Achieving eDiscovery Compliance Amidst the Ever-Evolving Cloud Landscape

There’s a whirlwind of change sweeping across the globe right now, and I’m not just talking about COVID-19. In the legal world, companies both big and small are continuing their steady march toward migrating to the Cloud, and, in particular, moving their data landscape to Microsoft 365 (M365). Amongst this huge technological shift comes significant benefits derived from cloud computing, but also an accompanying landscape fraught with risk and previously unknown challenges. For example, as GDPR, CCPA, and other burgeoning privacy regulations have moved information governance to the top of the agenda for legal teams, many are faced with how to maintain privacy and regulatory compliance in their ediscovery and information governance programs, and particularly as cloud technology is constantly evolving.

The cloud technology of choice for most corporations is M365, with over 500,000 businesses in the US and 70% of the Fortune 500 actively storing and managing their data in the Cloud via M365. Understandably, organizations have first focused on the challenges of migrating as well as getting the most out of M365 after their move, but once the data landscape has successfully transitioned to M365, there’s a critical issue ediscovery teams immediately face: figuring out how to mitigate risk as Microsoft frequently makes software updates to M365. Here are three significant compliance risks to consider as changes and updates to M365 inevitably impact ediscovery programs.

1. Knowing where data is created and stored in the Cloud - Figuring out what collaboration applications are being used and how they impact the current operating model is a challenge for corporations that have moved to M365. As communication and file sharing methods evolve alongside cloud computing, companies are forced to think about how to preserve and manage data that is generated through collaboration applications like Teams. Workflows need to be updated to incorporate these collaboration tools in a legally defensible manner to ensure compliance. Ultimately, adapting current processes is imperative for managing risk and creating business continuity.
2. Keeping informed and making sense of continual product updates – Cloud computing has the advantage of perpetual innovation, but staying on top of continuous product updates is a challenge that must be considered in order to maintain compliance. As Microsoft releases M365 updates, organizations must be able to assess the impact and adapt processes quickly. To be successful, companies need a unique skill set of legal and specialized technology expertise that can be difficult for compliance and legal teams to source internally.
3. Understanding audit logs, the M365 licensing structure, and which tools to use - Keeping data in M365 allows access to search everything all in one place. Alongside this convenience, there are over 170 auditable events that can be important to ediscovery and compliance functions, thus it’s imperative to know which audit logs to retrieve and how to utilize this information. As far as the licensing structure, the biggest challenge is understanding what is and isn’t available under the multiple M365 licensing models and then determining how to make the best use of the available features and tools.

Moving to the Cloud is a transformational event for every enterprise. Once an organization makes the move, the challenge is making sure the ediscovery program remains compliant and legally defensible while maximizing the technology investment. In light of the growing complexities of enterprise data, the legal and regulatory landscape, and integrating all of these downstream pieces, it’s critical to modernize processes, reduce risk, and develop a proactive strategy to tackle the challenges that come with M365 implementation. If you have further thoughts on the new and ever-evolving era of cloud computing and adapting your ediscovery program to stay ahead of all the changes, please reach out to me at SLedgerwood@lighthouseglobal.com or Twitter @sarahewood. I’d love to hear how you’re getting the most out of M365 for your ediscovery program.