Category Archives: compliance

June 17, 2025 · 2:56 PM

X1 Enterprise Is the Gold Standard for Data Separation in M&A Matters

By John Patzakis and Charles Meier

X1 is the Gold Standard in Data Separation

Corporate mergers and acquisitions are complex enough on their own — but when a deal involves the divestiture of an entire business unit or a carve-out of specific departments, the stakes for separating data correctly and efficiently become even higher. Legal and IT teams must identify and surgically separate emails, documents, and other unstructured electronic information to ensure that the right data goes to the acquiring party — and that what must be retained remains secure and compliant with privacy and legal requirements.

This data separation exercise is notorious for being time-consuming, extremely expensive, and highly disruptive. This is because traditional methods require heavy lifting by IT teams and service providers, endless back-and-forth with custodians, and mass data collections that literally double the risk. Worse yet, Microsoft Purview, with its known throttling and low throughput challenges for M 365 data, is not up to the task for data separation matters that invariably involve at least dozens of terabytes. These inefficiencies all lead to severe regulatory risks, runaway costs, and critical delays.

There is, however, a far better way — X1 Enterprise. Several major corporations have recently employed X1 Enterprise in high-stakes data separation matters. Once completed, the comments from our customers are the same: There was no other way they could have done it without spending millions of dollars on time-consuming and disruptive services.

Data Separation Is Not Just Another eDiscovery Project

Unlike standard eDiscovery, a divestiture-driven data separation project must carve out large volumes of live, operational data while the business continues to run. Legacy tools and processes require copying and moving the entire subject data set to a separate repository for indexing and searching — adding huge costs, time delays, and operational risk.

X1 Enterprise’s game-changing advantage lies in its distributed micro-indexing architecture and true index-in-place capability. This unique approach allows organizations to instantly search, categorize, and separate or otherwise remediate massive volumes of data where it resides — without duplicating and exporting entire data sets to third-party servers for processing.

In practical terms, this means:

Lightning-Fast Search: X1 Enterprise creates lightweight, local micro-indexes on endpoints and servers across the organization. Search results come back in seconds, no matter where the data lives — on laptops, file shares, or cloud repositories such as M365.

Minimal Disruption: Because the data stays in place, there is no need to duplicate or move sensitive content, minimizing the risk of data leakage, avoiding the bottlenecks that come with data copying and migration for centralized processing, and enabling the actual remediation to be infinitely more effective by working on the live data set. How do you execute data separation when you are working off a stale copy of the data for the categorization effort? The short answer: Up to millions of dollars in manual services to go back to the “original data” and manually separate the data for each employee and their respective data sources.

Scalability and Control: Whether the divestiture involves hundreds or thousands of custodians across geographies, X1 Enterprise scales seamlessly while giving legal and IT teams centralized control and real-time oversight.

Defensible Process: Legal teams can generate audit trails, reports, and logs to demonstrate a precise and defensible chain of custody, which is critical for regulatory and contractual compliance.

The Bottom Line: Much Faster, with Dramatically less Cost and Risk.

When time is money — and delays can put entire deals at risk — organizations cannot afford cumbersome, legacy eDiscovery workflows for carve-out data separation projects. X1 Enterprise’s innovative architecture empowers legal, compliance, and IT teams to execute precise data separations faster, with dramatically lower cost and business impact.

For any organization facing a merger, acquisition, or divestiture, X1 Enterprise is not just an upgrade — it is the modern standard for high-stakes data separation and governance.

Learn more about how X1 Enterprise can streamline your next M&A project. Schedule a demo today at sales@x1.com or visit  www.x1.com/solutions/x1-enterprise-platform.

Leave a comment

Filed under Best Practices, Case Study, Cloud Data, compliance, Corporations, Data Audit, ECA, eDiscovery & Compliance, Enterprise eDiscovery, ESI, GDPR, Information Access, Information Governance, Information Management, m365, Preservation & Collection, Records Management

Tagged as , , , , , , , , , , ,

February 12, 2025 · 12:22 PM

X1 Enterprise Successfully Passes GDPR-Mandated Data Protection Impact Assessment

By John Patzakis

The European Union (EU) General Data Protection Regulation (GDPR) requires that subject organizations ensure and demonstrate the protection of personal data under their control. GDPR Article 35 mandates that when implementing new data collection technologies or engaging in a major new project involving significant data collection, an organization must perform a Data Protection Impact Assessment (DPIA).

Recently, a Fortune 500 company with global operations successfully implemented X1 Enterprise to address their eDiscovery and information governance requirements throughout the EU region, involving both Microsoft 365 and on-premises data sources. This implementation required the vetting of X1 Enterprise by auditors and the internal Data Protection Officer through an extensive DPIA process, which X1 passed. The effort provides important industry insights into how our Fortune 500 customer leveraged X1’s unique, on-premises index-in-place and targeted search and collection features, as well as other data minimization capabilities, to meet the DPIA requirements.

The EU provides official guidance and a checklist for conducting an Article 35 DPIA. Among the key requirements is the consideration of the “current state of the technology” in the area and that the technology and collection processes have adequate “proportionality measures” in their collection capabilities to “ensure data minimalisation.” If processes and technology engage in overly broad data collection, the guidance suggests considering alternative technologies and methods.

The team at our Fortune 500 customer emphasized the following unique data minimalization capabilities and features of X1 Enterprise in their DPIA:

  1. Index and Search Data In-Place. X1’s proprietary micro indexes enable the searching of data on laptops, file servers and Microsoft in-place so that only the potentially relevant data is collected for eDiscovery and data audits, which fulfills the GDPR’s proportionality requirements. In contrast, tools that require full disc imaging for basic eDiscovery collection are extremely problematic.

    As the court said in In re Ford Motor Company, 345 F.3d 1315: “[E]xamination of a hard drive inevitably results in the production of massive amounts of irrelevant, and perhaps privileged, information…” Even worse, the collected data is then re-duplicated, often multiple times, by the examiner for archival purposes. And then the data is sent downstream for processing, which results in even more data duplication. Load files are created for further transfers, which are also duplicated. Notably, EU guidance for a DPIA analysis requires that organizations consider alternative data collection technologies and methods that have better “proportionality measures” to “ensure data minimalization.”
  2. Blind Searches and User Enabled Review. Using X1 Enterprise, an administrator can run detailed system wide searches and receive a detailed search result report without having access or possession of the target data. Instead, the administrator can direct X1 to first present the search results to the end-user employee to review and apply tags to identify personal, relevant or non-personal data, thereby applying clear and detailed consent to the subsequent collection of any relevant information.
  3. Segmentation of Data Regions vs. Creation of Central Data Lakes. X1 can be deployed behind an organizations’ firewall or their own private cloud instance in the EU. Each custodian/employee is associated with a single micro-index. This allows X1 to target searches to specific EU counties and segments of users. This contrasts to archiving or other eDiscovery tools that require bulk copying and intermingling of all user data to a central location, where additional back-up copies are made, all which directly run afoul of the data minimalization and proportionality requirements of the GDPR.
  4. Delete Data In-Place. GDPR requires the deletion of non-compliant on demand. Purging data on managed archives does not suffice if other copies are on laptops, unmanaged servers and other unstructured sources. X1’s on-premises distributed architecture uniquely enables the systematic deleting of data in place.
  5. Platform to Enforce GDPR and Privacy Policies. In addition to asserting X1 met the requirements and standards under GDPR mandated DPIA, our Fortune 500 customer noted as further justification in their DPIA that they also planned to utilize X1 Enterprise to enforce privacy policies and provisions under the GDPR. X1 Enterprise is an ideal platform to respond to Data Subject Access requests, proactively audit data sources to identify and remediate personal information, as well as systematically purge unneeded data that may contain personal information of EU data subjects.

    Ready to Learn More?
    For companies navigating complex information governance and eDiscovery requirements, including those involving M365, the  X1 Enterprise Platform ensures compliance while protecting privacy. By implementing X1 Enterprise, organizations can not only reduce costs and save valuable time but also gain a strategic advantage in managing their information governance needs. For a demonstration of the X1 Enterprise Platform, contact us at sales@x1.com. For more details on this innovative solution, please visit www.x1.com/solutions/x1-enterprise-platform.

Leave a comment

Filed under Best Practices, Case Study, Cloud Data, compliance, Data Audit, eDiscovery & Compliance, GDPR, Information Governance, Information Management, law firm, m365, Preservation & Collection

Tagged as , , , , , , , , ,

August 6, 2024 · 10:04 AM

Granting Microsoft 365 Super-Admin Privileges to eDiscovery Service Providers is Very Risky and Unnecessary

By John Patzakis and Chas Meier

In a world where data breaches are not just possible but expected, securing sensitive information becomes paramount. However, in many cases, organizations are unnecessarily handing over the security keys to the kingdom to eDiscovery Service Providers by providing them with very heightened security privileges to their Microsoft 365 tenants. This is because the more manual methods relied on by service providers often involve gaining high-level permissions usually only reserved for senior trusted IT directors and executives within the client organization. Such broad access can lead to unauthorized data access, including creating new accounts for others outside the organization, data overcollection, and unintended data modifications and even deletions. These unnecessary accommodations can cause severe irreversible damage, security breaches and overall complication with compliance efforts.

Clients are often told such high-level security access is absolutely necessary. In truth, service providers only resort to such measures when they fail to utilize best practices technology. In many cases, service providers, once they gain elevated administrative permissions, simply run basic scripts that they position as proprietary, which have little functionality other than the bulk download of M365 data. These scripts only work if very high-level access is granted to the user of the scripts. Once the service provider completes their mass data download from M365, they are off to the races with their traditional highly lucrative eDiscovery workflows of excessive data volumes due to overcollection, extensive processing and project management, and final eventual staging into review, all leading to excessive costs and unnecessarily extended timelines.

In contrast, our customers believe X1’s strategy for M365 Data Access is unique and disruptive to legacy approaches still utilized by many service providers. We designed our approach to maximize security, enhance operational efficiency, and ensure economic advantages for our clients, setting new benchmarks that challenge conventional industry practices.

  1. Uncompromised Security with Read-Only Access
    X1’s approach to accessing client information in a read-only least privileged manner exemplifies our commitment to security. In our approach a client grants read-only permissions to the X1 Enterprise solution licensed and controlled by the client, through an application that also remains under the control of our client and has a built-in expiration. No X1 employee ever needs to have access to or personally utilize the client’s M365 credentials. There is no ability for X1 to create new accounts or even delegate M365 permissions. This approach eliminates the risks associated with more invasive access levels that other eDiscovery providers often require.

    X1’s methodology ensures that the data remains pristine and untouched throughout the eDiscovery process. This approach not only supports stringent compliance with legal and regulatory standards but also shields organizations from the pitfalls of unauthorized data manipulation. It significantly reduces the potential for costly security incidents, reinforcing the trust our clients place in us to handle their most sensitive information.

  2. Index-in-Place: Elevating Data Integrity and Efficiency
    Our “index-in-place” technology stands in stark contrast to the traditional data extraction methods employed by many service providers. These providers often relocate substantial data volumes from clients’ M365 tenants to their environments—a practice driven by the desire to increase hosting volumes and, consequently, revenue. This not only introduces significant security risks but also strains client resources and infrastructure.

    By indexing data directly within its native environment, X1 maintains the integrity and security of the data. This approach significantly reduces the exposure of data to external threats during transfer and storage. It also enhances the speed and accuracy of search and collection processes, enabling quicker responses to legal inquiries and reducing the overall time and cost of eDiscovery.

    Moreover, this method highlights our principle of avoiding the “fox guarding the henhouse” scenario, where providers have incentives that might conflict with client interests. Our clients appreciate the transparency and integrity of keeping their data within their controlled environment, free from unnecessary external manipulation or exposure.

  3. Transparent Pricing Promoting Efficiency and Reuse
    X1’s innovative pricing model stands out by encouraging the efficient reuse of tools without penalizing clients for data volume. This approach directly contrasts with the common industry practice where costs escalate with the volume of data hosted or processed. Our pricing structure is designed to align closely with our clients’ needs for predictable and reasonable costs.

    By not charging based on data volume, we foster a more sustainable and rational use of resources, allowing our clients to plan and budget more effectively. This pricing strategy supports not just cost savings but also promotes a more strategic use of eDiscovery tools, encouraging practices that are both economically and environmentally more sustainable.

Conclusion
X1 is dedicated to setting a higher standard for secure, efficient, and cost-effective data management solutions in Microsoft 365 environments. Our innovative approaches to read-only access, index-in-place technology, and volume-independent pricing ensure that our clients receive unparalleled service that prioritizes their security, operational efficiency, and financial well-being.

We invite you to join us in this transformative journey and experience the peace of mind that comes from knowing your data remains in place until you target a collection to migrate into review. For a demonstration of the X1 Enterprise Platform, contact us at sales@x1.com. For more details on this innovative solution, please visit www.x1.com/x1-enterprise-platform.

Leave a comment

Filed under Best Practices, Cloud Data, compliance, Cybersecurity, eDiscovery, eDiscovery & Compliance, Enterprise eDiscovery, ESI, Information Access, Information Management, m365

Tagged as , , ,

May 7, 2024 · 9:28 AM

Index and Search In-Place Workflows Are Essential for Information Governance

By John Patzakis and Charles Meier

Information Governance

Accurate pre-collection data insight is a game-changing capability that enables organizations and their legal teams to determine the scope, volume, and content of electronic information before the very disruptive and expensive step of collecting the data. This insight is enabled through distributed index and search in-place technology.

A true distributed index and search in-place capability for unstructured data requires a software-based indexing technology be deployed directly onto fileservers, laptops, or in the cloud to address Microsoft 365 and other cloud-based data sources. This indexing occurs where the data sources reside without requiring a bulk transfer of the data to a central location. Once indexed, searches can be performed in seconds, supporting complex Boolean operators, metadata filters and regular expressions. Searches can be iterated and refined without limitation, which is critical for large data sets.

While our previous blog post addressed the critical importance of this capability in eDiscovery matters, it is equally essential in information governance projects such as PII audits, the purging of redundant, obsolete or trivial (ROT) data, and due diligence and data separation efforts in support of corporate mergers and acquisitions. Many X1 customers have recently employed our indexing in-place technology on such projects with remarkable success.

Incredibly, many of these customers also received alternative proposals that leverage traditional eDiscovery workflows presenting much higher estimated costs and much longer durations. Traditional eDiscovery workflows mandate broad and manual data collection, copying and migration efforts, large scale data processing, and loading the data into a different platform for review and analysis. There are three fundamental reasons why this “traditional approach” is fatally flawed for information governance projects.

  1. Prohibitive Cost and Risk. The data scope of information governance projects involves terabytes and sometimes petabytes of data. Mass collection, copying and migration of these data sets with manual hand-offs for later analysis in a centralized location is extremely expensive, disruptive, and time consuming. Also, mass duplication and egress of enterprise data under control to execute ROT, PII, data separation or other due diligence projects is completely antithetical to their very purpose.
  2. The “Now What?” Problem. Let’s assume an organization has decided to incur the enormous cost, disruption and risk associated with the mass copying, migration, and centralization of unstructured data, and after loading the data into a review process, a key subset of documents and emails are finally identified for purging or other remedial action. Now what? You are merely working with copies! The live “original” emails and documents are in M365, email accounts, file servers or on laptops. It is possible to manually retrace and remediate, but that process is expensive and disruptive.
  3. Instant Staleness. Finally, a mass copying and migration effort often requiring several weeks to complete, is immediately stale once eventually completed as the live data in its original location has inevitably changed.

X1 solves these challenges though our proprietary and patented distributed index and search in-place technology that enables scale by bringing true distributed indexing in-place to laptops, file shares, M365 and other cloud sources. X1 Enterprise Collect significantly streamlines information governance workflows by identifying and allowing for the remediation of targeted data in-place, thereby eliminating the need for expensive and cumbersome data duplication and migration.

For a demonstration of the X1 Enterprise Collect Platform, contact us at sales@x1.com. For more details on this innovative solution, please visit www.x1.com/x1-enterprise-collect-platform.

Leave a comment

Filed under Cloud Data, compliance, Corporations, eDiscovery, eDiscovery & Compliance, Enterprise eDiscovery, ESI, Information Governance, law firm, Preservation & Collection

Tagged as , , , , , , , , ,

May 16, 2023 · 10:54 AM

X1 Delivers Cutting-Edge MS Teams Support

By John Patzakis

The prominence of Microsoft 365 data sources continue to grow in eDiscovery matters exponentially. However, most non-MS eDiscovery tools collect from MS 365 by simply making bulk copies of data associated with individual accounts, and then attempt to transfer that data en masse to their own proprietary processing and/or review platform. Such an effort is very costly, time-consuming, and inefficient for many reasons. For one, this bulk transfer triggers data transfer throttling by Microsoft, causing significant time delays. But the main problem is that clients who are investing in MS 365 do not want to see all their data routinely exported out of its native environment every time there is an eDiscovery or compliance investigation.

So, enterprises with relevant data stored in MS 365 need to have a good process to perform unified and efficient search and collection of MS 365 and non-MS 365 sources. To achieve requisite efficiency and the minimization of data transfer, this process should be based upon a targeted search and collection in-place capability, and not simply involve mass export of data out of MS 365 for downstream processing and searching.

To answer this unmet critical need, X1 launched MS 365 data connectors to our X1 Enterprise Collect platform. X1 Enterprise Collect provides users the unique ability to search and collect MS 365 data in-place. X1’s optimized approach of iterative search and targeted collection enables organizations to apply proportionality principles across both cloud and on-premise data sources with clear and consistent results for effective eDiscovery.

And now, X1 has added cutting-edge Teams support to complete our existing support of OneDrive, MS Mail and SharePoint. The X1 Enterprise Collect Teams collection capabilities include the following unique benefits unmatched by other independent software providers:
• The ability to target individual custodians and specific messaging threads, displacing any need to mass download channels
• Unified search and collection of on-premise and cloud data sources, including Teams, OneDrive, SharePoint, Mail, laptops and file-shares for an optimized approach
• Patented index, search and process the data in-place, removes any reliance on premium processing or supplemental services
• One-click upload into Relativity for review, for a streamlined end-to-end process
• A truly automated product solution, as opposed to a service-based offering

Winston & Strawn eDiscovery partner Bobby Malhotra notes: “With the vast number of users and unyielding amount of data in collaboration applications such as Teams, having the ability to target and triage data by specific custodians and threads allows organizations to handle discovery in an efficient and pragmatic manner. X1 provides the unique ability to seamlessly collect and search across numerous web, collaboration, and social, data sources.”

Watch the X1 hosted webinar on-demand featuring the hot topic of Best Practices to Collect from MS Teams in an Effective, Defensible and Proportional Manner.

The X1 Enterprise Collect Platform is available now from X1 and its global channel network in the cloud, on-premise, and with our services available on-demand. For a demonstration of the X1 Enterprise Collect Platform, contact us at sales@x1.com. For more details on this innovative solution, please visit www.x1.com/x1-enterprise-collect-platform.

Leave a comment

Filed under Authentication, Best Practices, Cloud Data, collection, compliance, Corporations, Data Audit, ECA, eDiscovery, eDiscovery & Compliance, Enterprise eDiscovery, ESI, law firm, MS Teams, OneDrive, proportionality, SharePoint

Tagged as , , ,