Salient Logo
Salient Logo

Data residency, sovereignty, retention, and legal hold in Microsoft eDiscovery

Where data is stored, if it can be searched, how long it must (or can) be kept are important aspects of data governance that must be taken into consideration during an eDiscovery case. How the data will be preserved and how to apply a legal hold in Microsoft eDiscovery are also essential knowledge to ensure any evidence has been collected defensibly. With data residency and data sovereignty laws that vary from region to region and country to country, that can make for a complicated eDiscovery process – particularly when multiple regions are involved in a matter. 

Data residency and data sovereignty implications for eDiscovery 

For many organisations, the fact that functional use of Microsoft Purview’s eDiscovery tools can be directly affected by broader data governance and compliance issues comes as something of a surprise.  

In reality, decisions made (or not made) by stakeholders from across the business can have serious implications for eDiscovery. This article explores a few examples of these complexities, and the ways in which Microsoft 365 eDiscovery (Premium) can handle them. 

Compliance Boundaries

Got a complicated eDiscovery challenge in your Microsoft 365 environment?

Get in touch >>

Data residency and data sovereignty challenges are typically handled using compliance boundaries – logical divisions created within an organisation to control the user content locations (mailboxes, OneDrive accounts, SharePoint sites etc.) that eDiscovery managers can search.  

From a general eDiscovery perspective, this is essential, as it controls access to the eDiscovery cases used to manage investigations within the organisation, as well as access to the content itself. From a data residency and sovereignty perspective, compliance boundaries can also be extremely useful, configured to control: 

  • Whether or not data can be searched and discovered. 
  • How data exports are routed to control any movements across geographic borders.

Microsoft365 eDiscovery (Premium) capabilities and challenges 

Microsoft 365 eDiscovery (Premium) uses security filters to deal with the complexities of differing laws and regulations. The functionality is relatively straightforward, but understanding the requirements, environment, and configuration before performing an eDiscovery search is not. It takes skill and experience to know the right questions to ask around multi-geo capability configurations, and any compliance boundaries that may (or may not) have been set up on the tenant. The effects of data retention and deletion policies on eDiscovery 

Data retention (and disposition) policies are implemented to ensure that documents and records are retained only long enough to meet business, legal and regulatory requirements, and no longer. Implementation of these policies may include automatic deletion of files at the end of their retention period.  

That’s very useful from a general compliance and security perspective, but extremely awkward if critical data happens to “expire” in the middle of an eDiscovery case. As such, it’s essential to consider retention policies when undertaking any eDiscovery search and collection, putting the necessary measures (i.e. legal holds) in place to preserve data for the lifetime of the investigation or case. 

Legal hold in Microsoft eDiscovery (Standard) vs eDiscovery (Premium) 

Microsoft Purview eDiscovery (Standard) allows eDiscovery holds to be placed on content locations (Exchange mailboxes, SharePoint sites and Exchange public folders) relevant to a case. 

The usability and coverage of legal holds in Microsoft eDiscovery (Premium) extends to include: 

  • Custodians and their data sources. (This overrides data retention policies to ensure the preservation of critical case data.) 
  • Noncustodial holds on mailboxes and OneDrive for Business sites. 
  • Group mailboxes, SharePoint sites and OneDrive for Business sites for Microsoft 365 groups. 
  • Mailboxes and sites associated with a Microsoft Team.

When a content location is placed on legal hold in Microsoft eDiscovery (Premium), the content within is held until the custodian is released, the data location is removed from the hold policy, or the hold policy is deleted in its entirety. 

Conclusion 

The relationship between eDiscovery functionality and regulatory requirements is an intricate one, and often tricky to untangle. Our Salient experts are well versed in the complexities and can help you navigate the common (and less common) pitfalls to maximise your eDiscovery capabilities without compromising compliance. Find out more about our outsourced service for eDiscovery in Microsoft 365.

The challenges and pitfalls of eDiscovery in Microsoft 365

What does Microsoft Purview offer a legal team? How can the technology be used for eDiscovery activities and what sorts of challenges might you face?

Read the article >>

Microsoft Purview eDiscovery is a powerful tool in the right hands. Our experts share the causes and effects of over- and under-collection that are symptomatic of reactive eDiscovery requests.

Read the article >>

Encrypted data can create blind spots that, without expert knowledge, could go unnoticed during the search/collection/export of data during an eDiscovery case. 

Read the article >>

Email inboxes are a treasure trove of information. However, long term retention in email archives and preserving the relationships between emails, links, attachments can pose eDiscovery challenges.

Read the article >>

Indexing is the process of producing a searchable catalogue of files, messages and other content in a set of electronic data. Understanding how indexing works in Microsoft 365 is vital for acccurate and complete eDiscovery.

Read the article >>

Microsoft Purview’s eDiscovery tools can be directly affected by broader data governance and compliance issues. Our experts explore issues like data sovereignty and data residency in eDiscovery.  

Read the article >>