Identifying trade secret documents, sensitive source code and their derivatives within systems spanning multiple jurisdictions required coordination of a global team as well as specialised digital forensics capabilities. In addition to a broad data collection, discovery and deletion across company systems, remediation for more than 100 employee devices was to take place over a single weekend in multiple locations, amid covid travel restrictions. Devices were to be returned to employees over a staggered weekend, only after every instance of responsive data on the hard drive and in associated cloud accounts had been found and removed in accordance with the agreed criteria.

Under extreme time pressure, the team faced several delays. The devices were equipped with data loss prevention (DLP) software that prevented the team from running automated remediation scripts. Many of the devices were also outdated and slow moving, posing fundamental technical barriers for the team to access and navigate the data.

Additional key challenges in the matter included:

  • A wide variety of data sources and formats, each requiring unique remediation methodology. Laptop and enterprise system data included source code, dev-ops software files and accounts from current and legacy email systems. The matter also involved VMWare and Google Workspace environments, which required a combination of automated and manual remediation workflows.
  • Delayed access to servers for discovery and remediation across the organisation’s Microsoft 365 and Exchange environments, requiring trouble-shooting with the organisation’s email administration team to speed up the remediation scripts.
  • Over-preservation of legal holds that should have expired, resulting in excess data within company systems and on custodian devices. FTI Technology had to take additional steps to remove expired legal holds so relevant data could be deleted.
  • Subsequent litigation in the U.S. requiring the transfer of sensitive and responsive data, some of which included personal health information and was therefore prohibited from leaving the country according to local data protection laws until a personal data redaction exercise had been completed.

Our Role

FTI Technology’s team in Dubai deployed numerous experts across key locations, remotely and within the client’s offices, amid covid travel restrictions. The team developed numerous bespoke workflows and highly technical workarounds solutions to address challenges with the data and ensure comprehensive and exhaustive discovery and remediation. In addition to technical solutions including automated scripting and PowerShell commands for various data sources, these workflows included an efficient time management plan that enabled the team to complete remediation without disrupting custodian access to active devices during their working week.

Specific activities included:

  • Identification and remediation of hundreds of thousands of individual items from data sources including Google Workspace, Microsoft 365, GitLab, FTP, virtual servers and individual devices.
  • Development of unique remediation methodologies to address legacy legal holds and nuances of various systems, such as 30-day legal hold “grace periods” within Microsoft 365. The team developed Python and SQL scripts for code file review, PowerShell commands within the Microsoft 365 environment, bash scripts and PST Counter and PST Cleaner tools. Logging was integrated within scripts to keep a record of remediation activities.
  • Use of advanced predictive coding workflows for document review to determine responsiveness.
  • Collection of backups of data removed from laptops to support restoration if required.
  • Collaboration with the client’s IT administrators to gain access to tightly-guarded systems.

Our Impact

A global team of experts across FTI Technology’s regions and practices responded to a timesensitive, high-value, technically-challenging matter within days. A global team of FTI Technology professionals with a variety of skills and experience operated as a cohesive unit to deliver this very challenging requirement. Results included:

  • Fast, effective and defensible remediation of a massive population of trade secret information and source code data.
  • Rapid response to complete the work, across borders and within established deadlines.
  • Fulfillment of the DIFC court’s order for dispute resolution.