How did they do it?
- Used Collect to remotely collect data from nine custodians’ Microsoft Office 365 accounts
- Optimizing the collection by splitting it into two sets
- Getting the right buy-in early to adopt Collect
The Challenges of Working Remotely
Early in 2021, Relativity solutions provider, Control Risks, was working with a chemical company client headquartered in Scandinavia. The client was facing an internal investigation that required rapid collection of documents from employees in the APAC region. The client needed to collect custodian data in the form of Microsoft 365 (“M365”) emails, calendars, contacts, and OneDrive files.
Traditionally, this type of collection would have been handled by one of Control Risks’ forensic experts onsite, directing and monitoring the collection and working closely with the client’s IT personnel. However, due to COVID-related travel restrictions and public health concerns, an onsite collection was not possible. Control Risks needed to meet the challenge of a fully remote collection, while minimizing the impact on the client’s internal resources who were also remote. Control Risks’ Director of eDiscovery Operations, Liraz Kolnik, explained:
“The alternative practice would be for the client’s IT or in-house discovery group to export, collate, and sort the data themselves with the supervision of Control Risks’ forensics experts over a remote session. Then they would have to transfer the data via an sFTP or, if the data set is too large, ship physically on a hard drive.”
This was not viewed as an ideal scenario by Control Risks or the client.
Remote Collection Made Easy
Control Risks had already familiarized themselves with RelativityOne's collection capabilities and recognized that this would be a great opportunity to implement it.
The first step in the process involved vetting from the client’s IT and Information Security departments. This was a critical first step in the process; getting their buy-in early was a great way to avoid unnecessary hurdles or roadblocks once legal counsel is already on board with the collection plan. Once these teams were satisfied with the application and procedure, the Control Risks team could proceed with the first phase—connecting Collect to the client’s instance of M365 on the Azure cloud and running a controlled test. The team performed a small collection to ensure that the process was running smoothly.
“The setup of Collect within RelativityOne is a fairly quick process. The longest part is getting the client to approve the process and the client creation of the Azure application on their end.”
LIRAZ KOLNIK, Director of eDiscovery Operations
Satisfied that Collect was set up correctly, the second phase involved a limited collection from one of the relevant custodians. Control Risks targeted just one of the custodians in the matter and collected all their data across all four of the M365 collection points. Assured that that collection ran smoothly, accurately, and timely, the team was then prepared to perform the broader collection.
As this was an internal investigation, the client requested a complete collection of the data for each of the custodians at issue. After the test collection, Control Risks determined that the custodians had an abnormally large amount of OneDrive data. As a result, Control Risks optimized the collection strategy by splitting the collection in two.
The first collection was of emails, calendars, and contacts (i.e., the “Outlook” data), The second collection contained the larger set of OneDrive data. Using this strategy Control Risks was better able to support the client’s review by processing, searching, and promoting the more important “Outlook” data on a rolling basis. Collect helped Control Risks to support this workflow by allowing Control Risks to carve the collections in advance.
Done in Days, Not Weeks
The process was seamless and quick with 808 GB collected from 9 custodians. Had the collection been performed by the client’s internal team collecting the data, copying it to a hard drive and shipping it to the review team could have taken anywhere from one to two weeks. instead, this collection was set up and transferring data to Control Risks within a few hours where it was immediately staged for processing, which was completed in a matter of days not weeks.
With Collect, Control Risks was able to expedite the collection for their client through the efficiency and security of Collect. Avoiding risky data transfers was a benefit that utilizing Collect offered Control Risks and the client. Since M365 data and RelativityOne both exist on the Microsoft Azure cloud, the collected data never had to leave the security of Azure. The client was exceptionally pleased with the process and result.
From the Control Risks perspective, they were able to setup, monitor, and action the data efficiently and with minimal disruption to the client. Collect in RelativityOne provided the process efficiency of one tool that can be used from start to finish to save steps. But one of the greatest benefits that Control Risks experienced was their ability to remain in control of the collection. They had visibility into the entire process—Control Risks could monitor how the data was being handled, and with metadata providing detailed audit trials they were still able to achieve a forensically sound collection.
“We could provide ourselves, and therefore the client, with a more accurate ETC. Collect allows us greater control of the process from targeting, collections, through to processing and review," said Liraz.
Now that Control Risks has implemented Collect, they can complete setup and have it tested and running for their clients in under a day. This allows them to get their team up to speed on a matter involving collections in no time.
Liraz looks forward to utilizing Collect further, exploring alternative data source collections beyond M365 like Google Workspace, Slack, and Teams, and to take advantage of the native short message import capabilities afforded with Collect and Relativity's short message format (“RSMF”). Robust filter criteria also provide opportunity for Control Risks to perform highly targeted collections, saving themselves and clients significant time in review.
“It was really good to see how robust the tool has become. We’re always looking for ways to get the data from the client to the review as quickly, defensibly and securely as possible. Collect helps us provide greater service and strengthen our relationships with our clients.”