The Importance of ‘chain of custody’ in Microsoft’s 365

17a-4, LLC provides D3P and compliance services for clients using Microsoft’s 365.  Microsoft’s Advanced eDiscovery is a powerful tool for collections and legal productions, but organizations need to be prepared in the event the evidence’s ‘chain of custody’ is challenged.

Millbrook, NY – 17a-4, LLC, the number one independent Designated Third Party provider for US Broker-Dealers, works closely with regulated institutions to ensure corporate data is managed efficiently and retained in legally defensible formats in accordance with current rules and guidance.  Microsoft’s 365 platform is being widely adopted across the financial industry as clients take advantage of new compliance and security features.  Clients must be prepared to evidence ‘chain of custody’ for all data residing in Microsoft’s 365.

There are two sets of data in Microsoft’s 365:  First, data which is generated directly on the 365 platform including email, Teams messaging and SharePoint; second, the data which is brought into the platform using M365’s Third Party Data endpoint.  This data may come from many different sources including Slack, Cisco WebEx, social media platforms (Twitter, YouTube and Facebook), Bloomberg, Symphony and many other messaging platforms.  There is tremendous efficiency to bring all potentially e-discoverable content onto M365, however, when a regulator or opposing counsel challenges the authenticity of the data alleging that it has been altered, an institution must be prepared to provide evidence of its ‘chain of custody.’

There are several ways in which in-house counsel may prove the integrity of the evidence.  First, it may have a hash code calculated at the time of collection.  This hash code may be re-calculated based on the evidence and if the hash codes match in value, then the courts will accept the evidence.  Another option is to have the original files preserved in non-erasable format and, again, if the evidence is challenged, the evidence may be compared to the original content.  This process applies to content such as Bloomberg and Symphony downloads, Cisco messaging and Slack.

Defensible productions are a critical component to performing any type of regulatory or legal productions and ‘best practices’ always includes verifying the software tools used to bring in third party content.  Testing that will allow for the institution to respond to an evidence challenge in court.

“Chain of custody is a critical element of defensible productions.  We have several features in our DataParser software that provide integrity assurance, including hash codes and preserving input files to Azure Blob immutable storage.,” offers Douglas Weeden, General Counsel, 17a-4.  “We also,” Douglas continues, “provide expert witness support to our DataParser clients should an evidentiary challenge arise as to the ‘chain of custody’ of content processed by the DataParser.”

17a-4, LLC offers D3P and Compliance Services to assist with M365 compliance.  DataParser is available in on-premise and hosted plans.  For more information.