Microsoft Office365 and eDiscovery: Opportunities and Challenges
At Legaltech New York 2017, DiscoverReady sponsored a CLE program titled “Best Practices for Managing eDiscovery in Office365,” moderated by my colleague Jennifer Shea. The program was terrific—a packed-house of curious practioners engaged actively with the panel of experts, and everyone walked away with better insight into the opportunities and challenges presented by Office365. To share the benefit of the CLE program with our blog readers, I sat down with Jennifer and asked her to recap some of the most important content.
MO: The panel you moderated was very well-attended, with every seat filled and crowds of people standing around the room. Why is “eDiscovery in Office365” such a hot topic right now?
JS: I think the simple answer is this—corporations in all sectors and industries are planning to migrate at least some data management functions to Office365 or a similar cloud model. These decisions appear to be largely cost focused and IT-driven.
During our conversation, it was clear to me that information governance and legal departments were largely left out of the decision to migrate data. Now those teams are in a reactionary position, trying to figure out how to merge existing policy and procedure in this new space.
Early on in the presentation, I polled the audience for their experience level in Office365. I expected about half of the audience to be either using Office365 or planning to move. Instead, nearly 70% of the audience was already using the platform or in the midst of a migration. Each of our panelists was on a different point on that continuum—from starting to plan data migrations through long-time users. I think Office365 and data migration-related issues will continue to be a popular topic throughout the next few years.
MO: What would you say are the most significant opportunities presented for an organization that moves to Office365 and develops a sound program for eDiscovery in that environment?
JS: The most obvious opportunity for any organization considering an Office365 migration is decreased cost and risk in the IT space. Moving the management of data and email to an externally hosted platform allows the IT department to improve metrics like increased security and uptime.
Generating ROI is more difficult from the Legal Department perspective. The eDiscovery Tools within Office365 are powerful and can simplify an organization’s pre-existing eDiscovery processes. But these tools are less useful if the organization hasn’t done the necessary data-related pre-planning. Tasks like document coding, data mapping, and categorization can be time-consuming and onerous, but are critical to any holistic data management program. If Legal Departments use the Office365 migration as a time to define, map, and reduce data sources, responding to eDiscovery requests is vastly simplified.
MO: Conversely, what would you say are the greatest challenges an organization must overcome when embarking on such a project?
JS: I foreshadowed this in my last answer. Do the work upfront and avoid either the “mass migration” or “legacy data problem.” Identify appropriate data and documents and move those records to the cloud where applicable. Identify data, systems, and individuals on legal hold and create corresponding holds in Office365.
On the opposite side of the spectrum: Be careful not to create a legacy data problem on premise. Move only what’s needed, but don’t let data accumulate on laptops or internal shares simply because determining retention needs or categorization is difficult.
Lastly, train Legal and IT staff on the ediscovery functionality within Office365 and which permissions are needed to perform which tasks. Within Office365, eDiscovery users have significant level of access to email and documents to perform their job functions. Make certain that both Legal and IT understand these permissions and apply judiciously.
MO: The panel and audience devoted a lot of discussion to the process of planning and executing a migration into the Office365 environment, and the information governance implications of a migration.
JS: We certainly heard this over and over again from the panelists. They shared lessons learned: Get legal a seat at the table. Pre-plan the migration with a cross functional team. Put in the work to map data and data sources up front. Migrate what is needed. Add retention codes and retention policy enforcement within the Office365 system to avoid this issue in the future.
One puzzle we discussed in the session was the legacy data issue. What to do when your organization has data on premise that is from (for example) a legacy email platform or user shares and that no one is certain where that data is in the data lifecycle. Do you move all that data to the cloud, try to organize the datasets prior to migration, or just leave it where it is? The panelists discussed handling this a variety of different ways:
- Full indexing and application of retention codes based on content and context of the documents
- Light-touch indexing to determine date ranges, file owners, etc and reducing the population based on context alone
- Applying general retention schedule to the data (e.g. 7 years), locking down the datasets on premise, and letting data age outside of stated retention period.
There are pros and cons to each approach and your organization may choose to take a hybrid approach depending on the types of data.
MO: It was extremely helpful to have an internal expert from Microsoft on the panel—Rachi Messing. What are some of the best points of advice that Rachi shared?
JS: Very helpful to have Rachi join the panel—we had several audience members ask questions to him directly and it was great having insider perspective for the audience!
One question from the audience builds on what I mentioned in the previous question: What tools exist to help with migrating data and knowing what to migrate? Rachi explained that MS has created an easy allowing their clients to migrate PST, live email, and data shares seamlessly. That presupposes, of course, that your organization knows what data to migrate. Unfortunately, there is no “magic bullet” option to identify what data needs to be migrated.
Another point Rachi and another panelist discussed was making certain both IT and Legal understands how to locate and update configurable settings in Office365. Microsoft updates the Office365 environment frequently and occasionally system defaults are modified as a result. Make sure your team understands the internal settings for Legal Holds, eDiscovery searches, and similar functionality in the system and confirms that selected settings post-upgrade.
MO: If you could point to one key takeaway from the program, what would it be?
JS: So many key takeaways, I can’t pick just one!
Data maps are critical. Know where your data is and where you want it to end up in Office365.
Make sure your Info Governance policy is enforced in the cloud. There may be a tendency to relax the reins a bit when data is in the cloud.
Make sure your teams & IT departments understand data locations and permissions being granted in the system and aren’t simply accepting system defaults.
Have a member of the Legal staff stay abreast of new updates and releases coming down the pipeline within Office365.
Finally, I’m not sure we had time to make this point in person, but this is important: Create and cultivate Office365 user communities. Share your experiences and learn from other organizations in similar situations.
Many thanks to Jennifer and the terrific group of panelists who joined us at Legaltech! If you’d like to learn more about the intersection of eDiscovery and Office365, you can head to our website and listen to a webcast on managing eDiscovery in Microsoft Office 365, a similar program moderated by Jennifer last year. Or reach out to us at firstname.lastname@example.org, and we’ll have one of our Office365 experts contact you.