Using Search Exclusions to prevent visibility of select Email Addresses and their Content
Why and when would preventing email content from being viewable on an eDiscovery platform like DataCove be useful?
In some organizations, there is a need for a careful balancing act between the regulatory obligation for document archiving and the demand from the higher-ups that their communications won’t be unnecessarily viewed out of hand, or archived at all. Depending on whom is in charge of DataCove inside the organization, most often IT, some bigwigs feel there is too much visibility into what they’re doing from subordinates, and will want to avoid archiving for those reasons.
As a real-world example observed multiple times in various permutations, imagine a school district wherein the superintendent is against archiving because they don’t like the idea of someone else being able to read their emails, resulting from a feeling that they don’t fully trust their own IT team or because they don’t like the idea of public oversight via Freedom of Information Act investigations or Public Records Requests. Whatever their reasons may be, they either specifically don’t want their account archived but do want to archive everyone else’s, or do not want any archiving at all due to some perceived risks to the district.
Now imagine if this same behavior occurred at other organizations, like a city or county government, police department, regulated commercial business or health system, and the level of concern would automatically grow much higher to the lack of compliance and potential ramifications, both legal and financial as well as on the public relations front. Fallacious thinking like this is an issue that has been beheld multiple times in all sorts of environments, and while dramatically less common than it was since the advent of the Federal Rules of Civil Procedure regulations on electronic document archiving in 2006, it’s still a challenging situation that comes up every now and again.
To accommodate such circumstances, DataCove has a capability known as Search Exclusions, which effectively blacklists an email address so that the content sent from, to, copied to or blind copied to become unviewable to everyone on the system, with the exception of the user who possesses direct access to that email address and those given explicit overrides to view the content. This allows the sensitive data to be archived for compliance purposes but without necessarily having any IT, HR or Legal team capable of viewing the data without explicit permission to do so. Such access could then be provided only if and when a specific search request came in that would have bearing on that data. This flexibility of precluding visibility of sensitive users’ content while still allowing for full archival and eDiscovery, when needed, allows DataCove to satisfy everyone’s needs.
While the DataCove Audit Log already tracks all user activity, that’s an after-the-fact log that tells someone what happened. Search Exclusions adds a permission layer atop the search subsystem that actively prevents such activity from happening in the first place.
Note: Search Exclusions take precedence over all other rules and search allowances given to users regarding which email addresses they can search on. No users will be able to search on these excluded addresses, even if the address is their own personal address, unless an override is set up for that user. Overrides should consequently be set up for individual users who intend to use the system to search on their own emails.
Note: It is highly recommended that any eDiscovery work performed on the DataCove that has a broad request, searching for keywords or terminology used by anyone in the organization, be run from an account that possesses an Override to all accounts that are normally Excluded, as such a search could find results that may be relevant, but are otherwise Excluded from general access. This can be a serious liability concern of data withholding and should be undertaken with due care.
The below walkthrough will provide guidance on how to implement Search Exclusions and what to expect when using them.
Excluding an Email Address on DataCove
To begin excluding addresses, launch a web browser and navigate to the DataCove web interface.
Select Users and Groups in the top header bar, then Search Exclusions from the left hand side menu.
In the Global Search Exclusions field, enter in the email addresses to be excluded from search.
If multiple addresses are to be entered, separate them by newlines, commas or semicolons. Newlines are recommended for easy of legibility.
Once the addresses have been entered, select the Save button.
Once at least email address has been saved, the Override section on the lower pane of the page will become active.
This pane is composed of a listing of existing Overrides made (none will be present yet), and ones that can be made, with two dropdown menus for the Excluded Address to be overridden and another for the User Account or LDAP Authenticator that will be overriding the Exclusion.
Select the Excluded Address and then select the Admin account, or another account that will have the ability to search on that address, and click the Add Override button.
Once an Override exists, the Excluded Email Address will now be searchable solely by the user account authorized.
Note: No other accounts, not even the user themselves, will be able to search on that address unless explicitly granted an Override.
Removal of an Override is handled by clicking the Red X icon to Delete the Override in this same Exclusion Overrides section.
Testing Visibility of Excluded Content
Once an email address has been Excluded in DataCove, the lack of emails related to that user will now become apparent. This can be tested with the following process:
Open an InPrivate or Incognito browser.
Log into DataCove with an account that does not possess an Override to the Excluded address.
Select Email Viewing in the top header bar, then select Search on the left hand side menu.
Populate either the To or From fields with the Excluded address and select a date range that emails to or from them would’ve been sent.
Click Search.
The search will run and complete as per normal, but without any results rendering on the list. This is the intended behavior and appearance of a Search Exclusion.
Searching for other personnel at the organization who are not Excluded will render as per normal, but any emails they sent To or received From an Excluded account will be hidden from view.
To view emails sent to or from that email address, create an Override for the account that should be able to view content from the Excluded address.
This is performed from the same Search Exclusions page under the Users and Groups section discussed above.
Once an Override is in play and the account with the Override is logged in, running that same example search again will yield the appropriate number of results.
This concludes the setup guide for Search Exclusions on DataCove.