Case Studies

We work with our clients to solve complex data problems, address compliance and privacy challenges, and achieve better legal outcomes. Read the case studies.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
September 4, 2025
Case Study
ai-analytics

From Two Million to On Time: How aiR Beat the FCC Clock

The ChallengeA major media company received a Letter of Inquiry (LOI) from the FCC, triggering a high-stakes regulatory investigation. The company was required to produce relevant communications within a month—but two weeks in, the legal team still needed to collect over 2 million documents from 16 custodians. Complicating matters further, the company’s software platform was mid-transition, raising serious concerns about data integrity and reporting reliability. The SolutionRecognizing the urgency and complexity of the matter, the media company and its outside counsel turned to Lighthouse. With an immense volume of documents, looming regulatory deadlines, and a technology transition in progress, they needed more than linear review—they needed a strategic partner with forensic, eDiscovery project management, and AI expertise. Within just four days, Lighthouse’s forensics experts collaborated with the company to collect and process all relevant custodian data, including associated family files. From there, our project management team worked with the company and its counsel to apply targeted filtering—focusing on communications between key senders and recipients. This reduced the original 2 million documents to a refined universe of 94,000. Using advanced email threading and junk file analysis, the team further reduced the review set to 59,000 documents. Given the aggressive timeline, volume of documents, and the dataset’s low privilege risk, Lighthouse consultants recommended deploying Relativity aiR for Review. Working closely with inhouse and outside counsel, Lighthouse developed a defensible AI review prompt using an iterative sampling workflow designed to meet stringent recall standards and maximize precision. Only 300 documents were reviewed during this iterative phase. Relativity aiR identified a predicted responsive universe of 28,000 documents. A first-level review was completed in just five days, followed by a quality control review conducted by outside counsel. Final validation confirmed 88% recall and 96% precision—exceeding regulatory and eDiscovery defensibility standards. The ResultsUltimately, 18,000 documents were successfully produced on time, along with an expert declaration on the defensibility of the process from a Lighthouse Strategic Consultant. When the FCC issued a supplemental request, the teams were able to use the aiR-powered workflow once again to quickly review 2,000 additional documents—resulting in the production of the 300 relevant files.
August 28, 2025
Case Study
microsoft-365

Protecting Proprietary Clinical IP in Microsoft 365

Client: Global academic medical system Stakeholders: CISO, Information Governance, Legal Tech stack: Microsoft 365 + Microsoft Purview (SharePoint, OneDrive, Exchange, Teams) Objective: Identify, label, and protect high‑value IP across M365 Business Challenge Conventional pattern matching missed nuanced research content; labels were inconsistent. Emerging IP taxonomy lacked consistent, enforceable labels across repositories. Conventional pattern matching couldn’t reliably detect unstructured, nuanced IP. Teams needed clarity on when to use Sensitive Info Types (SITs), Exact Data Match (EDM), and Trainable Classifiers, and how to govern them. Wanted to compare outcomes with prior third‑party classifiers. What Lighthouse Did IP Taxonomy + Purview Labels Mapped proprietary IP categories to a label set Blended Classifier Strategy Combined SIT, EDM, and Trainable Classifiers Operationalize Piloted and tuned models aligned with retention/legal hold/eDiscovery, with auto‑labeling and user prompts. Controls Developed change‑management materials Outcomes Common IP Language: Agreed taxonomy mapped to enforceable labels. High‑Confidence Detection: Trainable classifiers surfaced custom IP Consistent Protection: High‑value content auto‑labeled with policy‑driven controls in M365. Governed Workflows: Clear guidance on SIT vs EDM vs Trainable; fewer false positives/negatives; faster to eDiscovery. Timeline Weeks 0–1 — Kickoff + Plan Weeks 2–4 — Design + Setup Weeks 5–9 — Run Pilots Weeks 10–11 — High Level Design + Training Why Microsoft Purview for Data Protection Enterprise-wide strategy - Unified data security, governance, compliance Integrated governance - DLP, retention, legal hold, eDiscovery Flexible detection models - Sensitive Info Types, Exact Data Match, Trainable Classifiers Persistent, label-based protection - Embedded permissions travel with data
July 7, 2025
Case Study
microsoft-365

Global Manufacturing Company Onramps to the Purview Data Protection Highway

Company Overview A global Fortune 500 manufacturing company with facilities and offices across North America, Latin America, Europe, Asia, and Australia.ChallengesThe company was evaluating Microsoft Purview E5 licenses to support its information protection, insider risk management, data loss prevention, and sensitivity labeling goals. The data protection team needed to validate the efficacy of the Purview tools when applied to company data within their M365 environment. The data project leader shared a list of use cases to test against the platform’s risk identification and alert capabilities. SolutionLighthouse’s consultants designed and ran a four-month pilot to test Microsoft Purview’s sensitivity labeling, Data Loss Prevention (DLP), Insider Risk Management (IRM), and Defender for Cloud Apps capabilities across the client’s live Microsoft 365 environment. The team configured and validated more than 10 distinct data protection policies, including global personal information labels for Exchange, Teams, OneDrive, and endpoint devices. The project included six sensitive information types (such as PII, PCI data, and passport numbers), and piloted risk-based alerts for questionable user and departing employee behavior. Lighthouse developed a detailed Report Card and Recommendations Report, delineating a clear path for full implementation of validated controls company-wide. Key OutcomesDuring the initial four-month engagement, Lighthouse’s experts successfully validated each use case, demonstrating that Microsoft Purview E5 was indeed the correct tool for the client’s data protection needs. The client purchased Purview E5 licenses and engaged Lighthouse to guide the full implementation of all the capabilities we had piloted. By following the guidance of Lighthouse data experts, the company’s data protection team developed an ongoing, flexible data protection strategy and program which mitigated multiple risks by automating data classification, labeling, and user notifications. Lighthouse helped this client accelerate its data protection maturity model and establish best practices, workflows, and classifiers to strengthen data privacy and security. We can do the same for you. Contact an expert to get started.
April 14, 2025
Case Study
microsoft-365

Modernizing Compliance and eDiscovery

The project included replacing expensive third-party archives with native tools in M365, utilizing an automation solution that Lighthouse had recently prototyped for a large global manufacturer, and other breakthroughs the institution was unable to make before engaging with Lighthouse. Our work with the institution helped unblock their Microsoft 365 deployment and ultimately led to disclosure to regulators for institution’s intent to use M365 as system of record.SIFIs have long wished for a better way to meet their mutability requirement. Historically, they have relied on archiving solutions, which were designed years ago and are poorly suited for the data types and volume we have today. For years, people in the industry have been saying, “Someday we’ll be able to move away from our archives.” It wasn’t until the introduction of M365 native tools for legal and compliance that “someday” became possible.Data Management for SIFIs is Exceptionally ComplexThe financial services industry is one of the most highly regulated and litigious sectors in the world. As a result, companies tend to approach transformation gradually, adopting innovations only after technology has settled and the regulatory and legal landscape has evolved.However, the rate of change in the contemporary world has pushed many financial heavyweights into a corner: They can continue struggling with outdated, clunky, inadequate technologies, or they can embrace change and the disruption and opportunities that come with it.From an eDiscovery perspective, there are three unique challenges: (1) as a broker-dealers, they have a need to retain certain documents in accordance with specific regulatory requirements that govern the duration and manner of storage for certain regulated records, including communications (note that the manner of storage must be “immutable”). This has traditionally required the use of third-party archive solutions that has included basic e-discovery functionality. (2) As a highly regulated company with sizable investigation and litigation matters, they have a need to preserve data in connection with large volumes of matters. Traditionally, preservation was satisfied by long-term retention (coupled by immutable storage) and without deletion. Today, however, companies seek to dispose of legacy data—assuming it is expired and not under legal hold—and are eager to adopt processes and tools to help in this endeavor. (3) They have a need to collect and produce large volumes of data—sometimes in a short timeframe and without the ability to cull-in-place. This means they are challenged by native tooling that might not complete the scale and size of their operations. This particular company’s mission was clear: to use M365 as a native archive and source of data for eDiscovery purposes. To meet this mission, Lighthouse needed to establish that the platform could meet immutability and retrievability requirements—at scale and in the timeframe needed for regulatory and litigation matters. Lighthouse Helps a Large Financial Institution Leverage M365 to Replace Its Legacy Archive SolutionLighthouse is perfectly positioned to partner with financial services and insurance organizations ready to embrace change. Many on our team previously held in-house legal and technology roles at these or related organizations, including former in-house counsel, former regulators, and former heads of eDiscovery and Information Governance. Our team’s unique expertise was a major factor in earning the trust and business of a major global bank (“the Bank”). The Bank first engaged with Lighthouse in 2018, when we conducted an M365 workshop demonstrating what was possible within the platform—most notably, at the time, the potential for native tools to replace their third-party archives. Following the workshop, the Bank attempted, together with Microsoft, to find a viable solution. These efforts stalled, however, due to the complexity of the Bank’s myriad requirements. In 2020, the Bank re-engaged Lighthouse to supports its efforts to fully deploy Exchange and Teams and, in doing so, to utilize the native information governance and e-discovery toolset, paving way for the Bank to abandon its use of third-party archiving tools for M365 data. Our account team had the nuanced understanding of industry regulations, litigation and regulatory landscape, and true technical requirements needed to support a defensible deployment.As a result, we were able to drive three critical outcomes that the bank and Microsoft had not been able to on their own: (1) A solution adequate to meeting regulatory requirements (including immutability and retrievability). (2) A solution adequate to meeting the massive scale required at an institution like this. (3) A realistic implementation timeline and set of requirementsLighthouse Ushers the Bank Through Technical and Industry MilestonesWe spent six months designing and testing an M365-based solution to support recording keeping and e-discovery requirements for Teams and Exchange (including those that could support the massive scalability requirements). The results of these initial tests identified several gaps that Microsoft committed to close. The six month marked a huge milestone for the financial services industry, as the Bank disclosed to regulators their intent to use M365 as system of record. This showed extreme confidence in Lighthouse’s roadmap for the Bank, since a disclosure of this nature is an official notice and cannot be walked back easily. Over the next few months, we continued to design and test, partnering with Microsoft to create a sandbox environment where new M365 features were deployed to the Bank prior to general availability, to ensure we were able to validate adequate performance. During this time, Microsoft made a series of significant updates to extend functionality and close performance gaps to meet the Bank’s requirements. Finally, in February 2021, all the Bank’s requirements had been met and they went live with Teams—the first of their M365 workload deployments. That configuration of M365 met only some of the Bank’s need, however, so Lighthouse had to enable additional orchestration and automation on top. As it happens, we had recently done this for another company, creating a proof of concept for a reusable automation framework designed to scale eDiscovery and compliance operations within M365. Building on this work, we were able to quickly launch development of a custom automation solution for the Bank. This project is currently underway and is slated to complete in June, coinciding with their deployment of Exchange Online.Lighthouse Enables Adoption of Teams and Exchange and Scales M365 Compliance FunctionalityCompliant storage of M365 communications using native tools, rather than a third-party archive. Scaled and efficient use of M365 eDiscovery, including automation to handle preservation and collection tasks rather than manual processes or simple PowerShell scripts.Improved update monitoring, replacing an IT- and message-center-driven process with a cross-functional governance framework based on our CloudCompass M365 update monitoring and impact assessment for legal and compliance teams.Framework for compliant onboarding of new M365 communication sources like Yammer. Framework for compliant implementation of M365 in new jurisdictions, including restricted country solutions for Switzerland and Monaco. Framework to begin expanding to related use cases within M365, such as compliance and insider risk management. Lighthouse Paves the Way for Broader M365 Adoption Across the Financial Services IndustryFollowing the success of this project, we have been engaged by a dozen other large financial institutions interested in pursuing a similar roadmap. The roadblocks we removed for the Bank are shared across the sector, so the project was carefully watched. With the Bank’s goals confidently achieved and even surpassed, its peers are ready to begin their own journey to sunset their archives and embrace the opportunities of native legal and compliance tools in M365.
No items found. Please try different search parameters.