P2P

P E E R T O P E E R M A G A Z I N E · S U M M E R 2 0 2 5 41 • There may be no clear audit trail linking file versions to user access events. These are not just technical headaches; they are legal liabilities. Without careful tracking and preservation of hyperlinked content, firms risk spoliation, sanctions, and noncompliance with discovery obligations. RISK AREAS FOR LAW FIRM IT TEAMS Law firms bear weighty responsibilities when it comes to ediscovery and regulatory compliance. In legal matters, IT is expected to guarantee the integrity, retrievability, and defensibility of all relevant electronically stored information, regardless of format or storage location. To fully grasp the challenge, it is essential to break down the specific risk areas posed by hyperlinked files: 1. Contemporaneous Version Loss Legal defensibility often hinges on what a file looked like at a specific point in time, generally determined to be the moment the items were sent. This is known as the "contemporaneous" version of the file. Most cloud platforms store only a limited number of versions. Once that threshold is reached— say, 100 or 500 edits—the older versions are overwritten. This "version roll-off" can destroy the only available record of what was sent, seen, or acted upon. 2. Permission and Access Gaps Files can be moved, deleted, or have their permissions changed after a hyperlink is shared. A recipient who initially had access might later lose it, and audit logs often fail to capture the entire state of the file, especially its contents, at the time of access. 3. Inconsistent Legal Standards There is currently no uniform rule regarding whether hyperlinked files are considered attachments. Courts vary in their interpretation, and the issue is often deferred to meet-and-confer discussions. However, the risk remains: failure to produce a linked document that is deemed material could result in sanctions or regulatory penalties under frameworks such as the FRCP, GDPR, HIPAA, or financial sector retention laws. 4. Manual Collection Limitations Traditional ediscovery tools are designed to collect what is embedded in an email or a chat message, not what is referenced by a hyperlink. This means the hyperlink will be collected, but not the actual file it references. Some collection tools will collect hyperlinked files, but only the version as it appears at the time of collection. Unless IT teams manually identify, access, and preserve these files, along with metadata that shows access and version history, important content may go uncollected. PLATFORM-SPECIFIC COMPLEXITIES The behavior of hyperlinked files varies widely depending on the collaboration platform used. Here is a breakdown of the unique challenges across major systems: MICROSOFT 365 (OUTLOOK, TEAMS, SHAREPOINT, ONEDRIVE) Versioning: SharePoint and OneDrive store up to 500 versions by default, but settings can be modified or disabled. Older versions may roll off before legal holds are applied. Legal Hold: Microsoft Purview allows legal holds on OneDrive/ SharePoint content but only retains versions that currently exist or are created after the hold is placed. Any versions that have been rolled off, including the contemporaneous version, will be lost and unrecoverable. Audit Logs: Logs track access and edits but not content at the time of access. Matching user access with file versions remains a manual and error-prone process. Risk: Hyperlinked files are not included in Purview Standard email exports. IT must separately retrieve the linked documents, which runs the risk of potential mismatches in family membership. In Purview Premium, the hyperlinked file WILL be collected, but only the current version. Previous versions must be manually collected.

• Cover