eDiscovery in SharePoint

One of the great features that came in SharePoint 2010 is the tool for eDiscovery. What is eDiscovery? The process of collecting and analyzing content related to some litigation or an official request. It’s a big deal and this post discusses preparations you need to make in SharePoint to be ready.

If you’re an IT manager or a developer and someone comes to you and says, “We need eDiscovery in SharePoint,” run for the hills! This is something that cannot be done alone. eDiscovery requires specific input from lawyers and records managers.

Who should care about eDiscovery?

Every company needs to have some conversation about eDiscovery because, let’s face it, litigation happens. You have no choice on the matter if you are a public company or in a regulated industry.

Even if you are not public or regulated, you should consider eDiscovery for the very simple reason that IF litigation happens, it will cost you exponentially more to deal with a lawsuit than to implement an eDiscovery policy. Luckily, the discovery process is easy with SharePoint 2010.

eDiscovery in SharePoint is basically Search+. Search + records management and hold tools. A “hold” is what happens when you run eDiscovery on a particular topic. When you “hold” content associated with that topic, you are locking down all related documents. “Hold in-place” will hold a document in the library it was found so users will see it, but will be unable to edit. “Hold and move” (recommended) is when a document is moved from it’s original location to a holding location.

Remember! SharePoint is a platform not a magical problem solver. You MUST first have an eDiscovery policy. For example, your policy can state that the eDiscovery process is to first issue a memo, do the hold, and then notify when the hold has expired…or something along those lines.

You MUST consult with your lawyer on how to manage a “hold”. For some companies it is deemed unacceptable to have a document permanently locked. The policy must also include WHO can run eDiscovery. In most companies, a records manager or a lawyer are the only people with the rights to run eDiscovery. But, there is a caveat. eDiscovery requires site collection administrator access at minimum and this can’t be given to just anyone. There is a work around to this, but it’s a bit of a trick. There is a hidden list that manages who has access to eDiscovery features, and you can add individuals, such as a records manager, to that list without giving them administrator access.

Despite the ambiguity and these loopholes, eDiscovery is useful. Lawyers now in the face of litigation are using the eDiscovery strategy to validate the system of record, in this case SharePoint, and by proving the system, processes, policy, and content that come from that system.

What does all of this mean? SharePoint has great features for eDiscovery, but it’s just a tool to help with one part of the process. You must plan. As with all things SharePoint, projects do not fail because of technology but instead they fail because of people and lack of planning. This is the same with eDiscovery. A plan is the most important step. An eDiscovery policy should be a part of the information architecture and security plan in all SharePoint deployment companies, small or large.