Ownership
Once the SharePoint site structure is established, next comes the task of determining who owns the data within the platform. Identification of data ownership is important for e-discovery, since some of the data owners may ultimately become custodians in a matter or investigation.
Why does determining data ownership matter, you may ask? Legal and IT are obligated to collect and produce relevant data for each custodian named in a matter or investigation, often within a two to three week window. Missing this deadline can result in fines and, potentially, loss of the case. It is much easier to find data if ownership structures are documented and in place. Knowing where to look can the make the difference between missing a deadline or having the time to review data and determine case strategy. Because SharePoint can function as a file-share, in which anyone can have access to a certain folder, the administrator can and should manage who can access what folders and where information is ultimately stored.
Making that decision involves defining who the data owner is, and that can be a complicated process. In SharePoint, an owner needs to be assigned to every data element. Since many people use a given SharePoint site, some steps should be taken to identify ownership of the data. Often, the person with administrator rights to the site can be considered the owner.
Too many cooks
What happens when you have a project team or department with many individuals contributing content, making edits and viewing content? SharePoint tracks both who last viewed or last edited content, which is information that can be used to determine custodians for the data. Or, in some matters, all people with access rights to the content may be considered custodians. Wikis and blogs may be more straightforward than documents, since there are typically primary and secondary or contributing authors which become the data custodians.
The final and perhaps most important action a company can take when preparing for e-discovery involving information on SharePoint is to ensure that all metadata is preserved. Failing to preserve metadata can result in fines and/or sanctions. But a fear of sanctions and fines should not be the only motivating factor for ensuring the preservation of an organization’s metadata. Metadata identifies who last accessed a file/sent a message, who created it, when it was created or accessed and who was on the distribution list for a message.
This information, combined with the contents of a file or message determines who said what to whom and when, as well as who knew what and when they became aware of it.
Metadata can be preserved through a tool that makes forensic copies of the content. The most common enterprise tool for preserving content and metadata is an enterprise information archive. Archives use special connectors to link to e-mail servers and other application servers, such as SharePoint that copy and store both content and metadata. E-discovery tools built for collections also ensure both content and metadata are copied and preserved exactly the way they were in the original location.
Organizations can make discovery from SharePoint more efficient and reduce risk by establishing clear protocols for accessing SharePoint sites and documenting the entire management process in terms of site structures, administrator access and employee access. This documentation must be kept current and should track whom had access to what sites and when.
An organization should also work with its legal team to describe — in advance — how it will define custodians with respect to administrator, author or viewing access rights. Legal and IT teams should work collaboratively prior to investigations and legal matters to determine how collections from SharePoint will be conducted and what steps will be taken to put content on legal hold.
The ‘when’
When the time comes to conduct SharePoint e-discovery, there are a number of third party tools that can help. Some tools allow organizations to crawl through an archive and extract specific information. Some have the ability to do a proximity search, so, for example, you can look for the word “discovery” +/- any other specific words before or after it. More advanced discovery services provide the ability to search by concepts, instead of just keywords.
These systems take advantage of full text indexing of content and metadata and then apply advanced linguistic algorithms to identify relevant content. Some tools take this process a step further, allowing review attorneys to classify documents from within the review set which then trains the software to efficiently classify other documents accordingly. This intelligent prioritization is even more powerful in that it identifies gray content (meaning documents that may be either relevant or non-relevant) and presents it to a human for disposition, from which the learning process continues to refine itself.
SharePoint’s use is growing in popularity and the amount of data being created is growing exponentially, increasing the frequency of e-discovery requests from this platform. Since organizations are obligated to collect and produce data from SharePoint for litigation and investigations, they can reduce the impact through proper planning, documentation and business processes.
Structure, administration, alignment to corporate retention policies and proactive methods for assigning data ownership can help organizations reduce the possibility of fines and sanctions and have the time they need to develop optimal case strategies.
Tom McCaffrey is director of archiving for Kroll Ontrack, where he is responsible for the overall business strategy and market evolution of Kroll Ontrack’s archiving and information management solutions.McCaffrey works with his team to bring expert products and services to market that help clients manage large volumes of data, reduce the cost of responding to investigations, litigation and regulatory requirements, and defensibly respond to requests for electronically stored information (ESI).
Prior to joining Kroll in 2009, McCaffrey spent nearly 10 years in data storage and telecommunications industries. He holds his M.S. in technology management and strategic management, as well as certificates in medical technology management and health care management, from the University of St. Thomas in St. Paul, Minn. He received his B.S. in mechanical engineering from the University of Minnesota.