Empowering the business for eDiscovery in Office 365 | BRK2112
Hello, and welcome, everybody. Thank. You for joining me in this rather. Late afternoon, session on ignite day one on. Ediscovery. A rather dry. Subject, some would say when. I set, out to do, this presentation for, ignite I. Thought. I should try to put some interesting, and fun into it but. Then I kind. Of gave myself a second. Thought and really. Ediscovery. Is serious, business done, by serious people so, fun, seems, a, little, off the mark so. To make it interesting, what I've done instead is to, bring in some real-world examples, from. My, experience, in the field working, with customers and hopefully. That. Will be interesting, for the next 45 minutes. I'm. Going, to talk about three things today. Laying. The foundation, for ediscovery, and what that means in your organization. Some tangible. Things you can do to lay a foundation. There's. Three key stakeholders. In an, organization. That all have a part to play in, information. Governance and then, can. Ediscovery, as well and. Then. I'm going to spend. The, bulk of today's 45. Minutes talking about how. To build a strong ediscovery, team in your own organization. Now. Up, to this point in time you've heard the keynote you've heard a lot of roadmap sessions, this. Session is very practical it's. Based on my experience, in the field I have. Sat in the IT chair. Where I've done ediscovery, searches, for customers. Where, their business teams don't do it and I've. Also delivered, workshops, and worked with customers that, business, teams do it as well so I have, observed, a, lot of challenges. I would say in. The. Field, from. Organizations. And a lot of them I'm going to try to highlight today and hopefully, you. Can benefit from that. I've. Timed this presentation, fairly, close to 40 minutes so, if you could hold your questions to, the end there will be time at the for questions as well. My. Name is Joanne Klein and I am a consultant from the province of Saskatchewan in Western Canada and it's my pleasure to be here today. I work. With customers in, the. Sharepoint online space, in office 365, and a particular, focus on data protection, retention. Governance. And of course ediscovery. What. I'm gonna share, with you today is based on my real-world, experience, with customers. So. By show, of hands I just want to get a sense of who is in the audience so who, here, would identify, as being, in an IT role, in your organization. Ok, that's probably the majority and who would identify as, being on a business. Team that would deliver on an e-discovery request. So I would call that legal, risk compliance, records. Management internal, audit ok. I'd say it's probably, 8020. In this room now so, this presentation, has something, for both sides of the house so. Please share back at the office with the other side that isn't represented. Here today I think, there's something for, both sides I.
Want. To talk about building. The foundation, by referencing, this. Electronic. Discovery reference, model this has been around for quite a while and it's, not specific. To office 365 it's, talking about the, electronic, discovery process, in general, and how, it works it. Starts, at the identification. Phase goes, through. Sometimes. A fairly significant, review and analysis, phase and at the end you. Have your results, that are presented, you'll. Notice on the bottom you. Go oftentimes. From a very large result. Set of content, through. That review and analysis phase depending, on the type of request that it is you, need to get down to just the relevant content, that process. Varies, quite widely depending. On the type of case it is, and if you've got core or the more advanced. Ediscovery feature in your own environment. But. But that is the process. Today. We're going to focus mostly on what's inside of that dashed red box, ediscovery. Is a very large topic, so, to, parse it down to now. 40 minutes we're, going to focus in on that, area. What. You'll notice on the extreme, left hand, side of this diagram is, information. Governance it's, at the beginning it's the precursor the underpinning. The foundation. For a really, good. Discovery. Environment. If, it's done correctly. That's. Why we need to focus on that and. Then. Look at the positive. Side effects, that has on ediscovery. So. Microsoft is, in a unique position to, provide. All of the features and tools you need to manage compliance, and they. Do it kind of centered. Around the built in compliance, model. From. Identifying. The, risks, that your organization. May be at and this morning, the new Microsoft. Compliance score, was, announced, that helps you assess your environment, to actually, taking some action, on implementing. The proper information protection, and governance controls in, your own organization. And, then. How to intelligently. Respond, to requests, that come to your organization once, you get them so. It covers all of that in a built-in way. Now. There's some distinct, advantages to having compliance, built, in. One. Is there's. No separate, archive, it, used to be if you wanted to run an e-discovery, request. You, would take the content, that you want to search against. And save. It elsewhere and then do your analysis, there you do no longer have to do that you, can do it rate in-place, retention. When. An electronic, hold is put on some content. In your, tenant it uses, the retention. See mechanism, behind the scenes to hold that content, it's. Done in, place not. Impeding. The collaboration, experience of, people. Working in your tenant that's, built in. So. Does not impede that that's key and then. It leverages, the same search index, at the rest of office. 365 leverages. Now, when you get into advanced, e-discovery, there.
Is Another, separate, kind of search and filtering mechanism, within there but, I'm talking about the initial search that's done to, get your core results out. So. This is not easy to do so, you really have to start thinking about, managing. Your, sensitive. Business-critical, data within your own tenant, and some. Questions you can ask yourself around, that are do. You know where, your sensitive, data is in your organization, and have you identified it. Do. You have control of it do, you know what's being shared internally, and externally and, do you allow that and if, so what kind of controls do you have around that and do, your employees. Know this and. How. Are you managing, it what kind of controls are you putting in place to. Make sure your environment, is and. You're protecting, your business critical. Data, so. Some examples, of controls, the this is not an exhaustive list but it's it's. Some. Controls you can implement, conditional. Access cloud up security, as your information, protection data loss prevention and, retention. Policies, so. There's lots of things IT can, do to. Set your environment, up for. Compliance. A. Good. Way to think about this is trying, to strike a balance, and this. Is a silly cartoon but. The the. Sentiment, is correct. On the. Information governance, side, you, want to eliminate what you no longer are regular. Obligated. To keep through, regulatory means, retain. What you were obligated to keep and make. Sure you've identified, and, protected, your sensitive, information. If you do that. That. Should translate into faster, response time on the ediscovery requests. If you have less data to go through and it's. Identified. Correctly you, should get faster. Response time a. Big. Expense. Of e-discovery is, the. Manpower, it takes to go through all of those results so if there's less results, that should mean reduced, expense, as well and of, course if you've identified, the. Sensitive. And business critical data, in your own organization. That, you, know translates. Into less less. Risk. But. How do we do this I. Like. To call them partnerships, and there's a couple that you need to make, sure that, you're, involved. With and the. First is, a partnership, with Microsoft, lots. Of changes are happening in this space this is the number from 2018, but. Regulatory. Bodies, are changing and doing updates, all the time.
Microsoft's. Recommendation, to you is to, leverage. The shared responsibility model. And what. They mean by that is you as an organization. Protects. The identity, the. Identity that, data, the identities, and the devices in your organization. And Microsoft. Vigorously. Protects, the office 365, services, so, together you're. Protecting, everything, that's shared responsibility. But. I would take it a step further and within your own organization. There's, a shared responsibility, as. Well and it's. With three. Groups. A coordinated, effort from these three groups to, protect your content. So. These three groups or three, yeah stakeholders. In your organization. Are. Business. Information workers, this is of course the biggest group these are the people creating, new content, sharing. Things. Internally. And externally, working. And handling, some of them with business sensitive, information they. Really, need to understand, how. To do that securely, you. Need to have good safety, training, in your own organization. The session rate before this one was talking about anti-phishing, campaigns. You. Need to be doing that stuff to, train your end users in your organization so. They know how to properly. Handle the information, okay. You can't just fix it with technology. The. Second one is IT teams, so, the IT teams, in your organization, are, responsible. For implementing the technical, controls I showed a couple slides back but, they also bridge, the gap between the, tech that's available and, the. Business, they're. Involved in training and support, and backup of those e-discovery teams. Sometimes. Because, not all data is in Office 365. IT, is, called upon to bring, in some of those other data. Sources, okay. And. Last. But certainly not least is, the. Business teams here, I'm calling them legal risk compliance but it could be other teams. In an organization, as well it's, any teams that, would fulfill. An, e-discovery. Request. These. Teams. Really. Understand, an organization's. Obligation. To retain data, past, its immediate, business value, and they. Have to do this for a number of reasons. Contractual. Obligations. Regulatory. Obligations. And. Legal. Obligations. So. Teams, typically. Kind. Of focus, in on one or the other of those but. Business, teams understand. These obligations very. Well and lots. Of times RIT doesn't, but, the business team does. Because. I've been NIT, my, entire career, I didn't. Feel like I was doing, justice, to this presentation, by putting. It together without, reaching out to some of some, of the people in those business team after three subject, matter expert, resources, to, help me with the material in this presentation. To. Give it some validity, and street cred. So. I reached out to a legal counsel, in a financial, services, firm in Western Canada, a Certified. Fraud examiner, from an oil a global oil and gas company, based out of Canada, and a. Risk, management, officer, from, a government, agency in the state of Washington, so, they each gave me. Kind. Of different takes, on how they use the e-discovery process they. Were each coming out at from a different angle so it was very interesting, but some, takeaways. And lessons learned came. From all of them and I'm, gonna share them with you today. So. Why would we want to build a strong ediscovery, team what's what's, kind of in it for them if we do that or in it for us I guess. Some. Cases, are sensitive. In nature so, there's certainly, reduced. Security, and privacy concerns, if. The. Business teams can self serve on their own ediscovery, cases, if they don't have to ask IT, to. Run a search on, something. Imagine. There was an internal investigation for. Some. Wrong wrongdoing. That an employee, was doing right, you would want to keep that fairly, close to. The group that was investigating. That. Sometimes. There's an expedited, court order or you need a really fast turnaround, on some of these requests, the less time you have to ask somebody. Else to do something for you the. Quicker you're gonna get that request out the door so, you should empower, the business teams to be, able to run and manage these cases, on their, own. Eliminate. Communication, breakdowns, I have an actual, story, about this one a data. Subject. Was given to a company, that I was consulting, with that, is like a gdpr, request, for a customer, is asking to. Receive all of the information that, a company has on them and then to remove it so. They asked, for that and the, request was given to me to run for them and I ran it and I sent the results back to, the compliance, department, and they. Panicked. And they phoned back, and they said that. Was the wrong customer so. They, had mistyped, the customer, name and their request to me and I, had done the search that mistyped name happened, to be another valid customer, so. The. Point in all of this is you. Have to really be careful and the less you have to pass, the information along it's, kind of like that children's game the.
Last Chance there is for error. We. Caught that before anything got deleted by the way. And. Let's. Face it they understand, the problem best they're experts. In their field we, don't know their world they know it best so, they're. Their. Best working on it sometimes. The. Requests. They. May be a little bit nuanced, and for them to explain, it to someone NIT, we. May not quite understand. Their. Intention. And. An. Empowered, ediscovery, team is scalable. You, don't want IT to, be the bottleneck you. Want business, teams to self serve on this it's just a good place, to be and it's the right thing to do. By. Show of hands here who works. In an organization. Where business. Teams do self serve on their own ediscovery, requests. Okay. So minority. For sure. But. It's not easy and I have seen the struggles up. Front and close so. I tried to come up with three what, I call must-have skills for a business team to be able to take this on first. And foremost is an understanding. Of office 365 architecture. Second. Is under, understanding. What an electronic, hold is what, the effect is on the person or, the location, that you're holding and why, you would want to do that, and. Third. Is translating. A request in to an actual, ediscovery, search and on, that one I've got some, real-world examples, I want to share with you. All. Right, skill number one understanding. Office 365, architecture, I'm. Going to show you some questions, that a typical ediscovery. Business, team would ask when they're given a request or if they're if I ask them, what. Is it you're looking for when, you. Start a request this, is what I would typically see. They're. All natural, language questions, they have absolutely. Nothing to do with office, 365 architecture. So, you can see where the problem begins. Why. Why, would they know office, 365, architecture, they're coming, at it from an e-discovery lens. Through. An e-discovery lens, they they, need to understand, where. Communications. Are stored or, where files are stored I. Also. Started keeping track of questions, I received from customers, and through.
My Blog on where. Things are stored and are. They discoverable. This. Is important, to know what's, discoverable, across office 365, because, not, everything is right now they're working towards, it but, not everything is. So. What, is presented, to somebody. In the business when they go to do. And start any discovery, search this. So. Unless you understand. Where, it is that you're supposed, to be searching it can. Be very confusing and, that's. The feedback I've received from business teams so. I came. Up with an idea to. Come. Up with an infographic to, explain, it in a different way, kind. Of through a lens, of e-discovery, the. First one, is, if. I'm going to search by an office 365, application. What. Am I going to get back. And. Through. Help of a colleague sitting in the audience, at the back David West thank you very much. He. Gave me a great idea, let's flip that on its head and let's, search by office, 365, business, artifact, instead, which. Really makes sense to somebody in the business I want to get all the communications, or I want to get all the files or, I want all the info on meetings. Ok. I. Will. Guarantee you that somebody, in the business would have no idea if they searched a user's cloud mailbox, that you would get more than just email meeting. Invites and tasks, back, why. Why would they know that so. It's important, that they do or on, the flip side maybe. They want to search, for, where. Meetings, are stored and. To. Know, current. State you actually. Can't, discover. Meetings. Recorded, in Microsoft. Teams at the moment so. I've tried to capture, as much, as I could in the infographics. Course I didn't capture everything because there is a lot of things going on in office 365, but. That is the intent, of these and, for infographics. So. I would say when, you're explaining, this to business teams in your organization. Explain. It in terms that they understand. I've. Worked with business teams that have tried to figure this out by going to doc stock Microsoft, comm and that, is awesome and there's lots of information there but it's too much. They're trying to translate, it into the, world that they understand. Skill. Number two understanding. The electronic, whole process, and. How that works, so. Why would you want to do this well. You, want to protect the integrity of the, records you. Also, want, to. Prevent. Either. Unintentional. Or intentional. Removal. Of Records if you think of an. Internal, investigation, against. An employee if, they know they're being investigated, they're, probably going to, maybe. Delete some documents, or delete some emails so you want to avoid that. Allocate. A whole. Can either be location-based, so I can put a site on hold or it, can be person. Based I can put John Doe on hold, if I put John on hold its, John, is called a custodian, okay, that's the ediscovery terminology. For that and. A. Custodian, is basically somebody that has records of interest and records of interest could be emails, documents. Meeting. Invites all of the business artifacts, relating, to that person. Sometimes. And this depends, on the type of request if it's an external. Litigation. Case. Typically. They need to let, the custodian, know that they're being put on hold and as, a matter of fact in the new advanced, e-discovery workflow. They, built that into the workflow, really. Really nicely so, a communication, goes out to the custodian, they must acknowledge it, to know that they're on hold and then, when, the hold is released another. Communication, goes back to him. But. Sometimes, you don't want to let them know that. They're being, put on hold an internal, investigation, is an excellent example of that I did. A workshop where one side of the table was external. Litigation. Lawyers on the other side of the table was the internal, investigation team. And they had a completely, different take on the electronic, whole process, and the, internal, investigation team, was adamant, that nobody, would know that they were being investigated so, it depends, on the type of case and that's. Being run, whether. You're going to do this or not. When. Emails are on hold the. End user doesn't know unless you tell them they, can continue to add email. Delete, email even delete them out of their deleted items and they're, still being retained in the back end and that recoverable items partition, which is discoverable, by e-discovery search. Similar. On the sharepoint, onedrive side you. Can add change, delete, content, and user. Doesn't know it's being preserved in the preservation hole, library, which is discoverable, by search.
So. Takeaways, for this unless you tell them they. Don't know and there's no impact, to custodians. There's. No duplication, of data so how, preservation. Works is unless you delete something it's. Not retained, delete. Something or change something, than just the deleted copy and the, old copy that, was changed, is saved in the preservation hole library. All. Right the the bulk of the rest of the time we're going to talk about skill. Three which I find the most interesting and that's, how to translate, a request, into, an e-discovery search. So. There's three types, of requests. External. Litigation. Requests. Internal. Investigation. Requests like. Misuse. Of business, information. Or. Statutory, requests. So, statutory, requests would be a Freedom of Information Act. Any of. The privacy, requests, like gdpr or the new california consumer Privacy Act would be statutory. External. Litigation, would be maybe. Wrongful. Dismissal. So. I've got four real-world. Examples, as given to me by, my three Smith. That cover all these, types of requests. For. Each one I'm gonna, quote. The request and then, I'm going to talk about the thought process, that the team has to go through to kind of formulate, their approach. What. The search looks like and what the results are like coming back and I have a key. Takeaway on each one which is kind of by design that's why I picked, these four in particular. So. If you think back to those natural, language questions, that the e-discovery team, had. Now's. The time that we need to start answering them. So. Remember they asked what are we looking for this. Is where the, business team has to come to agreement on what. Does this request mean and what are we looking for across, our tenant. Who. Has it so this is where you define the, custodians. If you're going to put anything on hold and. In. Some cases subject matter experts. Where. Do we look for it is where you define the locations, where you want to search this, is where the, this is why I put that infographic. Together whether, you use that or not your, team has to understand, where, is it that they're going to search to, find what they're looking for to, satisfy, the request. And. How. Do we get it this is basically defining. The query to find it, so. Any discovery, it's using, keyword. Query language, or kql. To, do this search this. Is a huge. Stumbling. Block for business, teams to learn and I, I've yet to find a really good way of learning. It other than just, experience, and trial and error so. There, is a GUI, and that, works for simple queries, for sure for, maybe a. Starting. Point or you can use it for training because. You can see the kql, that's generated, from it or. Once. You get proficient, with it you can just hand, roll your own kql, and enter that directly in the search, keyword, box. So. I'm going to show you something, you should show to your. His teams if they're using the tool on how, when, they use the GUI and, see the kql, that's generated, from it to kind of start that learning process they, can see how kql, is put together so. Here I'm gonna put in three birch terms and when, I do that a GUI it just puts. That a kind of cryptic C colon s between each key word there's. Some built in conditions. I'm also I'm gonna include a date and, then. I give the name the, search a name and run it know it's. Searching. Across. The locations, I've identified but. If I look in the back and, of this I can see the.
Queries, That were run against, it. If. I select that you, can see of those 300 and subtitles. Which. Ones were. Attributed. To which keyword so we can use this to further refine your search results, and. You. Know copy that query and kind of adjust it a little bit if it wasn't quite right. So. Once you have the query figured out and. You. Need to answer the question well what does it look like and this. Is where you go through that review, reduce, export. Step that. Was in that dotted, box, I talked about at the beginning. So. We if we compare. And contrast core. And advanced e-discovery a little bit here I'm not gonna spend a lot of time on this but I do want to highlight the. Significant. Difference between the two particularly. On this step. On. Quarry discovery, you. Have to export, out of court discovery, to do your review and analysis, on. Advanced, e-discovery you, do that review an analysis, right within the tool. There. Is email deduplication. On the core side on the advanced side there's lots. Of advanced, capability, to, really apply, machine learning to, that very large result, set and intelligently. Get it down to, the small, relevant, results set at the end things, like email. Threading, theming. So if you had a really large result, set you may want to theme your results. Hardware. Software, that, kind of thing and have different reviewers, reviewing. Themed, content. This is for really large result sets, tagging. Taking, what's relevant what's not relevant and then. Applying that mod. Model. Maybe. A sample, mod, model. Maybe. A sample, result set to the larger, results set using predictive coding so, using a lot of advanced, capabilities, in there really, smart you, can annotate you can redact, content. Before, it's exported. And. In. Both cases you need to save those records of interest at the very end of it you can save it in native format, or on, the advanced side you can also export, it in some third-party, review. Products. As well. Alright. So three. Areas. Of requests. We're going to cover with four examples. First. Is an external litigation, example. So. There, is a criminal investigation going, on for an employee Deborah Berger the FBI is issued a subpoena for, her communications. From. Her entire employment, with your organization. So first, thing the team is gonna want to discuss and come. To alignment on is, well. What. Is communications. In our organization. And how. Are we going to protect the integrity of the records it is a subpoena, after all so we don't want Deborah finding out about this and deleting.
Some Documents, and emails let's say. So. Communications. Can mean an awful lot of things these days so these are just some examples of, things I came up with but. This is certainly not inclusive. Of all that could be out there so, there's a lot of things that you could include in this so, you need to decide what. Is it that we have to include in this, response. Some. Of these are built into the e-discovery product. You can get those results. Some. Require, an administrator. This, is changing, very, soon. Where it may be built-in as well and. Some. Require work. With a partner this, is also something that was announced today. I think, network, connector. Something. Like that was announced where, rate. Within, the. Office. 365 features. You will be able to bring. In things, like LinkedIn, and Facebook. So. This, landscape, is changing the. Point of this slide is to. Understand. Identify. The communications. And know that not. Necessarily. Everything, that, you're going to have to. Respond. With is going to be discoverable, natively, in the office 365 you, discovery service. So. For. This example we've, come to alignment on communications. Meaning emails, and Microsoft, team chat, and Shawn conversations. For, Deborah Berger which, means, searching, across all, of these mailboxes. Not. Only hers but, the group mailboxes, of the teams and of, her colleagues and her managers, because, there might be some conversations, going, back and forth with them. So. This was a subpoena, so we need to protect the integrity of those records which means we have to put an electronic, hold on them so. This is going to be a location-based, hold not a whole just on Deborah Berger. So. We're going to hold not, only her, mailbox, but. The mailboxes, of the teams that she's a member of and the, mailboxes, of all her colleagues, and her managers, but. We're gonna put a condition on, it where. She. Was. A participant, so meaning she, was either in the from the to the CC or the BCC, so it covers off every. Kind of communication, that Deborah Berger was involved in. Then. The search is no. Keywords, at all, so. No kql, there we're just gonna say, bring me back everything that's being held. The, results, are a, lot, of mailbox. Content, for sure from, Debra, all. The group's she's part of and her colleagues and managers where she was a participant, and. It's. Going to include all of these business artifacts, this is where your, business team understanding. What's stored where is invaluable. The. Takeaway from this request. Business. Teams need to understand, where, the business artifacts, are stored across office, 365. And are they in office, 365 and. When. To put an electronic, hold on. Usually. It's as soon as they are aware of the request that's, coming in they, need to put an electronic, hold on. All. Right example, number two an internal. Investigation this. Is from that my Certified, Fraud examiner. Smith. Investigate. An allegation of asset theft from within your organization. By employee John Doe to the buyer mr. X this is real-world ok. So how would you do this an. Internal. Investigation team. Is typically, looking for a story behind the data and how. They do that is they cast a really wide net. So. For this they're going to place absolutely everything. Of john doe's on, hold. So. All of the teams he's a member of his. Mailbox, for emails and chats certainly. His onedrive sites. Put. Them all on hold, and. In. This case they would not tell him that they've done that. The. Results, is a lot of content. Right. There was no key. Word conditions, on there they're just saying bring, it all back to me. There. Is a significant. Analysis. And, review cycle that goes on in this type of a case, this. Can take a very, very, long time the. Advantages. Of advanced, e-discovery in, this case is, plenty. Because. You can use, that machine. Learning to assist you, otherwise. It, is basically, a manual, effort of going through those results, and.
Looking. For that story behind the data. So. Eventually. Maybe. Might. Not be but maybe the. Business artifacts, do come together to, tell a story so you. Can see you can you could have thousands. Or tens of thousands, of emails and documents and, this, is might be all that you get. Out of it that. Leads you to. You. Know the alleged, asset. Theft, the. Contact, card an outlook, meeting invite a to do house may be a channel conversation. So talk. About a needle in the haystack right. But. Often that's what they do they cast a wide net they. Do search, and refinement, after they've done that within, the e-discovery tool, to, find, to. Determine if there's a story behind the data. So. These. Teams. Really. Need to know how to filter, through that data, it. Can be a challenge, it's very very time-consuming, advanced. E-discovery. Intelligent. Capabilities, certainly help. And. They. Are looking for a story behind the data they it's. Not necessarily. There but, they have to look and see if the, pieces fit together. All. Right example, number three. Find. All records is statutory. So, find all records relating, to the maintenance of American, Disabilities, Act. Curb. Ramps along, a certain, Street from 2017. To present day so. If a business team were to get this request and this isn't an actual request, again. They. Really. Should be leveraging the smees. In their organization, to help with this those. In your, facilities, Department let's say and those. Knees can. Do a few things for you first, is they, can identify the, types of things that you're looking for manifests. Work. Orders, contracts. What are we looking, or how do you guys do curb, and ramp maintenance, where are we gonna find this stuff, and. They. Also. Determine. Where is it that we're going to look for those things well here's all the teams, that we are a part of on, all those maintenance all. The maintenance work here's. All the, external. Vendors, we typically work with when, we're doing that maintenance and, here. Are all the facility, staff that have worked in our team since, whatever, the date was 2017. To present day content. May be in there as well and, they. Also help with the search terms so, we just kind of pulled those out of the the request that was given to us that's, going to translate into this, kql. And. They're. Going to use this search to go against, all, of. These things now I've split this apart into, a couple of searches which is another thing, business. Teams need to kind of think about doing you don't have to do everything in one search a good. Way of organizing. The review process is to separate, out your searches, in chunks. That kind of make sense, so. This. One is searching against, all the teams, mailbox. For chats the group mailbox, the. Facility. Staff's, one, drives and, the. SharePoint sites for files with that query the. Second, one is. Searching. Those external, vendors, that were part of, facilities. Maintenance or curb and rap maintenance, and searching. All staff. Mailboxes. So. We're going to add that additional. Participants. At the end listing. All of those external, vendors and then we're going to get, a whole. Bunch of content back. Emails. And files. Leverage. The smees to assist in this because there's probably going to be stuff that's not relevant to what it is that they're looking for. So leverage them to help with that review process as well. Again. The relevant business artifacts, are going to be exported. Maintenance. Schedules. To. Do tasks, group, chats, eventually. You might find those maintenance, work orders for, those manifests.
Contracts. Key. Takeaways from this. Leverage. The sneeze in your organization. Get. Proficient, with kql, and. Learn. How to organize your searches, don't feel like you have to put everything in onesearch. Last. Example, is another statutory request. It's when I did for a company. Where. They didn't do their own e-discovery request. On finding, all records on carbon tax for the 2018 year. Well. For this one they really need to know where figure, out where they should look and what are some good search terms to find it well, because it said all records. And this is a statutory request. That means you're searching everything that, part's pretty easy you, just switch those two toggles, on and put. In whatever search terms you need. So. These are the initial search terms that the compliance department, gave me as you. Can see this, is a financial services company it came up with 44,000, items. That's. A lot, so. They went to that query. Analyzer, kind. Of in the back of ediscovery and they could see that carbon and pollution, on their own were returning, an inordinate, amount of results. Back that, weren't necessarily. Carbon, tax so, they removed those two and then it came down to 84, they. Printed. 84 hundred items and gave. It to the, requester. And. In, this case they got a lot of results back because they searched, absolutely. All locations so that's a lot of content. Key. Takeaway from this one really. Know how to refine, your search and sometimes, your first cut at it isn't, right so, you have to refine, fine-tune. Until. You eventually get down to what is, correct, and reasonable. So. Key takeaways, to translating requests into a search really. Understand, and come to alignment on what you're looking for know. When to hold. Cast. A wide net sometimes. There's a story behind the data. Leverage. Subject, matter experts. Your own organization. And. There's. No getting around this you need to understand, kql. Which. Is a challenge, sometimes. So. Those are my three must-have, skills for an e-discovery team after, I'd like to know if you have. Another one you think is is, required. But, I think, this would give some pretty solid footing to, a business team to. Get them comfortable. With the tool. So. The key takeaways from today you have to really work towards sustainable, information, governance in your own organization. Set, the groundwork for ediscovery. IT. Should, really be a strong supporting, role in my humble, opinion they, should not be doing, the, e-discovery searches. For, the business teams that you should be training. Them giving them, the skills to. Help the comfort and confidence in, the tools so they can self serve those requests. Themselves. Alright. I'm. Not going to dwell on this I just wanted to include a licensing, slide because usually everybody, asks, so that is in there I've. Also got some links, to. Take back to the office for a few things we talked about today and I. Will leave this up and we. Have a few minutes of 30, seconds for questions, anybody. Yes. I think. You need a mic sir. Good. Is, there a way within the query. Language to include. Time. Of day other. Than just date oh I. Have, never done time of day I. Want. To say yes, because. I know in a in a SharePoint search I think you can specify. Date. And time so. I, would, I would say yes I don't know exactly but I would lean yeah I know we've not been able to find one you have okay, I've. Not done it myself. Over. Here. What, about data that is protected, by a Reformation, protection, when a subject, for a discovery case. It's. Still discoverable. Is that what your question is. If. It's discoverable, and accessible, then for the, legal. Compliance team. Sorry. You'll have to rephrase whether they'd be would be able to access. The data and the information that is protected, by a sure information, protection when. I run a discovery search yes, yes. It. Would be. On. Your. Example. With the subpoena yes, and you had the, subject over the custodian, is the subject, of the subpoena and then, you found all of their, kind. Of relations, yeah was that pulled, from the graph or is that something that I would do as a, business. I, have. To understand, their connection yeah, I mean, if. You had somebody an IT pulling, that information from the graph you could there's no automated, automatic. Way to do it you would either have to do, it manually, or build. Something to know I mean. It kind of depends the date range right you'd have to go back from. Their beginning, of their employment what were all of the managers they had what were all the colleagues that they had, during that process it would be quite, an involved thing, I'm not sure you'd actually be able to get all that from the graph.
2020-01-15 14:42