Cloud Seeding (Platforms): Keeping Pace With Constant Change

Technology change management has become a vital — and increasingly difficult — element of managing cloud collaboration platforms. New features, integrations and security enhancements, which used to happen only periodically and with plenty of advance notice, are now rolled out rapidly and in the background, often going unnoticed or taking compliance and risk management professionals by surprise. 

Case in point: Microsoft released nearly 400 updates to its Copilot product in 2024 alone. While not all of these updates effect legal or compliance professionals, many of them effect storage of prompts and responses, contents and formats of data collections, sensitive internal data being included in AI returns or being referenced for response, and information governance settings and policies. 

Many legal departments update their e-discovery and legal hold playbooks annually or even less frequently. That is not often enough in today’s modern data reality. Without a formal strategy in place to continuously evolve and adapt processes to changes in the data environment, the teams responsible for e-discovery, compliance, litigation holds and information governance will see their processes quickly become outdated. Updates to cloud tools have shifted to a model of continuous updates and rollouts, and with that, prevalence and complexity has increased and with AI that pace of change is gaining even more speed. Proactive change across numerous aspects of the legal process has become essential. Key areas to address include data storage, sensitivity labeling, data collection, legal hold and understanding new data formats and in turn transformation downstream. Additional key elements:

E-discovery and litigation readiness

Litigation readiness and e-discovery are uniquely impacted by cloud system updates. When legal teams aren’t prepared for changes to interfaces within tools like Microsoft’s e-discovery modules, new preservation functionality in collaboration platforms or changes to the way data is stored and classified across systems, an array of legal risks can arise. If these changes occur in the midst of a critical investigation or active e-discovery matter, important data can be overlooked or collections may need to be re-run, creating delays and additional strains on resources for the overall matter. Not understanding the landscape of the cloud at the point in time when these matters arise can lead to missed deadlines, increased cost and missing important pieces of information hidden in data sources and formats that are not being considered. 

Legal hold

Historically, third-party tools were essential for managing legal holds across software programs and platforms and playbooks were often written with these tools in mind. That is no longer the case. Traditionally, legal hold notices involved communicating directly with custodians with instructions to not delete documents or emails and more recently, many organizations have established the ability to set and enforce preservation requirements automatically through their cloud collaboration platforms directly. A prime example of this would be Slack, which historically has not made many updates to information governance or legal hold capabilities.

After adding legal hold capabilities in recent years, Slack now allows legal holds to be placed on channels and conversations rather than just custodians. These changes, while meant to improve the legal hold process, also forced changes around storage and in turn collection from certain license levels. So, not only do companies need to rewrite how they are using the legal hold features within Slack, they also need to rethink how they collect data from Slack. Using older workflows could now result in the exclusion of all one-to-one chats and multiparty instant messages.  

Organizations also used to rely on third-party tools for legal holds, since they were superior to the functionalities included with more general purpose software. If organizations move toward using Slack for legal hold, and continue to use a third-party tool, the legal holds in both places may cancel each other out, resulting in a loss of data that should have been preserved. It is easy to imagine how a retention program can go awry if these settings are not set properly or if an organization isn’t actively tracking and adapting to changes in retention functionality. 

Microsoft has followed a similar path. Whereas third-party software was common for placing legal hold across Office products, Microsoft's built-in features now allow legal holds to be managed within Microsoft 365 with relative ease. Reluctance to embrace legal hold based in the source means relying on third-party tools that are experiencing the same difficulties keeping up with cloud platform changes. They may be behind in adapting to new features from the source, leading to missed preservation requirements. 

Data collection

Cloud data collection has also grown more complex. New data types, linked content and changes to platform defaults all introduce potential, hidden pitfalls. When data is not collected correctly the first time, because underlying technology infrastructure changes necessitate a change in strategy, the collection may need to be repeated, or additional work may be required to include missed content, costing organizations time and money.

Legacy data strategies often collect large amounts of data that is not needed (e.g., AI artifacts, documents in shared storage) and neglect other data that is likely relevant (e.g., linked content and collaboration tools used outside of larger cloud collaboration suites).

Artificial intelligence implementation

While many organizations are beginning to see the benefits of generative AI, these tools also create new headaches in e-discovery. For example, logs of AI searches and queries are stored with and can be connected to related chats and emails. These query logs and AI-generated content within the cloud environment are likely to become discoverable in disputes and investigations. As that trend begins to take shape, legal teams will face challenges collecting that data and transforming the interaction between AI and an individual into a new document type that can be reviewed for relevance and insight. It also raises custodial questions around ownership of the data created and the data referenced for its creation. 

Shared access

Before platforms like SharePoint and Google Drive, the definition of a custodian was clear cut. Now, employees can have access to millions of documents on shared storage, even if they never open them, blurring the lines of who knew what and when. Versioning control is also a consideration, since a single document may have been edited hundreds of times by dozens of employees and numerous files may be created from one original document. Many tools allow for settings that will save a document version when it is shared, but collection will only include the most recent version. Understanding of the upstream settings is vital in order to be sure what version of documents are being collected or considered. 

Some newer collaboration platforms have taken a new stance on shared access and what is considered custodial data. A legal hold for some solutions will only include documents that an individual has interacted with, so viewed, edited, created shared, etc. Is this enough to meet the definition of custodian? Should other tools adopt new strategies such as this or should newer tools leaning toward innovation reconsider how they define ownership of data? 

Continuous improvement

In this constantly evolving environment, updating playbooks sporadically is not sufficient. Neither is waiting for IT to notify the legal team of system changes. Starting upstream is essential. In order to ensure defensible preservation and collection, processes must be updated continuously across all sources where data is retained and employees are communicating. 

Legal teams also need to keep an eye on technology roadmaps and maintain a clear line of communication with IT. This will be a new approach for counsel, who don’t often spend their days focused on updates their software providers may be conducting in the next six months. With continuous improvement as a priority, legal teams will need to  sign up for newsletters and other resources that provide information about important changes and their implications for legal processes. Resources include:

• Software providers, such as Microsoft, Google, and Slack, provide regular updates through their website, customer communications and blogs.
• FTI Technology provides monthly updates for users of Microsoft 365.
• RSS feeds and tools like Feedly allow users to subscribe to blogs and changelogs for a wide range of technology vendors.

Relationships matter too. Legal and IT should cultivate connections with platform representatives who can alert them to upcoming changes. 

When changes happen, workflows need to be updated, tested and adopted team wide. That means when someone on the legal team sees that something has changed, there needs to be an internal communication plan to update the playbook and alert other members of the team. Otherwise, the next person who runs into the same situation may solve it differently. It is not easy to drive these types of changes in behavior across teams, but it is critical to mitigate risk.

Ultimately, legal teams must treat their playbooks and processes as living documents. In an age of continuous updates, success depends not only on proper documentation but on the ability to adapt quickly, communicate clearly and collaborate effectively across teams. Those that do will reduce risk and cost, while playing a critical role in supporting the success of their organization’s digital future.

Related topics:

The views expressed herein are those of the author(s) and not necessarily the views of FTI Consulting, its management, its subsidiaries, its affiliates, or its other professionals.