SharePoint e-Discovery

Decentralized Data

A key aspect of SharePoint to understand from an information governance standpoint is that it is not a globally centralized solution, but in fact embraces the concept of siloization. You will typically see in a large Fortune 1000 company hundreds, if not thousands of SharePoint sites, and in medium-size companies you will see certainly several dozens, and sometimes hundreds, of SharePoint sites. There is not one big global centralized SharePoint server providing easy access to all the enterprises' data. SharePoint lives and breathes where the organization's departments, teams and divisions work, and it's intimately embedded into their localized workflow. While this presents significant advantages for productivity and business efficiency, it raises a lot of challenges regarding e-discovery given the diverse population of SharePoint sites throughout the enterprise, particularly because SharePoint tends to house important business documents and other information that is often relevant to legal matters and regulatory investigations.

e-Discovery Pain

The vast majority of current SharePoint deployments are versions 2007 or 2010, and neither have meaningful internal e-discovery or even data export features. SharePoint 2013 has some improvements, but does not support the very important requirements to tag, filter and review mass search results prior to export, or conduct early data assessment in place. This is one reason why SharePoint e-discovery is fraught with over-collection, resulting in much higher costs and time delays than what typically is seen with other similar data stores such as e-mail servers and file shares.

Another reason is that there really is no ability to mass export data in prior SharePoint versions, through version 2010, where it simply supports a manual single item export. The EDJ Group, which has published excellent research on SharePoint and Microsoft Exchange, reported that there were often inaccurate search results through version 2010. See, Federated Search ' Behind the Covers, EDJ Group, May 16, 2013 (free registration required)). And the search is limited to recovering document libraries, which is of limited utility because the search results return independent documents that leave the site context behind. And with SharePoint, most of the time the context ' i.e., how the document appeared to the user and what folder or project it was associated with ' is what is critical. So without an effective SharePoint e-discovery process and technology, the collection of the entire SharePoint site in bulk becomes the default practice. And this results in substantial expense because of the associated over-collection.

And not only are you collecting more than you need but, because that data was not collected in context, significant additional processing costs are required to reassemble the SharePoint data to make sense of it, and also to reapply custom metadata fields. This results in substantial costs ' up to 10 times normal e-discovery costs according to some industry experts ' due to the extensive back-end processing required when the SharePoint collection and preservation is not done properly. And any lawyer or paralegal should question an e-discovery service provider who recommends taking a complete forensic image of a SharePoint site, which is not a best practice and leads to great expense.

Corporate Legal and Compliance Struggles

It is not surprising, then, that courts have grappled with SharePoint e-discovery challenges. One such notable case is Monsanto v. Dupont, 2011 WL 1004852 (E.D. Mo., March 18, 2011), an intellectual property dispute that encompassed various pre-trial e-discovery disputes. One of the key issues in Monsanto involved how the parties were to determine which of the many Monsanto SharePoint sites should be searched. Monsanto applied a “custodian only” approach, meaning that only SharePoint sites that a custodian specifically identified as housing relevant electronically stored information (ESI) would be queried. DuPont argued for a more expansive “custodian based” approach, which would target SharePoint sites identified by a broader group of employees, instead of just by identified custodians. This highlights a gray area in SharePoint discovery: how hard are you required to search for the particular SharePoint sites that may hold responsive ESI? It invites arguments over identification efforts ' such as “custodian only” vs. custodian based” ' for which the best solution is for the parties to engage in informed advanced discussion of the appropriate approach to identification of SharePoint sites to search.

Given the value of some of the data pouring into organizations' SharePoint sites, security lapses can present a significant risk. A key benefit of SharePoint is that it is an outstanding platform for business collaboration and providing efficient access of key business information to various co-workers and contractors involved with various projects, including consultants not resident within the organization's firewall. This advantage also presents potential information governance nightmares in the form of leakage of confidential or sensitive information from the SharePoint site when access permissions are granted to individuals outside the organization (e.g., outside consultants and business partners).

The case law reveals situations where lax attention to the permissions granted for SharePoint access creates major information security gaps. One example of this is Wellogix v Accenture, 788 F.Supp.2d 523 (S.D.Tx. April 22, 2011), a case that provides a valuable lesson on the perils of SharePoint data leakage. Wellogix provided access to outside consultants and a potential partner on a proposed strategic alliance deal, but failed to withdraw security permissions and access rights when the outside parties were no longer their business friends, but rather created a rival product. The confidential information on the unattended SharePoint site was highly valuable, and the permissions snafu was a large basis of the litigation. See also, Devon Robotics v. DeViedman, 2012 WL 3627419 (E.D. Pa. Aug. 23, 2012) (Confidentiality agreement allegedly violated by permitting improper access to a SharePoint site containing proprietary information).

SharePoint Litigation Hold Procedures

When it comes to defensible SharePoint e-discovery, a key challenge involves the proper identification of the sites that contain potentially relevant ESI. This can be a particularly difficult task as it usually is not feasible to search all the company SharePoint sites. There are just too many and there is no effective centralized search capability. This was the crux of the issue in the Monsanto case.

The first step is to query to the key custodians and ask them to identify the SharePoint sites they use as a means to locate potentially relevant ESI. That is the easiest method of identification, and the one employed in Monsanto. But what are your options if you are not confident that approach is sufficient?

A cross-check involves working with the organization's SharePoint administrator, who can identify the SharePoint sites that custodians have permission to access.

An ideal approach, which would avoid the sort of disagreements on display in Monsanto , is to enter into a stipulation or even a discovery order. The stipulation should include a protocol for identification and collection of ESI in SharePoint that is based upon information received from custodians regarding their SharePoint use. And additionally based upon an inquiry of their permission-based access, including active directory groups, that reflect all the sites that potentially house responsive ESI.

e-Discovery Best Practices

From a technical standpoint, many e-discovery solutions are ill-equipped to address SharePoint e-discovery. Appliance-based e-discovery solutions or remote collections do not work as it may take weeks, if not months, to copy a multi-terabyte SharePoint site over a network connection. Manual collection efforts, which are geared toward mass “data dumps,” are also time consuming and are typically very costly.

Instead, what is needed is a solution that can quickly and remotely install and operate within the same local network domain to enable localized search, review and early data assessment in place. Full content indexing and preview of native SharePoint document libraries and lists, as well as its robust search, document filters, intuitive review interface uniquely enables targeted and contextual search, preservation and export of SharePoint evidence in its native format. Legal practitioners should consult with e-discovery experts to determine both best practices in process workflow as well as supporting technology to ensure SharePoint e-discovery costs and time delays are held in check.

Conclusion

SharePoint is growing as a source of truth for litigations and investigations, and most lawyers are behind the curve in mastering the identification, search and collection of this evidence. Certain best practices and technology ease the technical challenges of finding and gathering this evidence. To avoid disputes arising from SharePoint data, consider raising the issue early on in your meet-and-confer process, and agreeing upon a protocol focused on SharePoint challenges.

Patrick Burke, CIPP/E, is counsel in the New York office of Reed Smith and a member of the firm's Records & E-Discovery practice group. He advises clients regarding defensible identification, preservation, collection, processing, analytics, review and production of electronically stored information, as well as negotiations, meet-and-confer and litigating e-discovery issues. John Patzakis is president and CEO of X1, and an attorney specializing in legal issues concerning electronic evidence.

'

SPECIAL OFFER: Twitter, LinkedIn, Facebook and Google+ followers can get an online subscription to LJN's Legal Tech Newsletter for only $299. Click here, select Digital Only and use promo code LTNOL299 at checkout. This offer is valid for new subscribers only.

'

Finding and collecting data from Microsoft's SharePoint is a challenge even for the most sophisticated e-discovery practitioners. And the challenge grows daily as organizations expand their use of SharePoint at an accelerating rate, pouring more and more key data into these siloed sites.

Microsoft's SharePoint is an enterprise information management and collaboration platform that is proliferating throughout corporate environments, large and small. The solution reached $1 billion in sales faster than any other Microsoft product in history. And while SharePoint provides many operational and business advantages to enterprises, it presents several e-discovery and information challenges to corporate legal departments who are required to find and collect the data within their SharePoint sites for litigation or investigations.

These challenges include: the difficulty in identifying SharePoint sites holding particular data; the cost associated with finding data hidden within an organization's many SharePoint sites (typically far higher cost than from other data sources); and the amount of time required by discovery teams attempting to find and collect data in SharePoint using inefficient technology and manual processes causing organizations to miss discovery deadlines and potentially face court sanctions or the ire of regulators.

Decentralized Data

A key aspect of SharePoint to understand from an information governance standpoint is that it is not a globally centralized solution, but in fact embraces the concept of siloization. You will typically see in a large Fortune 1000 company hundreds, if not thousands of SharePoint sites, and in medium-size companies you will see certainly several dozens, and sometimes hundreds, of SharePoint sites. There is not one big global centralized SharePoint server providing easy access to all the enterprises' data. SharePoint lives and breathes where the organization's departments, teams and divisions work, and it's intimately embedded into their localized workflow. While this presents significant advantages for productivity and business efficiency, it raises a lot of challenges regarding e-discovery given the diverse population of SharePoint sites throughout the enterprise, particularly because SharePoint tends to house important business documents and other information that is often relevant to legal matters and regulatory investigations.

e-Discovery Pain

The vast majority of current SharePoint deployments are versions 2007 or 2010, and neither have meaningful internal e-discovery or even data export features. SharePoint 2013 has some improvements, but does not support the very important requirements to tag, filter and review mass search results prior to export, or conduct early data assessment in place. This is one reason why SharePoint e-discovery is fraught with over-collection, resulting in much higher costs and time delays than what typically is seen with other similar data stores such as e-mail servers and file shares.

Another reason is that there really is no ability to mass export data in prior SharePoint versions, through version 2010, where it simply supports a manual single item export. The EDJ Group, which has published excellent research on SharePoint and Microsoft Exchange, reported that there were often inaccurate search results through version 2010. See, Federated Search ' Behind the Covers, EDJ Group, May 16, 2013 (free registration required)). And the search is limited to recovering document libraries, which is of limited utility because the search results return independent documents that leave the site context behind. And with SharePoint, most of the time the context ' i.e., how the document appeared to the user and what folder or project it was associated with ' is what is critical. So without an effective SharePoint e-discovery process and technology, the collection of the entire SharePoint site in bulk becomes the default practice. And this results in substantial expense because of the associated over-collection.

And not only are you collecting more than you need but, because that data was not collected in context, significant additional processing costs are required to reassemble the SharePoint data to make sense of it, and also to reapply custom metadata fields. This results in substantial costs ' up to 10 times normal e-discovery costs according to some industry experts ' due to the extensive back-end processing required when the SharePoint collection and preservation is not done properly. And any lawyer or paralegal should question an e-discovery service provider who recommends taking a complete forensic image of a SharePoint site, which is not a best practice and leads to great expense.

Corporate Legal and Compliance Struggles

It is not surprising, then, that courts have grappled with SharePoint e-discovery challenges. One such notable case is Monsanto v. Dupont, 2011 WL 1004852 (E.D. Mo., March 18, 2011), an intellectual property dispute that encompassed various pre-trial e-discovery disputes. One of the key issues in Monsanto involved how the parties were to determine which of the many Monsanto SharePoint sites should be searched. Monsanto applied a “custodian only” approach, meaning that only SharePoint sites that a custodian specifically identified as housing relevant electronically stored information (ESI) would be queried. DuPont argued for a more expansive “custodian based” approach, which would target SharePoint sites identified by a broader group of employees, instead of just by identified custodians. This highlights a gray area in SharePoint discovery: how hard are you required to search for the particular SharePoint sites that may hold responsive ESI? It invites arguments over identification efforts ' such as “custodian only” vs. custodian based” ' for which the best solution is for the parties to engage in informed advanced discussion of the appropriate approach to identification of SharePoint sites to search.

Given the value of some of the data pouring into organizations' SharePoint sites, security lapses can present a significant risk. A key benefit of SharePoint is that it is an outstanding platform for business collaboration and providing efficient access of key business information to various co-workers and contractors involved with various projects, including consultants not resident within the organization's firewall. This advantage also presents potential information governance nightmares in the form of leakage of confidential or sensitive information from the SharePoint site when access permissions are granted to individuals outside the organization (e.g., outside consultants and business partners).

The case law reveals situations where lax attention to the permissions granted for SharePoint access creates major information security gaps. One example of this is Wellogix v Accenture, 788 F.Supp.2d 523 (S.D.Tx. April 22, 2011), a case that provides a valuable lesson on the perils of SharePoint data leakage. Wellogix provided access to outside consultants and a potential partner on a proposed strategic alliance deal, but failed to withdraw security permissions and access rights when the outside parties were no longer their business friends, but rather created a rival product. The confidential information on the unattended SharePoint site was highly valuable, and the permissions snafu was a large basis of the litigation. See also, Devon Robotics v. DeViedman, 2012 WL 3627419 (E.D. Pa. Aug. 23, 2012) (Confidentiality agreement allegedly violated by permitting improper access to a SharePoint site containing proprietary information).

SharePoint Litigation Hold Procedures

When it comes to defensible SharePoint e-discovery, a key challenge involves the proper identification of the sites that contain potentially relevant ESI. This can be a particularly difficult task as it usually is not feasible to search all the company SharePoint sites. There are just too many and there is no effective centralized search capability. This was the crux of the issue in the Monsanto case.

The first step is to query to the key custodians and ask them to identify the SharePoint sites they use as a means to locate potentially relevant ESI. That is the easiest method of identification, and the one employed in Monsanto. But what are your options if you are not confident that approach is sufficient?

A cross-check involves working with the organization's SharePoint administrator, who can identify the SharePoint sites that custodians have permission to access.

An ideal approach, which would avoid the sort of disagreements on display in Monsanto , is to enter into a stipulation or even a discovery order. The stipulation should include a protocol for identification and collection of ESI in SharePoint that is based upon information received from custodians regarding their SharePoint use. And additionally based upon an inquiry of their permission-based access, including active directory groups, that reflect all the sites that potentially house responsive ESI.

e-Discovery Best Practices

From a technical standpoint, many e-discovery solutions are ill-equipped to address SharePoint e-discovery. Appliance-based e-discovery solutions or remote collections do not work as it may take weeks, if not months, to copy a multi-terabyte SharePoint site over a network connection. Manual collection efforts, which are geared toward mass “data dumps,” are also time consuming and are typically very costly.

Instead, what is needed is a solution that can quickly and remotely install and operate within the same local network domain to enable localized search, review and early data assessment in place. Full content indexing and preview of native SharePoint document libraries and lists, as well as its robust search, document filters, intuitive review interface uniquely enables targeted and contextual search, preservation and export of SharePoint evidence in its native format. Legal practitioners should consult with e-discovery experts to determine both best practices in process workflow as well as supporting technology to ensure SharePoint e-discovery costs and time delays are held in check.

Conclusion

SharePoint is growing as a source of truth for litigations and investigations, and most lawyers are behind the curve in mastering the identification, search and collection of this evidence. Certain best practices and technology ease the technical challenges of finding and gathering this evidence. To avoid disputes arising from SharePoint data, consider raising the issue early on in your meet-and-confer process, and agreeing upon a protocol focused on SharePoint challenges.

Patrick Burke, CIPP/E, is counsel in the New York office of Reed Smith and a member of the firm's Records & E-Discovery practice group. He advises clients regarding defensible identification, preservation, collection, processing, analytics, review and production of electronically stored information, as well as negotiations, meet-and-confer and litigating e-discovery issues. John Patzakis is president and CEO of X1, and an attorney specializing in legal issues concerning electronic evidence.

'