eDiscovery
Forensic Control has updated our eDiscovery service for law firms, forensic accountants and the in-house teams who find themselves under pressure to locate and produce data. I spent years recovering digital evidence at New Scotland Yard before founding this firm, and in this post, I want to explain how we approach this work, why it is led by investigators rather than just software, and what that means for deadlines, including the new data protection complaints duty.
By Jonathan Krause | Founder and Managing Director, Forensic Control | 12 June 2026
You usually find out whether an eDiscovery provider is up to the task at the worst possible moment. A deadline is days away, your data is scattered across systems that no one quite has a handle on, and you need it found, reviewed, and produced without altering a single file. We have rebuilt our eDiscovery services with that pressure in mind. My view is that the people who scope your matter should be the ones doing the actual work, and the output should be built to withstand the scrutiny of a court, rather than just look good in a demo.
In the simplest terms, eDiscovery is the process of finding, preserving, reviewing, and producing electronically stored information (ESI) for legal or regulatory reasons. We cover that full arc. We collect data from wherever it lives (Microsoft 365, Google Workspace, SharePoint, Teams, Slack, mobile devices, and archived accounts) in a way that protects the metadata and maintains a rigorous chain of custody. We try to reduce the data volume early on, so you aren’t paying to review the same irrelevant document over and over. From there, we review for relevance and privilege, redact any third-party personal data, and produce the result in the format your matter requires.
In my experience, the review stage is rarely the difficult part. The challenge is usually getting clean, complete data out of the source systems to begin with, and then being able to prove (months or years later) that the data remained intact throughout the process.
My background is in investigation, not software. I spent years recovering and analysing digital evidence at the Hi-Tech Crime Unit at New Scotland Yard and then at Forensic Control, and that history shapes how we approach every matter. A court or a regulator rarely just wants to know what you found; they want to know how you found it, and whether anything could have changed in the process.
That is why we identify sources before we touch them, preserve before we collect, and document every single step. It sounds like basic housekeeping, but it is often the first discipline to be skipped when a team is in a hurry. A rushed collection that inadvertently overwrites a timestamp or pulls data through the wrong tool can turn a strong legal position into one you can’t defend. You generally only discover that issue when the other side decides to challenge your evidence.
Many providers place a sales layer between you and the people who actually handle your data. We do the opposite. When you instruct us, the senior consultant who scopes your matter is the one who runs it. That includes Greg Deane, who has over eighteen years in legal technology, including his work on the Bernie Madoff litigation, and our wider forensic team for collection. We avoid handing things off to a junior queue.
This matters most when a matter is messy or urgent, which is exactly when the scoping decisions made in the first hour can either save you weeks of work or cost you them. We start by asking the right questions: whose data are we looking at? Which systems? What is the timeframe, and what is the real deadline? Getting that framework right early on is what keeps an eDiscovery exercise proportionate to the matter at hand.
We are about to see more of these. From 19 June 2026, section 164A of the Data Protection Act 2018 (DPA 2018), brought in by the Data (Use and Access) Act 2025 (DUAA), requires organisations to manage a formal process for data protection complaints. My colleague Greg Deane has written extensively on what this duty requires and how to prepare for it. The eDiscovery part of the job begins once a complaint is logged: you have to locate everything you hold on that person across every system, review it, and produce what is disclosable, often within a very short window.
A Data Subject Access Request (DSAR) works similarly, but a complaint adds an unhappy individual and the potential involvement of the Information Commissioner’s Office (ICO) asking exactly how you handled it. It is the same locate-review-produce exercise we run for litigation, just on a tighter clock. It’s also a clear illustration of why the discipline I mentioned earlier is so vital: the organisations that will struggle are those that cannot search their own systems quickly or prove their data is intact.
Regardless of whether you instruct us, there are three checks you can run right now to see how ready you are for an eDiscovery demand, be it litigation, a DSAR, or a formal complaint. First, go into the admin console of your main platform (Microsoft 365 or Google Workspace) and confirm you can actually search across every mailbox and shared drive, not just your own. Second, check whether your Teams and Slack messages are being retained or deleted on a rolling basis. You cannot produce data that has already been purged. Third, take a moment to consider where your data actually lives, including mobile devices, archived accounts, and the files of departed employees.
Each of these checks takes only a few minutes. Together, they tell you whether a real request would be a routine task or a chaotic scramble.
Good eDiscovery isn’t just about the review platform. It’s about getting the data right, defensibly, at the moment it matters, and being able to reach the person who did the work if a question arises later. If you have a matter pending, or you simply want to know whether your systems would stand up to scrutiny, that is a conversation worth having with us directly.
eDiscovery, short for electronic discovery, is the process of finding, preserving, reviewing and producing electronically stored information for a legal or regulatory purpose. You need it whenever you have to locate and hand over data under an obligation: civil litigation and disclosure, a regulatory investigation, a Data Subject Access Request (DSAR), or a data protection complaint. The common factor is that the data has to be collected in a way that is complete, relevant and defensible, so it holds up if it is later challenged.
The service covers the full process: scoping the matter, forensic collection of data from systems such as Microsoft 365, Google Workspace, SharePoint, Teams, Slack, mobile devices and archived accounts, reducing the volume before review, reviewing for relevance and for third-party data that must be redacted, and producing a court-ready result with expert reporting where needed. Every matter is scoped and run by the senior consultants who carry out the work, rather than passed to a junior team.
When you produce data in response to a request or a complaint, you have to balance disclosure against the UK General Data Protection Regulation (UK GDPR). You can disclose the relevant person’s own personal data, so material relating to other people usually has to be redacted or withheld, and you should collect and process no more than the matter needs. Getting that balance wrong is itself a data protection failure, which is why the review and redaction stages matter as much as the search.
From 19 June 2026, section 164A of the Data Protection Act 2018 requires organisations to run a formal data protection complaints process. Investigating a complaint usually means finding everything you hold on the complainant, across all your systems, reviewing it and producing what is disclosable, often on a short deadline. That locate, review and produce work is an eDiscovery exercise, which
Any system that holds potentially relevant data. In most organisations that means email in Microsoft 365 or Google Workspace, files in SharePoint, OneDrive or Google Drive, messages in Teams or Slack, and customer or HR databases. Mobile devices, archived data and former employees’ accounts are frequently where the key material sits, and they are the sources most often overlooked when a request first comes in.
Routine, low-volume matters can often be handled in-house, especially with a tested search capability and a clear process. The cases that need a provider are those with data spread across many systems, a tight deadline, a departed employee, or any sign that data has been deleted or altered. In those situations a forensic approach to collection protects you, because how the evidence was gathered can matter as much as what was found.
Safeguard your business with our expert cyber security solutions. Whether you require digital forensics, penetration testing or proactive security assessments, our team is ready to assist. Contact us today to discuss your security needs and take the first step towards a more secure future.
