When a Second Request investigation was initiated as part of a large and high-profile technology industry acquisition, the companies were required to produce more than 8TB of data across a wide range of digital sources. Many of these were emerging data sources for which compliance and e-discovery controls and workflows had not yet been developed. As a long-time trusted advisor to the law firm representing the client, FTI Technology was engaged to handle e-discovery for the matter and create solutions to ensure relevant documents could be identified, collected, processed, reviewed and produced from the emerging data sources in scope.

Situation

The client’s legal counsel understood that the breadth of data sources involved in the matter would present significant e-discovery challenges and insisted that given FTI Technology’s expertise across traditional e-discovery, digital forensics and defensible handling of emerging data sources, the firm be involved as the lead provider for the matter from the outset.

Because the client had previously acquired many companies, its IT environment was siloed, expansive, complicated and spanned numerous countries. It included many legacy or “shadow” systems and servers that the central IT team was unaware of, unsure of how to access, as well as platforms that had not been fully integrated into the main branch IT architecture. Additional data sources in scope included Quip, Slack, Salesforce and data from proprietary, in-house systems that were built without legal hold or e-discovery functionality. For some of the systems, the client’s internal IT teams were simply unable to support data export. In parallel, other systems were tightly controlled, with IT reluctant to provide the permissions necessary for the team to perform the collections. All these variables added significant time and effort to the process of gaining access to the data in order to collect and process it for review.

Linked content (known as “Modern Attachments” in Microsoft 365) presented another challenge. In productivity and collaboration suites, documents are often sent as dynamic links rather than traditional static attachments. This was the case in this client’s environment across multiple platforms, demonstrating widespread channel hopping and cross-platform link sharing. There were also numerous, complex instances of many-to-one associations (family relationships) between communications and a single source file, which current e-discovery tools do extract or identify. The team was faced with creating novel workarounds to reconcile linked content in chats, posts and emails to the corresponding parent documents.

Another common issue with emerging data sources that arose in this case was that regulatory production specifications have not yet shifted to align with the nuances or structure of data within modern productivity suites. The team had to educate counsel about and address the disparities between regulatory requirements to produce entire folders and the reality of back-end data and folder structure and organization. This is a significant issue that requires specialized expertise to ensure technical production requirements are met across all data sources.

Our Role

Experts from across FTI Technology’s E-Discovery Consulting & Services and Digital Forensics & Investigations practices in the U.S. and EMEA assembled a plan to address the numerous technical and logistical challenges within the client’s environments quickly and efficiently, so the client could meet the tight timelines required in the Second Request. The team delivered the following:
  • Reconstruction of proprietary platforms to enable access to information and attachments within them and functionality to export documents for review. This included identifying gaps in the chronology of conversation threads and missing replies to recover omitted information and ensure a complete and defensible collection.
  • Developed a bespoke process to reduce data volumes by excluding certain custodians based on permissions. By limiting the collection to exclude custodians who had viewer only permissions and focus on those who had author/ collaborator access, the team was able to significantly reduce the volume of documents collected and reviewed.
  • Utilizing a multi-custodian search and export approach which was segmented on date as opposed to traditional custodian-based collation, allowed a deduplicated set of information to be lifted once for the whole custodian population in manageable chunks.
  • Testing to optimize collection, enable concurrent workflows and reduce overlap when dealing with live systems that had slow data throughput and were continually changing.
  • Experience with rebuilding document folder structures where this information was not maintained during e-discovery export saved time and money and ensured that the production remained compliant with the regulator’s specifications.
  • Undertaking an extensive relinking exercise for linked content (Modern Attachments) to reconstitute the many-to-one family associations between independently collected data artifacts. Using reference markers in the communications, the team rebuilt family associations and connected communications to the corresponding file(s) in a defensible manner.
  • Proactive project management and solution development to reduce the impact of delays and meet critical project deadlines.

    • Our Impact

    Amid significant barriers within the client’s IT environment and unprecedented challenges relating to emerging data sources, FTI Technology’s team provided a full and complete production on time for a high-stakes Second Request.

    Innovative multi-custodian workflows and search engineering for dynamic documents reduced data volumes significantly, saving the client roughly 60% in document review costs.

    Established a trusting, collaborative working relationship with the client’s IT department to instill confidence regarding the technical justification, security, accuracy and defensibility of the team’s methodologies.