Lighting the Path to Better Information Governance

Lighthouse helps global British bank resolve critical risks during a major technology overhaul. Key Actions Microsoft referred Company to Lighthouse to address eDiscovery needs within Microsoft 365 (M365) Lighthouse assembled a team whose members had former expertise gained from stakeholder departments that were affected by the unresolved needs Key Results Compliance risks were successfully remediated using native M365 tools The Company used its new platform to avoid the need for add-on services or vendors What They Needed M365 Implementation Yields Data Risk Management As one of the nation’s largest financial institutions, the Company’s move to M365 required exceptional time and care—further complicating compliance requirements for record-keeping, data protection, and regulated conduct, and ultimately placing demands on M365 that created uncertainty of whether the platform could be resolved. The complex compliance requirements fueled an internal audit, revealing several risks related to the Company’s management of unstructured data, including its practices for retention, deletion, preservation, and protection of sensitive information. The Company asked Microsoft for help—and Microsoft referred the Company to Lighthouse. Tight Deadlines, Exceptional Solutions Lighthouse was tasked to explore whether M365’s native information governance (IG) and eDiscovery tools could address the risks identified in the audit. The team launched a series of workshops, interviews, and research tasks to: Educate stakeholders about M365’s native capabilities for records and information management (RIM) and IG Define stakeholders’ needs and current workflows regarding RIM and IG Analyze gaps in the current state Test and propose new workflows using native M365 tools Executives intensely monitored this project, as every identified risk was critical, so the pressure on the teams’ proposed workflows was tremendous—not to mention a tight 12-week timeline. Lighthouse prevailed, fielding a team of experienced peers with the Company stakeholders. Every business group—from records management to IT that were responsible for remediating risks—was paired with a Lighthouse consultant who had previously filled a similar role at a comparable institution. Our experts gained rapid credibility with each stakeholder group, and they ultimately accomplished a unified solution that was acceptable to all parties. Our solution succeeded in remediating all flagged risks using RIM and IG workflows within M365. It required the Company to upgrade its M365 licensing agreement from E3 to E5, but the company agreed that the added cost was more than worth it. In the end, Lighthouse achieved two key wins: 1) demonstrating to the Company that M365 could meet even the most stringent security and compliance needs, and 2) securing a new trusted partnership with the customer that has continued to develop. ‍ Corporate Case Studycase-study; big-data; cloud-migration; cloud; cloud-services; corporate; corporation; emerging-data-sources; information-governance; ediscovery; microsoft; legacy-data-remediation; risk-management; record-management; financial-services-industrymicrosoft-365; information-governance; client-success; lighting-the-path-to-better-information-governanceCase-Study, client-success, Big-Data, Cloud-Migration, cloud, Cloud-Services, Corporate, Corporation, Emerging-Data-Sources, Information-Governance, eDiscovery, microsoft, Legacy-Data-Remediation, microsoft, risk-management, Record-Management, financial-services-industry, microsoft-365, information-governance

Lighthouse saves insurance giant millions of dollars during major technology upgrade. Key Actions Microsoft referred the Company to Lighthouse to resolve existing concerns from the Company’s IT and legal departments that were stifling their automation and transition process to Microsoft 365 (M365). Lighthouse held educational workshops on eDiscovery tools within M365, and devised a comprehensive plan for the compliance. Key Results Unblocked the M365 transition effort and enhanced the partnership between legal and IT. Compliance concerns were answered within M365, saving the company millions of dollars in retaining or updating legacy data management systems. What They Needed Legal Concerns Churn 11th Hour Nightmare for IT Department In 2017, a nationwide insurance giant initiated a transition from an on-premises Microsoft solution to a cloud-based M365 solution fueled by gain from cost, performance, and security improvements. Years later, and well past the intended launch date, the Company’s legal team suddenly halted the transition entirely due to concerns of M365’s eDiscovery capabilities, specifically, how M365 would handle the identification, preservation, and collection of email, instant messages, and files for the Company. The legal department insisted the company retain its custom-built archival solution until all compliance concerns were allayed. These demands put the IT department in an extremely tough spot after having already invested several years into the transition to M365. If forced to extend their aging, on-premises solution, the team would face substantial costs. To help unstick the implementation project, Microsoft suggested the Company engage Lighthouse to assist. Lighthouse immediately understood the legal team’s concerns and acted swiftly to address the Company’s insistence on exercising the transition to M365 with great caution, all while remaining vigilant of the Company’s receipt of hundreds of new legal matters monthly. The sensitive nature of data in this industry and the complex regulatory environment made the potential risk related to mismanagement very high. The process was intricate and complex, and required high-level integration to mitigate the significant risks that were specific to individual privacy regulations, such as the California Consumer Privacy Act (CCPA) and the European Union’s General Data Protection Regulation (GDPR). Hands-on Experience and High-touch Service Bridge the Gaps Lighthouse fielded a team of experts with direct experience in the same or similar roles as the various client stakeholders, ranging from IT to records management, corporate legal, and public affairs. This hand-selected team led a three-part process with their counterparts from the Company: Providing education on the eDiscovery aspects of M365 Analyzing current workflows and performance, and expressing their desired future state Devising a high-level design document for how relevant parties could conduct eDiscovery tasks in compliance with the requirements while using M365 The first two processes helped restore unity among stakeholders, while the design document delivered on the legal team’s concerns, including specified settings for a range of M365 applications and components, such as Exchange Online, SharePoint Online, OneDrive for Business, and Teams. The design document made room for process automation and/or custom workflows, as well as for third-party system integration (for compliance archive, legal hold, matter management, etc.). The initial project success led to a continuing relationship between the Company and Lighthouse, and over time Lighthouse has become a critical element in the Company’s ongoing M365 implementation and adoption journey helping them in charting a path forward. Corporate Case Studycase-study; big-data; cloud-migration; cloud; cloud-services; ccpa; corporate; corporation; data-privacy; data-protection; emerging-data-sources; information-governance; ediscovery; microsoft; gdpr; legacy-data-remediation; legal-holds; risk-management; insurance-industry; record-managementmicrosoft-365; data-privacy; information-governance; client-success; lighting-the-path-to-better-information-governanceCase-Study, Big-Data, Cloud-Migration, cloud, Cloud-Services, ccpa, Corporate, Corporation, Data-Privacy, data-protection, Emerging-Data-Sources, Information-Governance, eDiscovery, microsoft, gdpr, Legacy-Data-Remediation, Legal-Holds, microsoft, risk-management, insurance-industry, Record-Management, microsoft-365, data-privacy, information-governance

Lighthouse bridges internal gaps during technology overhaul and solves longstanding compliance issues for a German multinational healthcare manufacturer. Key Actions Lighthouse engaged company stakeholders in operational planning and received funding from Microsoft to devise and integrate a premium Microsoft 365 (M365) add-on to existing Purview Premium eDiscovery, which resolved an outstanding compliance need. Key Results The proof-of-concept achieved a zero-trust security model integrated with third-party software, and satisfied the barring of critical needs for the Company that centralized IT and legal departments after years of dysfunction. What They Needed Automating a transition to M365 commonly yields a clash between IT, legal, and compliance stakeholders if the decision to convert was spearheaded by IT and made without consulting legal and compliance teams. Typically, during planning or implementation of converting to M365, legal teams ask IT how the new platform will manage compliant and defensible processes, and if IT doesn’t have the answers, the project stalls. This was the situation facing a multinational manufacturing Company that engaged Lighthouse for help during the spring of 2020. At that time, the Company was several years into its M365 transition, and the legal teams’ requirements for adoption of native M365 compliance tools barred a complete transition. Pressure to adopt the tools escalated as M365 workloads for content creation, collaboration, and communication were already rolled out, creating an increasingly large and complex volume of data with significant degrees of risk. Lighthouse Responds to Need and Launches New Technology In partnership with Microsoft Consulting Services, Lighthouse organized a companywide M365 “reset,” hosting a three-day workshop to revamp the transition process and generate an official statement of work. The strategic goal was to streamline the stakeholders from litigation, technical infrastructure, cybersecurity, and forensics teams that previously failed to align. The workshop fielded critical topics geared to encourage constructive discussions between stakeholders and to strengthen departmental trust. The outcome of these discussions eventually enabled the company to move forward with critical compliance updates, including the collection and parsing of Microsoft Teams data, and the management of myriad files and email attachments. Lighthouse took stock of the current state, testing potential solutions, and arrived at a proof-of-concept for an eDiscovery Automation Solution (EAS) that augmented existing M365 capabilities to meet the legal team’s security requirements and remediate any performance gaps. Microsoft recognized the potential value of the EAS for the wider market, ultimately leading to Microsoft funding for the proof-of-concept. Inside the eDiscovery Automation Solution (EAS) Technology Azure-native web application designed to orchestrate the eDiscovery operations of an M365 subscriber through Purview Premium eDiscovery automation Maximized Microsoft Graph API “/Compliance/eDiscovery/” functions and other Microsoft API Simplified to Azure AD trust boundary, targeting the M365 tenant hosted within, and enabling full governance of identity and entitlement throughout Azure and M365 security features Benefits Achieved a zero-trust security model Authorized high-velocity, high-volume eDiscovery tasks without outside technology through automation and orchestration of existing M365 eDiscovery premium capabilities native to M365 Mobilized integration with third-party software included in the Company’s eDiscovery workflows Amplified workload visibility by automatically surfacing relevant Mailboxes, OneDrives, and other M365 group-based technologies dependent upon selected Custodians’ access Corporate Case Studybig-data; case-study; cloud-migration; cloud; cloud-services; cloud-security; corporate; corporation; data-privacy; emerging-data-sources; information-governance; ediscovery; microsoft; manufacturing-industry; risk-managementchat-and-collaboration-data; ediscovery-review; microsoft-365; data-privacy; information-governance; client-success; lighting-the-path-to-better-information-governanceBig-Data, Case-Study, Cloud-Migration, cloud, Cloud-Services, Cloud-Security, Corporate, Corporation, Data-Privacy, Emerging-Data-Sources, Information-Governance, eDiscovery, microsoft, manufacturing-industry, risk-management, chat-and-collaboration-data, ediscovery-review, microsoft-365, data-privacy, information-governance

Emily Dimond, Managing Senior Counsel, eDiscovery, at PNC Bank, shares practical strategies for managing updates in Microsoft 365 and how to develop an agile governance program.,   Collaborative technology‚Äîgreat for employee productivity but often challenging for legal and IT departments. Balancing the risk and reward requires a deep understanding of ever evolving updates while proactively managing those changes. As organizations adopt cloud-based enterprise software like Microsoft 365, previous change management and governance approaches are often no longer sufficient. Emily Dimond , Managing Senior Counsel, eDiscovery, at PNC Bank, shares practical strategies for managing updates in M365, including recent changes to transcripts and loop components, and how to develop a strong governance program equipped for today‚Äôs dynamic landscape.  This episode's sighting of radical brilliance:  Where is Tech Going in 2023? Harvard Business Review,  January 26, 2023. If you enjoyed the show, learn more about our speakers and subscribe on lawandcandor.com , rate us wherever you get your podcasts, and join in the conversation on LinkedIn and  Twitter .  , microsoft-365; chat-and-collaboration-data; lighting-the-path-to-better-information-governance, microsoft, emerging data sources, podcast, record management, microsoft-365, chat-and-collaboration-data, microsoft; emerging-data-sources; podcast; record-management

Our hosts chat with Lighthouse's John Bair about implementing proactive data management programs and emerging challenges with remote working, including mobile devices and collaboration data., Law & Candor returns for Season 10 with co-hosts  Bill Mariano  and Rob Hellewell. They kick off the episode with a discussion of a Harvard Business Review article about the ways AI can make strategy more human. Next they are joined by John Bair , Senior Consultant in Digital Forensics at Lighthouse, to discuss bring your own device (BYOD) policies, implementing proactive data management programs, and emerging data challenges with remote working. Some questions that they tackle include: From a data governance and management perspective, what are the greatest challenges that have emerged from working from home and BYOD policies? Many organizations may have governance programs in place but still struggle with new data sources or devices. What can make some programs inadequate to face these changes? For those needing to refresh their governance approach, or build something new, what advice do you have for creating a more proactive program to get ahead of these data challenges? How should legal teams work with IT to ensure these types of programs are a success? How should we think about their roles? As mobile devices and virtual work continue to advance, how can teams ensure their data governance programs keep pace? If you enjoyed the show, learn more about our speakers and subscribe on the  podcast homepage , listen and rate the show wherever you get your podcasts, and join in the conversation on  Twitter .  , chat-and-collaboration-data; data-privacy; forensics; lighting-the-path-to-better-information-governance, collections, emerging data sources, departing/onboarding employee, podcast, preservation, risk management, chat-and-collaboration-data, data-privacy, digital-forensics,, collections; emerging-data-sources; departing-onboarding-employee; podcast; preservation; risk-management

James Hart of Lighthouse and our hosts discuss this complex aspect of Microsoft 365 eDiscovery, identify best practices and mitigation strategies, and proactive tips for the future., Law & Candor co-hosts Bill Mariano and Rob Hellewell kick things off with Sightings of Radical Brilliance, in which they discuss a framework for building accountability into AI from an article in Harvard Business Review by Stephen Sanford . In this episode, Bill and Rob are joined by James Hart of Lighthouse. They discuss this critical component of Microsoft 365 and its important role in maximizing the effectiveness of ediscovery workflows and mitigation strategies. Key questions from their conversation include: What are unindexed items and how critical are they to efficiency in ediscovery workflows? After identifying unindexed items, what is the next step and how do you approach it? What are some key strategies for handling unindexed items? How are different organizations approaching unindexed items from a policy perspective? What are best practices for approaching this unique issue in Microsoft 365? In conclusion, our co-hosts end the episode with key takeaways. If you enjoyed the show, learn more about our speakers and subscribe on the podcast homepage , rate us on Apple and Stitcher , and join in the conversation on Twitter . Related Links Blog Post: An Introduction to Managing Microsoft 365 Updates that Present Legal and Compliance Considerations Blog Post: Making the Case for Information Governance and Why You Should Address It Now White Paper: The Impact of Schrems II and Key Considerations for Companies Using M365 Podcast: Keeping Up with M365 Software Updates , microsoft-365; chat-and-collaboration-data; information-governance; lighting-the-path-to-better-information-governance, microsoft, emerging data sources, podcast, record management, preservation, microsoft-365, chat-and-collaboration-data, information-governance,, microsoft; emerging-data-sources; podcast; record-management; preservation

Emerging challenges with big data—large sets of structured or unstructured data that require specialized tools to decipher— have been well documented, with estimates of worldwide data consumed and created by 2025 reaching unfathomable volumes. However, these challenges present an opportunity for innovation. Over the past few years, we’ve seen a renaissance in AI products and solutions to help address and evolve past these issues. From smaller players creating bespoke algorithms to bigger technology companies developing solutions with broader applications, there are substantial opportunities to harness AI and rethink how to manage data.A recent announcement of Microsoft’s Syntex highlights the immense possibilities for, and investment in, leveraging AI to manage content and augment human expertise and knowledge. The new feature in Microsoft 365 promises advanced AI and automation to classify and extract information, process content, and help enforce security and compliance policies. But what do new solutions like this mean for eDiscovery and the legal industry?There are three key AI benefits reshaping the industry you should know about:1. Meeting the challenges of cloud and big data2. Transforming data strategies and workflows3. Accelerating through automationMeeting the challenges of cloud and big data Anyone close to a recent litigation or investigation has witnessed the challenge posed by today’s explosion of data—not just volume, but the variety, speed, and uncertainty of data. To meet this challenge, traditional approaches to eDiscovery need to be updated with more advanced analytics so teams can first make sense of data and then strategize from there. Simultaneous with the need to analyze post-export documents, it’s also clear that proactively managing an organization’s data is increasingly essential. Organizations across all industries must comply with an increasingly complex web of data privacy and retention regulations. To do so, it is imperative that they understand what data they are storing, map how that data flows throughout the organization, and have rules in place to govern the classification, deletion, retention, and protection of data that falls within certain regulated categories of data types. However, the rise of new collaboration platforms, cloud storage, and hybrid working have introduced new levels of data complexity and put pressure on information governance and compliance practices—making it impossible to use older, traditional means of information governance workflows. Leveraging automation and analytics driven by AI advances teams from a reactive to proactive posture. For example, teams can automate a classification system with advanced AI where it reads documents entering the organization’s digital ecosystem, classifies them, and labels them according to applicable sensitivity or retention categories implemented by the organization—all of which is organized under a taxonomy that can be searched later. This not only helps an organization better manage data and risks upfront—creating a more complete picture of the organization’s data landscape—but also informs better and more efficient strategies downstream. Transforming data strategies and workflows New AI capabilities give legal and data governance teams the freedom to think more holistically about their data and develop strategies and workflows that are updated to address their most pressing challenges. For eDiscovery, this does not necessarily mean discarding legacy workflows (such as those with TAR) that have proven valuable, but rather augmenting them with advanced AI, such as natural language processing or deep learning, which has capabilities to handle greater data complexity and provide insights to approach a matter with greater agility. But the rise of big data means that legal teams need to start thinking about the eDiscovery process more expansively. An effective eDiscovery program needs to start long before data collection for a specific matter or investigation and should contemplate the entire data life cycle. Otherwise, you will waste substantial time, money, and resources trying to search and export insurmountable volumes of data for review. You will also find yourself increasingly at risk for court sanctions and prolonged eDiscovery battles if your team is unprepared or ill-equipped to find and properly export, review, and produce the requested data within the required timeline. For compliance and information governance teams, this proactive approach to data has even greater implications since the data they’re handling is not restricted to specific matters. In both cases, AI can be leveraged to classify, organize, and analyze data as it emerges—which not only keeps it under control but also gives quicker access to vital information when teams need it during a matter.Advanced AI can be applied to analyze and organize data created and held by specific custodians who are likely to be pulled into litigation or investigations, giving eDiscovery teams an advantage when starting a matter. Similarly, sensitive or proprietary information can be collected, organized, and searched far more seamlessly so teams don’t waste time or resources when a matter emerges. This allows more time for case development and better strategic decisions early on.Accelerating through automation Data growth continues to show no signs of slowing, emphasizing the need for data governance systems that are scalable and automated. If not, organizations run the risk of expending valuable resources on continually updating programs to keep pace with data volumes and reanalyzing their key information.The best solutions allow experts in your organization to refine and adjust data retention policies and automation as the organization’s data evolves and regulations change. In today’s cloud-based world, automation is a necessity. For example, a patchwork of global and local data privacy regulations (GDPR, California’s CCPA, etc.) include restrictions related to the timely disposal of personal information after the business use for that data has ended. However, those restrictions often conflict with or are triggered by industry regulations that require companies to keep certain types of documents and data for specific periods of time. When you factor in the dynamic, voluminous, and complex cloud-based data infrastructure that most company’s now work within, it becomes obvious why a manual, employee-based approach to categorizing data for retention and disposal is no longer sustainable. AI automation can identify personal information as it enters the company’s system, immediately classify it as sensitive data, and label it with specific retention rules. This type of automation not only keeps organizations compliant, it also enables legal and data governance teams to support their organization’s growth—whether it’s through new products, services, or acquisitions—while keeping data risk at bay. Conclusion Advancements in AI are providing more precise and sophisticated solutions for the unremitting growth in data—if you know how to use them. For legal, data governance, and compliance teams, there are substantial opportunities to harness the robust creativity in AI to better manage, understand, and deploy data. Rather than be inhibited by endless data volumes and inflexible systems, AI can put their expertise to work and ultimately help to do better at the work that matters. practical-applications-of-ai-in-ediscovery; ai-and-analytics; chat-and-collaboration-data; microsoft-365; lighting-the-path-to-better-information-governancemicrosoft, ai-big-data, cloud-security, blog, record-management, ai-and-analytics, chat-and-collaboration-data, microsoft-365,microsoft; ai-big-data; cloud-security; blog; record-managementmitch montoya

There is much out there about cloud solutions and how they improve the lives of users, offer flexibility for expansion and contraction of business, and can lighten the lift for IT. There is even a lot of specific commentary about how cloud can help legal teams and enable change management for the department. But what about the day-to-day tasks? How does the cloud change the legal team’s work and what new governance and skills are necessary to handle that change? This blog will tackle these questions so you can be more prepared and agile as cloud technology advances.Why does a shift to the cloud matter for legal teams?From a practical perspective, it means having to be reactive in areas where legal has traditionally been more proactive. Things like data storage timelines and locations, internal access permissions, and document history are now ever-changing with software updates being automatically pushed to corporate software environments. Many organizations that manage on-premises software have historically had an effective software governance structure in place. They can meet, discuss upcoming upgrades and their impacts, and make decisions about when to execute a software upgrade. Now, in an agile cloud approach, upgrades come frequently, without much notice, and sometimes have highly impactful changes. Traditional governance structures are no longer sustainable given the new timing and volume of updates – sometimes hundreds in a week. Legal and IT teams now need to collaborate more often to quickly analyze any impacts updates will have on the organization and what, if anything, needs to be done to mitigate cloud security risks.Given this, how should corporate legal teams adapt?A typical legal department is organized around areas of expertise – you may have employment, litigation, business advice, and contracts, for example. The department may also have a legal operations function, or a member of the team assigned to certain process improvement and/or corporate programs. One of these programs covers technology changes at an organization. It is this latter set of responsibilities that become much more important, and more voluminous, in an agile software environment. Analyzing the potential risks of cloud updates, advising the business on how to mitigate those risks, and changing any associated legal workflows can become a full-time or close to full-time set of responsibilities. In addition, the culture of the department must change to one that embraces frequent change, understands change management, and is consistently updating and improving processes and procedures.Traditionally, in an on-premises environment, an IT organization would typically manage an upgrade governance structure. They would plan for a software upgrade every six months, outline the changes that are due with each upgrade, and analyze what departments it impacts and the risks of those impacts. Finally, they would present this information to a cross-functional committee who would discuss when the upgrade can be made and what kind of work needs to precede the upgrade. Legal was typically part of that committee. Now, in a cloud environment dozens (or even hundreds) of changes get pushed out weekly and, although there may be some advanced warning, the timing isn’t as flexible, it isn’t uniform across users, and there is usually less time to prepare. In addition, changes may be pushed out, rolled back, and potentially reversed. Updates may also occur without any warning, which can contribute to the cloud challenges for corporate legal departments[1]. To minimize risk in this agile environment some specific steps can be helpful: a similar governance committee needs to meet more frequently, the analysis of impact and risk needs to be done very quickly, and changes need to be made almost immediately to ensure you get ahead of any potential impacts. Due to the frequent nature of these changes, and supervising process updates to mitigate risk associated with the changes, managing cloud updates can be more time-consumingWithout structure, these cloud updates can add stress and increase reactive work. However, with some structure and clearly delineated oversight, they can be managed more efficiently. Although many organizations may not have a structure in place, those that do pull together a committee for each enterprise technology. This committee has IT, legal, compliance, and business-focused representation. It may have multiple representatives from some of these groups, depending on the perspectives needed. The goal is for the business representative to advocate for users of the technology, the legal and compliance representatives to mitigate risk and take into account regulatory, litigation and privacy considerations, and the IT team to represent management of the platform and be a voice for the platform provider. The committee should have access to a sandbox-type environment where they can test changes and should be empowered to lead companywide changes – or at least be able to work with a project management office or other resource to make these changes.Most legal departments run pretty lean so creating a new governance structure can be a significant challenge, but there are ways to make the process easier. First, you can hire outside support to handle all, or some, of this work. For example, outsourcing the creation of the governance structure to manage software updates and staffing that group with your own resources or have your external partner staff and manage it until a time when you are ready to take it over. Second, instead of hiring outside support, you can share your risk concerns with IT and rely on them to raise any potential impact that upgrades may have on risk and legal processes. For example, when IT receives an email from a software provider outlining updates, they would analyze them for potential impact to legal workflows, retention policies, or any other issues you have flagged. They would then test the updates and remediate any negative impacts. Finally, you can rotate governance committee membership so that the work is being shared across your team. Whatever approach you choose, keep in mind that changes in the cloud environment are happening frequently and having someone within your company watching from a legal perspective will pay dividends when it comes to accessing data for legal, compliance, investigative, or other reasons down the line.[1] Victoria Hudgins, “Big Adjustment: Legal Departments Struggle with Lack of Control Over Cloud Technology,” Legaltech news, November 29, 2021, law.com information-governance; microsoft-365; lighting-the-path-to-better-information-governancecloud-security, cloud-migration, blog, risk-management, information-governance, microsoft-365cloud-security; cloud-migration; blog; risk-managementlighthouse