“Own the eDiscovery process”: Microsoft unveils compliance center

Microsoft Office 365 has been moving ever closer to helping corporates own the eDiscovery process but what the debut at Legaltech19 of the new Microsoft 365 compliance center showed us, is that the software giant is now a serious threat to external early case assessment providers.
The compliance center, which is being rolled out in order to help corporations better manage their data privacy risks and avoid the risks associated with sending data out to third parties, enables managers to safeguard sensitive data, manage the data governance process and use new in-built eDiscovery tools.
To help protect sensitive data across various platforms the new Microsoft Information Protection capabilities enable users to classify content and apply labels to documents and emails directly from Office apps on Mac (Word, PowerPoint, Excel and Outlook) and Office mobile apps.
A user can now assign a ‘highly confidential’ label while working on an important document in Word, which results in an appropriate protection policy, including encryption.
During litigation and investigations, new capabilities in Advanced Discovery (available to users with an Office 365 E5 subscription) help users communicate with custodians, isolate case-related content for processing within static sets and use the new review and redact capability to modify sensitive portions of documents before exporting them as part of a legal matter.
Addressing a packed room in a demonstration of the new capability over breakfast at #Legaltech19, Shilpa Ranganathan, general manager of mobile product experiences at Microsoft, said: “This will help the corporate to own the eDiscovery process and removes third party dependency. If you buy E5 licensing, it’s in there. We’re very much focussed on serving large corporates’ problems and that includes helping them to own the early part of the eDiscovery management model.”
Partner director of program management Rudra Mitra said: “What does modern compliance look like? The workplace is more complex than ever and data is so fragmented. Our customers need integrated tools that leverage intelligence to reduce risk.
“We want to make sure that our compliance systems are end-to-end. It’s no good if you have to take data to some other system or location or third-party tool.
“We’re providing an end-to-end system with no compromise as to productivity. It offers full coverage and extensibility across all communication channels and offers collaboration in a modern workspace. Plus, our data and security investments are helping to meet and exceed customer data security expectations.”
One senior counsel present at the meeting observed: “Because companies often grow through acquisition it can create a fragmented way in which data is stored or managed. The opportunity here is centralisation: you can create one set of rules around the data and it’s in one place, which helps align with your acceptable use policy. This is not just about preservation but how data is managed when you have a core set of tools where data is preserved.”

In a blog post Mitra said: “In the Microsoft 365 compliance center, you can easily access solutions to help you assess your compliance risk through Compliance Manager, protect data through features like Data Governance, and respond to regulatory obligations like Data Subject Requests.
“Along with the new Microsoft 365 security center, these specialized workspaces are designed for security and compliance professionals to centrally manage Microsoft 365 services with a unified experience and insights powered by artificial intelligence (AI).”
Attending the breakfast briefing was Wendy Butler Curtis (pictured), chief innovation officer at Orrick, who told Legal IT Insider: “The Microsoft 365 Compliance Center is empowering our clients with better data management, visualization and security.  Through one intuitive interface, companies can use AI-enabled features for eDiscovery, investigations, and compliance.  Without moving data or hiring vendors, companies can apply retention periods, enable preservation, execute on GDPR requirements and supervise data to ensure compliance with company policies.”
As before, in companies that have no dedicated eDiscovery resource or training, bringing the process in-house is still unlikely to be a good idea.
But it’s worth doing a cost / risk calculation. And judging by the reaction in the room in New York, Microsoft have nailed it this time.