eDiscoveryDaily

By Rick Clark, VP of Strategic Partnerships and Marketing at CloudNine, and Melissa Weberman, Counsel and Head of eData at Arnold & Porter

In today’s evolving corporate data landscape, custodian interviews—early interviews of key employees who hold relevant electronically stored information (ESI) —remain a cornerstone for defensible discovery. Even with today’s advanced analytics and AI tools, a thorough custodian interview can provide a major advantage in saving costs and managing discovery risks. As the volume and variety of corporate communication methods evolve—ranging from traditional email to short-messaging apps like Slack, Microsoft Teams, WhatsApp, and Signal—attorneys should consider sharpening their custodian interview techniques to identify and preserve relevant ESI. The stakes are high: poor interview and collection strategies can result in spoliation, sanctions, and reputational damage.

Start With a Clear Purpose

Custodian interviews serve multiple critical purposes in litigation, including:

• Identify where relevant data lives, including on personal devices or unofficial “shadow IT” apps—i.e., any tool employees use for work without the company’s formal IT approval or retention controls (e.g., personal Dropbox, WhatsApp, or a private Slack workspace). This ensures no major source of evidence is overlooked early on.
• Help preserve data and avoid spoliation, because by learning what data exists and where, counsel can promptly preserve it (for example, by issuing legal holds or suspending auto-deletion on systems). Failure to identify a source through interviews could result in data loss. For example, if a custodian uses an ephemeral messaging app, interviewing them quickly allows you to halt any auto-delete settings before relevant messages disappear.
• Scope and focus the discovery effort, as a well-run interview arms you with information to negotiate a reasonable scope of discovery with the opposing side. You can learn which data is truly important—and what can be safely excluded—making discovery more proportional to the needs of the case. This can reduce unnecessary review of irrelevant data, saving time and money.
• Uncover key facts and terminology, because speaking to custodians often reveals context that is not obvious from documents alone. They can explain project code names, acronyms, or unique jargon that they use, and critical date ranges and players. Knowing these details guides you in formulating better search terms or using analytics (e.g., recognizing a code word in emails that filters irrelevant documents). In turn, this improves the efficiency of downstream review and helps you spot important evidence faster.
• Demonstrate a defensible process, as courts expect counsel to make a good-faith, thorough effort to find relevant ESI. By conducting and documenting these interviews, you can later show the court (or opposing counsel) that you took reasonable steps to identify and preserve all relevant information. This record becomes vital if there are ever challenges to your discovery process or accusations of missing data.

Being intentional can ensure the interview is productive and minimizes missed evidence. Before the interview, review the custodian’s role, potential data sources, and communication tools. Consider preparing a case-specific checklist or interview template—do not rely on a static form—to ensure you are properly prepared for the specific nature of the case and the client’s business processes.

Customize Based on Your Role

Successful custodian interviews and defensible collections require strong collaboration among in-house counsel, outside counsel, and service providers. In-house counsel aligns the interview process with the company’s internal policies, reassures employees, and facilitates access to systems. Outside counsel, meanwhile, brings an external perspective that shapes strategy, ensuring that questions are thorough and appropriately scoped, and keeping the process defensible. Service providers deliver the technology for efficient and secure data collection, processing, and hosting for review. They offer tools for real-time collection, develop secure workflows for managing diverse data sources, and generate detailed documentation that may prove critical if collection practices are later challenged in litigation. When all three groups—internal legal teams, external attorneys, and technology partners—work together seamlessly, the result is a defensible, efficient, and transparent discovery process that stands up to scrutiny and reduces risk.

Build Trust with the Custodian

Custodians are more likely to share relevant information if they understand that interviews are standard procedure and not indicative of wrongdoing (but it is important they understand that the interviewer represents the company, not the individual custodian). Establish rapport by:

• Clearly explaining the purpose of the interview.
• Reassuring them that the process is routine—not an accusation.
• Emphasizing that the custodian’s cooperation protects the company and themselves.
• Collaborating with in-house counsel to act as a bridge and underscore legitimacy.

Gaining custodian buy-in can increase cooperation and the quality of disclosures. Further, building trust early can pay dividends later when collections need to be supplemented or deposition preparation begins.

Modern Communications: Ask the Right Questions

Today’s employees communicate through a mix of chat apps, collaboration tools, mobile devices, and cloud platforms. Consider asking specifically about:

• Chat applications (e.g., SMS, Slack, Teams, or WhatsApp) and whether relevant. messages sit in private channels or DMs.
• Collaboration hubs (e.g., Confluence, SharePoint, or Google Drive).
• Personal devices or accounts used for work.
• Any unsanctioned “side” apps or cloud storage.

Be prepared for reluctance or lack of awareness or recollection. Use visuals or demos to jog memories.

Coordinate With IT and Records Personnel

It is often useful to speak with IT personnel who understand the company’s systems. They can provide a high-level view of standard data sources, retention policies, and system locations. However, always verify those details with the custodian’s actual practice. For example, IT might report that “all email is on the server, none is stored locally,” but an interview reveals the employee saved archives on a local drive contrary to policy. Similarly, a policy might say employees should not use USB drives or personal devices, yet a custodian may admit they routinely did so. Use the IT interview as a starting point, then confirm details with each custodian to help avoid blind spots.

Leverage Real-Time Collection and Screen Sharing

Where appropriate, use technology that enables real-time review and preservation of data. Screen sharing or live data exports during the interview can:

• Validate custodian responses in real time.
• Capture volatile or short-lived communications before they expire.
• Prevent spoliation by reducing the lag between identification and preservation.

Tools that allow screen sharing, cloud sync capture, or mobile device previewing are particularly effective.

Document the Interview Meticulously

Consider taking the following contemporaneous notes:

• Custodian identifiers and role: Record the custodian’s full name, title/department, and location, along with a brief description of his role in the matter. This provides context for his data and helps show you identified relevant custodians in good faith.
• Interview logistics: Note the date of the interview, method (in-person/remote), and who conducted it. Consistency here supports defensibility, showing interviews were done timely (typically soon after the legal hold) and by appropriate personnel.
• Legal hold notice: Document that the custodian confirmed receiving the litigation hold notice and acknowledged his preservation obligations.
• Data sources identified: List every source of potentially relevant information the custodian uses, including:
  • Devices: Work and personal devices (computers, phones, tablets, external drives).
  • Email accounts: Work email (Exchange/Office 365, etc.) and any personal or secondary accounts used for work.
  • Network locations: Shared drives, department file servers, databases, and cloud repositories (SharePoint, Google Drive, etc.).
  • Business applications: Relevant enterprise systems (CRM, HR systems, finance databases) that the custodian accesses.
• Communications and collaboration channels: Document chat or messaging apps (Microsoft Teams, Slack, WhatsApp, SMS/iMessage, etc.), social media or direct messages if used for business, and any ephemeral messaging platforms. Note if relevant content exists and how it’s preserved. If the custodian uses apps with auto-delete or self-destruct features (e.g. Snapchat, Confide, Wickr), record this and any preservation steps taken (such as disabling auto-delete or instructing the person to save screenshots).
• Retention policies and auto-delete settings: Capture any information about data retention or deletion that could affect the custodian’s ESI. For example, ask if the custodian’s emails auto-delete after 90 days, if chat histories are retained, or if device data is routinely wiped. Document what you learn and any preservation steps taken. If the custodian had been manually deleting relevant data, note that and instruct (and document) that such deletions cease.
• Custodian’s actions: Document any actions the custodian has already taken regarding his data, and record if he mentions any data loss or issues.
• Follow-up steps and outstanding items: At the end of the interview, list any follow-up actions needed and track them. This might include scheduling a forensic collection of the custodian’s device, reaching out to IT about a newly identified server, or interviewing an additional person the custodian identified. Clearly document what will be done, by whom, and when. Maintaining this as part of the interview record ensures nothing falls through the cracks and evidences a continuing, diligent effort.
• Additional custodians or data sources named: A good interview often identifies other people or systems that might have relevant data. Document any new custodians, departments, or repositories the interviewee mentions. This guides your next steps and creates a record that you are expanding the preservation scope appropriately.

By following the above checklist, legal teams can create a defensible paper trail of their custodian interviews. In the event of a discovery dispute or motion, your team’s diligent documentation—complete with who, what, when, and how you addressed custodian data—can serve as strong evidence of your good faith and compliance with eDiscovery obligations. This not only helps in court but also keeps internal eDiscovery projects on track by tracking what has been done and what remains outstanding at each stage.

Best Practices Recap

• Start early.
• Use a standardized interview form but tailor questions case-by-case.
• Keep the tone transparent and cooperative.
• Involve IT and cross-check what policies say versus real-world practice.
• Document interviews, tools used, and preservation efforts meticulously.

Custodian interviews are more than an information-gathering step—they are a strategic moment to protect your client and ensure discovery obligations are met. By combining interview best practices with modern collection technology, legal teams can build a defensible foundation for any case.

We’re excited to share some big news: CloudNine is teaming up with Doug Austin and his industry-leading blog, eDiscovery Today, to launch a new educational partnership aimed at empowering legal and eDiscovery professionals.

If you’ve been in the eDiscovery world for any length of time, chances are you’ve read Doug’s work. eDiscovery Today is the only daily blog covering the latest in electronic discovery, information governance, cybersecurity, data privacy, and AI. It’s a trusted go-to for legal tech pros looking to stay sharp—and now, it’s joining forces with CloudNine to take things to the next level.

A Partnership Rooted in Innovation and Experience

“I can’t think of a better time to partner with Doug Austin again, as CloudNine’s innovation in the eDiscovery market is at an all-time high,” said Rick Clark, CloudNine’s VP of Strategic Partnerships and Marketing. “With advancements in modern data analysis, artificial intelligence, and on-premise data processing, we’re excited about what’s ahead. Doug not only educates the industry but is also one of the most respected content creators in the space.”

Doug is equally thrilled to reunite with CloudNine—where his daily blogging career first began. “Working with the CloudNine team again feels like coming home,” he shared. “I’m excited to continue the tradition of educating the legal industry on leveraging eDiscovery technology and best practices to solve ever-evolving challenges.”

What to Expect

This partnership means you’ll start seeing even more content—blogs, webinars, thought leadership, and more—that focuses on practical, modern solutions for handling everything from legacy email archives to today’s fast-growing universe of collaboration and chat data. Whether you’re an eDiscovery pro or just getting started, there will be something for everyone.

About eDiscovery Today

eDiscovery Today, authored by Doug Austin, is the only daily blog serving the eDiscovery and legal tech community with updates on trends, best practices, and case law. Doug has over 30 years of experience in legal tech and has published new content every business day for nearly 15 years.

On Thursday, April 10, 2025, legal and technology professionals gathered at Arnold & Porter in Washington, D.C. for an inspiring day of discussion, collaboration, and community during The Masters Conference Thought Leadership event. Hosted at Arnold & Porter’s offices at 601 Massachusetts Ave NW, this full-day conference promised a deep dive into the latest challenges and advancements in eDiscovery, legal tech, investigations, and career development.

The conference featured a wide range of insightful sessions—covering topics from artificial intelligence, custodian interviews with modern data challenges, case law updates, and social media collection and analysis. For this blog, I’m focusing on the session that explored the power and process of social media collection and analysis, which stood out as particularly timely and impactful.

The session on social media was titled “Unlocking Social Media Data,” sponsored by SMI Aware, and examined the investigative value of social media evidence. Josh Janow and Paige Hansen (SMI Aware) walked through data preservation strategies across platforms like Facebook, Instagram, LinkedIn, TikTok, Venmo, Strava and over 500 other accounts.

This session actually kicked off at the beginning of the conference, when Josh invited volunteers to have their social media presence assessed live. Using SMI Aware’s platform, the team conducted real-time OSINT (Open Source Intelligence) research on those individuals, compiling reports to present at the 11 a.m. breakout session. Initially, only a few attendees stepped forward—but when the findings were revealed, those volunteers were genuinely surprised by what had been uncovered in just a couple of hours. The reticence on the face of many in the room underscored the power of this tool in the hands of e-discovery professionals.  What began as a novel and engaging activity quickly shifted in tone during the session, as attendees began to recognize social media research as a “must-have” component in litigation, compliance, and due diligence strategies.

Why Social Media Data Matters in Discovery

Since much of our life events are journaled online (as Paige put it), critical evidence is often found in unexpected places—Instagram posts, Venmo transactions, Reddit threads, and business collaboration tools like Slack and GitHub. The session opened with a challenge: What if your case hinges on something someone posted online—then deleted?

Social media can tell a story that contradicts a claim, verifies an alibi, or reveals patterns that shift the legal narrative. Whether it’s a workers’ comp investigation or a high-stakes wrongful termination suit, open-source data is no longer a “nice to have”—it’s a necessity.

When and Where to Search

The first key takeaway? Timing is everything.

Social media content can be altered or deleted. That’s why early case assessment should now include an OSINT component. From public Facebook profiles to lesser-known platforms like Discord or SoundCloud, relevant content often exists in plain sight—if you know where and how to look.

In one powerful case example shared, a claimant in a workplace injury lawsuit posted photos of themselves competing in a dance competition—at a time they were allegedly too injured to work. That evidence was found publicly, but only for a short window before it was removed.

The Legal and Ethical Imperatives

Attorneys and investigators have both a professional and ethical obligation to understand where potential evidence may exist, even if it lies outside traditional custodians and repositories.

The presentation emphasized that collecting this data isn’t about “digging for dirt”—it’s about diligence. When done properly, it involves secure data collection methods, legal defensibility, and a clear chain of custody. Not doing so could mean missing key facts, or worse—compromising the admissibility of your findings.

Challenges and Limitations

Despite its power, social media evidence isn’t without hurdles:

• Deleted or ephemeral content (think Stories or temporary posts)
• Private settings that restrict access
• Platform-specific restrictions on what can be scraped or reviewed

This is where specialized tools and experienced teams like SMI Aware’s come in. Their approach combines automated tools with human analysis to ensure data is gathered ethically, interpreted contextually, and structured into actionable insights with a deliverable of a report and the structured data that can then be imported into a review platform like CloudNine Review.

Real-World Impact: Case Studies in Action

The session walked attendees through several real-world investigations, including:

• Workers’ Compensation fraud
• Wage and hour disputes
• Wrongful termination claims
• Workplace compliance investigations
• Pre-employment screening

Each case underscored the same point: social media and OSINT data can change the course of an investigation—or the outcome of litigation.

Key Takeaways

• Social media is critical to modern discovery. If you’re not using it, you’re behind.
• Data disappears quickly. Timely collection is key.
• You need technical tools and expert interpretation to turn raw data into usable evidence.
• Ethical and professional rules require attorneys to understand how OSINT fits into their duty of competence.
• The report generated from SMI Aware’s software and service is a ready for an expert and is the main use, but also can create the proper load files for review in an eDiscovery review platform.

This conference was yet another testament to the evolving digital landscape of discovery—where artificial intelligence, modern data collection, and advanced review technologies are increasingly aligned to meet today’s challenges.

Are you ready to take control of eDiscovery costs? Let’s talk about how CloudNine can help you save money while optimizing efficiency: Contact Us today.

By Abhishek Jhaver, CloudNine GM and CFO

As a CFO, managing costs without sacrificing efficiency is always a priority. One of the biggest cost drivers in eDiscovery is data volume —the more data you have, the more expensive it is to process, host, and especially review. That is why culling data before review isn’t just a best practice — it’s a financial imperative.

The High Cost of Excess Data

The traditional approach often involves collecting terabytes of data, much of which is irrelevant or redundant. Legal teams then spend significant resources on processing, hosting, and reviewing data that isn’t needed.

Industry studies show that document review can account for up to 70% of total eDiscovery costs. If we can significantly reduce the volume of data before review, we can directly impact the bottom line. The key is leveraging technology to remove unnecessary data early in the process before it becomes a cost burden. This culling process is typically called Early Data Assessment or Early Case Assessment.

CloudNine LAW: The Smarter Way to Cull Data Early

CloudNine LAW is a powerful solution designed to dramatically reduce data volume before review. By using its robust deduplication, filtering, and processing capabilities of over 5,000 file types, organizations can cut down on avoidable data, saving time and money in the process. Here’s how LAW helps make the corporate legal finance teams happy:

• Deduplication: A significant percentage of collected data consists of duplicate files. LAW automatically identifies and removes redundant documents, ensuring legal teams aren’t reviewing the same information multiple times.
• Filtering by Date, Custodian, and Keywords: LAW allows legal teams to filter data based on date ranges, specific custodians, and relevant keywords—removing unnecessary files before they ever reach review.
• DeNISTing: System files and other non-relevant data clog up eDiscovery workflows. LAW uses DeNISTing to eliminate these non-user-generated files, reducing overall data volume.
• Efficient Processing for Faster Turnaround: LAW processes large data sets efficiently, enabling legal teams to move to review with only the most relevant data.

The Financial Impact of Early Culling

By culling data early with CloudNine LAW, organizations can realize substantial cost savings. Fewer documents to review mean lower processing, hosting, and attorney review costs—potentially cutting review-related expenses by 30-50%. Additionally, streamlined processes allow legal teams to work faster while reducing billable hours and improving case timelines.

For CFOs, the equation is simple:

More data = higher costs.

Relevant data = Significant savings in cost, time, and resources.

A CFO’s Call to Action

If your legal team is not leveraging early-stage culling through tools like CloudNine LAW, you are likely overspending. Investing in proactive data reduction is one of the smartest financial decisions you can make in eDiscovery—because in the end, the best way to cut eDiscovery costs is to cut the irrelevant data first.

Are you ready to take control of eDiscovery costs? Let’s talk about how CloudNine LAW can help you save money while optimizing efficiency: Contact Us today.