eDiscovery and Sharepoint

I am consistently surprised that the eDiscovery of Microsoft Sharepoint repositories does not strike more fear into organizations.  Sharepoint is complex, contains different types of documents/objects, can have rich metadata and is a key repository for business content.  Yet most organizations that we talk with state that they are not concerned with their ability to handle eDiscovery work on Sharepoint sites.

There are several potential reasons for this hands-off attitude:

- There are no significant reported cases where a party was sanctioned for failing to properly preserve or collect content from Sharepoint.  I did some of my own research in a few eDiscovery caselaw databases, and none of my searches located the word “sharepoint” in connection with a sanctions motion;

- Few litigants seem to be asking for Sharepoint content during discovery.  (Of course this is not a valid reason for organizations to ignore it.  The duty to preserve and produce ESI is not tied to whether the other party asks for the content.  But in reality, if both sides bury their heads in the Sharepoint sand, then no one knows whether relevant content is being ignored).

- Most organizations lack the tools and capabilities to discover from Sharepoint, at least beyond basic Office documents that might be stored in a site.  Whether Legal is aware that IT is not undertaking discovery of Sharepoint sites is a good question to ask.

What makes Sharepoint more complex than a fileshare, at least in eDiscovery?  Many different types of content can be stored in a site:  documents, email messages, OneNote files, webpages, community posts, microblogs, Lync IMs, and more.  Not all of this content is readily accessible, so eDiscovery teams may have difficulty in locating relevant content.  Even when found, the preservation and collection of that content can be difficult.

Metadata in eDiscovery is often a misunderstood issue, and Sharepoint has a lot of metadata.  For example, each user can define a set of metadata tags for use with documents.  This information is arguably not relevant in many cases, but it may be useful or important in locating relevant documents.  And since one cannot rule out relevancy before a case even begins, organizations need a plan to capture this information when necessary.

A more advanced but still important concern is with authentication and admissibility of the Sharepoint content.  The creator of a document can often be difficult to determine, even on a fileshare where the “owner” of that document may be clear (based on the directory structure).  In Sharepoint, the situation can be far murkier due to its collaboration capabilities.  For example, multiple parties may have contributed to a document but the identified owner and creator may not be part of that group.  (For some great background on these issues, download The Sedona Conference Commentary On ESI Evidence & Admissibility).

What can you do?

- Legal and IT should get together to discuss the organization’s Sharepoint deployment and determine whether it is (or should be) on the Data Map; and if so, how content can best be located, preserved and collected when necessary.  Microsoft has added some eDiscovery capabilities to Sharepoint 2013 but whether those features are sufficient, and how to handle prior versions of Sharepoint, remain a concern;

- The organization should consider (now!) policies relating to the retention of Sharepoint content.  This is a great step to take before the situation becomes too difficult to handle because Sharepoint adoption tends to grow very rapidly.