get to that without having suffered an incident? So five years ago, if you hadn’t suffered an incident, they weren’t doing anything. I think that is changing, which is, I think, good for all of us in this space because the downstream effect is going to be quicker access to the right records when we need them.

Kelly Twigger

Nate, do you mind if I add onto what Matt’s saying? Because one of the things in the case law discussion is that in addition to those cybersecurity concerns, breach concerns, having too much data out there, all of what Shukra and Matt have talked about, we saw this last year that there’s a lot of change happening in how the courts are interpreting the federal rules of civil procedure and your obligations and potential sanctions for failing to meet preservation or production of ESI.

And what we’re seeing now is that the courts are saying, “Okay, we’re starting to get that mobile device discovery or these ephemeral messaging apps, they don’t fit neatly within the language of the federal rules. And so we’re going to start adapting what we think should be interpreted here based on what your obligations are under that language to these new technological developments.” And that’s this year, this past year, 2023 is the first time we’ve seen that. We’ve started to see a lowering of the bar for intent under Rule 37e, which is the federal rule, civil procedure, that’s a sanctions rule. And 37e is about failure to preserve. We saw a default judgment entered against Rudy Giuliani for failing to preserve his information without any legit evidence of he engaged in a conspiracy and intent to destroy all that information, which is what has historically been the thought process under that rule section.

And so those developments to me, I mean, if there was a time for you to get your house in order when it comes to records management, it’s now. I mean, you really just don’t have what we used to consider this sort of sliding scale of, “Well, I didn’t engage in intent, so I’m not super concerned about bad sanctions,” I don’t know, how do you feel about an adverse inference instruction?

Nate Latessa

Well, just as part of a time check here, I think we blew through that hour pretty fast, and I’m sure we can probably talk about the subject for another few hours, but I just wanted to just make a couple quick announcements here towards the end. A couple things on this side, we talked a little bit about Copilot, that’s one of the big things that we’re working on at Haystack here is helping folks get Copilot ready. We’ve got a lot of companies that are interested in that. And like I said, some are already buying that add-on, but now we’re realizing that they might not have the records management and the right security and protections around that data. So we’re working a lot of organizations to help them get ready to launch that.

We also talked about the ROI and risk calculator really to help better understand the impact of data information and growth and everything across the organization. If anybody would like a copy of that, please reach out to me or Matt, we’d be happy to sit down with you. And it’s really just kind of a workbook that we fill out with you and it’s tailored to your organization to be extremely relevant to what you’re doing. And then Kelly, I know you had some announcements as well.

Kelly Twigger

Well, I mentioned the case law report a couple of times, so I’ll just throw the link in the chat if that’s okay for people, you can just sign up for that to receive that and that actually will be out next week. So it’s a lot of what we’ve talked about today and a little bit more detail in terms of case law, the regulatory updates, things like that. And then we typically try to keep you posted on a lot of these issues on our Case of the Week series as well so feel free to join us for that.

Nate Latessa

Perfect. Well, we didn’t quite get to questions, but if you do have some questions, please feel free to reach out to us. I do want to thank our expert panel for sharing their insights and information. We also want to thank everyone who took time out of their busy schedule to attend today’s webcast. We truly value your time and appreciate your interest in our educational series. Don’t miss our March 2024 webcast scheduled for March 27th, focusing on getting things done with gen AI. It’s led by HaystackID’s Chief Artificial Intelligence Officer, John Brewer. This webcast will explore how gen AI is transforming products and services for legal professionals. You can learn more about it and register for the upcoming webcast, and explore our extensive library of on-demand webcasts on our website, which is haystackid.com. Once again, I want to thank all of our attendees and our panelists for attending today’s webcast, and we hope everybody has a great day. Thank you for attending.

Kelly Twigger

Thanks, everybody.

Matt Miller

Thank you.


About HaystackID®

HaystackID solves complex data challenges related to legal, compliance, regulatory, and cyber events. Core offerings include Global Advisory, Data Discovery Intelligence, HaystackID Core® Platform, and AI-enhanced Global Managed Review powered by its proprietary platform, ReviewRight®. Repeatedly recognized as one of the world’s most trusted legal industry providers by prestigious publishers such as Chambers, Gartner, IDC, and Legaltech News, HaystackID implements innovative cyber discovery, enterprise solutions, and legal and compliance offerings to leading companies and legal practices around the world. HaystackID offers highly curated and customized offerings while prioritizing security, privacy, and integrity. For more information about how HaystackID can help solve unique legal enterprise needs, please visit HaystackID.com.


*Assisted by GAI and LLM technologies.