The first part of this article can be read here.
All businesses must abide by certain general and industry-specific rules and regulations, whether that’s regulatory frameworks like HIPAA (Health Insurance Portability and Accountability Act) and FACTA (Fair and Accurate Credit Transaction Act) or privacy-related regulations such as GDPR (General Data Protection Regulation) and CCPA (California Consumer Privacy Act). The Office 365 Security and Compliance Center can assist with those needs as well.
Using the advanced administrative features of the center, organizations can harmonize their information governance, security and eDiscovery needs – from auto-tagging documents as records based on keywords or actions, to monitoring bulk file deletions, to ensuring PII is identified even before sending out documents to your attorneys, let alone to opposing parties or regulators.
Office 365 provides access to data and tools that help manage a company’s compliance and eDiscovery needs, including the ability to:
Governments and other entities create data security regulations with similar goals in mind – to protect consumers’ privacy, for example – but each one requires different information and steps for compliance. Office 365 is a powerful tool to help your organization meet those requirements and avoid fines and reputational damages that can result from neglecting those responsibilities.
For companies using Office 365, the bulk of data collected for discovery is likely to be found within the Office 365 ecosystem. Emails, Office documents, OneDrive, SharePoint, and Teams chats and channels are all common areas that may contain information relevant to a lawsuit, regulatory inquiry, internal investigation or other legal matter, and all of that information can be accessed centrally through the Office 365 eDiscovery features.
That said, it is critical that those utilizing those tools have the proper training in both the technology itself and the eDiscovery rules, workflows, protocols and general industry-accepted practices. There are many complexities to ensuring the data exported from Office 365 can be securely and accurately loaded and used in other systems, such as attorney document review platforms. A top Office 365 eDiscovery solution provider will offer several options to ensure a seamless transfer of data between Office 365 and any external system – and that is especially true for those providers offering automation, online dashboards and process alerts.
It’s also important to remember that though much of a company’s information is contained within Office 365, there are still many other systems – such as databases, text messages and social media, just to name a few – that can be implicated in legal disputes and investigatory matters. Data and documents from those other systems must also be identified, gathered, processed, analyzed, reviewed and produced, so you should partner with a leading Office 365 eDiscovery solution provider to handle such matters. Your provider can offer all of the same processes built into Office 365 for these other systems, and in some cases even offer programmatic bridges and tie-ins to load data from those other systems directly into the same workflows and searches as used with Office 365 native data (that is a whole other article)!
To meet the exacting standards of the laws with respect to evidence handling and using documents in legal proceedings, the workflows and nuanced configurations within Office 365 should be managed, or at the very least reviewed by experts – that is, a trusted third-party company that has experience in IT, legal data management and Office 365. Though many legal technology and eDiscovery companies liberally market themselves as O365 experts, few have the in-depth knowledge necessary to successfully set up and manage the robust platform.
Because the eDiscovery features are relatively new to Office 365, and are constantly being updated, improved and modified as well, it behooves companies that utilized O365 to work with an experienced eDiscovery service provider that specifically offers Office 365 consulting or solutions. Whether that provider fully manages your Office 365 eDiscovery protocols and workflows or is just helps vet certain portions, using a knowledgeable O365 partner to ensure your final processes are configured correctly delivers risk mitigation at a low cost.
Even seemingly simple workflows, such as searching a custodian’s mailbox or exporting documents for attorney review, can be problematic later if certain settings are not correctly configured (and depending upon how errors are handled). Further, there are several workflows that, when bolstered with custom programming against the Office 365 API, are very valuable, as they help automate many tasks and set alerts that are not available as part of the standard Office 365 eDiscovery deployment. Those are all areas where a qualified Office 365 eDiscovery solution provider can help build methods and bridge gaps to your overall eDiscovery process.
The key to maximizing Office 365 for eDiscovery is having it configured by trained experts who understand not just eDiscovery, but Office 365 and your industry as well. With that knowledge, they can customize the platform based on your company’s needs, establish regular eDiscovery workflows and help you remain compliant. By investing in your O365 system in the beginning, you’ll be setting your organization up for future success – saving time and money immediately and through the long term, and garnering that much more ROI on your O365 investment.
Copyright © 2019 Legal IT Professionals. All Rights Reserved.