Today’s Adoption of Microsoft Teams Creates Tomorrow’s Litigation and eDiscovery Challenges

The global COVID-19 pandemic, has forced many organizations to move the majority of their workforce to a “working from home” model. This seemingly overnight change to remote working environments has meant that organizations have had to quickly find, adopt, and begin using collaboration tools for which many had not planned and for which lines of business had little experience. Collaboration tools, such as IM, Slack, Jabber, Yammer, Zoom, SMS texting, GoToMeeting, and Microsoft Teams (to name just a few) were designed with little thought for the need for archiving for eDiscovery and litigation hold, regulatory compliance, or corporate governance.

Microsoft Offers in response to COVID-19

To support organizations scrambling to onboard remote workers, Microsoft began offering on March 1, 2020, a free six-month trial of the premium version of the Office 365 E1 (Online version only) productivity Suite, which includes Teams, the Microsoft collaboration solution. On May 4, 2020, Microsoft discontinued the free 6 month offer of Office 365 and replaced it with a new offer.

It’s important for organizations to be aware that there are several notable missing capabilities in Free Office 365 E1 solution, including:

1. The ability to manage your global data residency needs with per-user data location controls
2. Exchange Online Archiving
3. Message encryption
4. Discovery (The E1 license is limited to content search and basic audit, and lacks all additional eDiscovery capability)

Understandably, many organizations have jumped at the chance to quickly address their remote worker collaboration challenges and take advantage of these Office 365/Teams trial offers. But in the rush to keep newly remote employees productive, some organizations have not given enough thought to the need to archive and produce this content when needed.

Office 365, E1 Licenses and Archiving

If you are one of the organizations that has taken advantage of the free Office 365 E1 offer, your employees will now be using functionality such as Exchange Online, Microsoft Teams and SharePoint Online.  And you may be asking yourself why this type of content would need to be archived anyway.

You may not be aware that every organization has regulatory compliance requirements around capturing and retaining communications (including communication via Exchange and Teams) for 1 to 7 years, or longer, depending on the industry. However, only Financial Services organizations subject to SEC Rule 17 or MiFID II regulations must capture and archive all types of communications, including that content from social media and collaboration applications.

COVID-19 and Litigation

If you’re not a financial services organization, there is a caveat: any organization involved in litigation and eDiscovery could be faced with capturing and securing this content. The COVID-19 pandemic has raised the prospect of an avalanche of pandemic-related lawsuits as businesses begin to reopen and as state and local government agencies get back to normal. The real prospect of litigation should focus every organization on reviewing its eDiscovery (or eDisclosure outside the U.S.) processes and capabilities.

Be Proactive about eDiscovery

The first rule of eDiscovery is that all potentially relevant electronic data (sometimes referred to as Electronically Stored Information or ESI for short) is discoverable - no matter where it’s stored - including all metadata. “Electronic Data” includes, but is not limited to: emails, documents, presentations, audio and video files, social media – otherwise said, all of the content that your Office 365 E1 license users are generating.  The second rule is that defendants have a responsibility to begin securing potentially relevant data as soon as they can “reasonably anticipate” future litigation. Many organizations have made the mistake of ignoring obvious signs of future litigation until served with notice. I will discuss anticipation in more detail in the next section.

In the U.S., failure to respond in the appropriate time frame and proper manner can result in loss of the case, fines, etc.

In summary, eDiscovery is the legal process of identifying, securing, collecting, reviewing, and producing responsive (relevant) electronic data in response to an eDiscovery request. The eDiscovery process is time-sensitive, based on the time frame agreed to during the “meet and confer” meeting or, if no agreement is reached, the time period specified by the Judge.

Microsoft Teams and eDiscovery

There is no question that opposing counsel can ask for any content, no matter where it's stored, if it’s potentially relevant to the case. While all electronic data has its challenges in the context of eDiscovery, data and content generated by collaboration applications, such as Microsoft Teams, has many issues.   

Issue 1: Anticipation and deletion of data

There was a case several years ago where the defendant had not retained data even though it was clear that litigation would possibly arise in the future. This organization continued with their standard retention/disposition activities and even scheduled several “shred days” over a two year period, which included data that could have been potentially relevant to the case (approximately two years before the lawsuit was filed).  Opposing counsel argued the defendant had knowingly destroyed evidence (spoliation) because they thought the deleted data might be used against them in future litigation. The plaintiff argued that because the defendant should have known their duty to preserve data had been triggered due to industry events, they should be fined and lose the case. In this case, the Judge ruled for the plaintiff because the defendant should have anticipated future litigation. The ruling included fining the defendant several hundred thousand dollars; however, the case went forward.

If you are one of the many organizations anticipating litigation as a result of COVID-19, have you put measures in place to capture and retain your employees’ electronic communication and content?

Issue 2: Ongoing usage of collaboration applications during litigation / eDiscovery

As I said in the proceeding section, when litigation is anticipated, but the suit has not yet been filed, the defendant is under a legal responsibility to begin capturing and securing all communications of target custodians (individuals in your organization who may be  part of the case) immediately. In this situation, the defendant is obligated to begin capturing it and placing it on legal hold immediately, or shutting down all collaboration applications where they can’t capture custodian data in real-time..

I used to work with a Washington DC law firm several years ago. One of the Partners offered me one of their standard strategies one night over drinks. The plan was this; as clients came into the firm with potential lawsuits, the first thing the law firm would do is perform research on the target company’s corporate legal department and their law firm to find the newest law clerks or paralegals. The law firm would then mail them a letter that contained something to the effect that his client was thinking about filing a lawsuit against them for some reason. They did this knowing the lowest person on the totem pole would be hugely overworked and probably not even get to the letter for weeks. Later, after the lawsuit was filed, the plaintiff’s attorney would make sure to create an eDiscovery request for all potentially relevant data (including data generated by social media and collaboration applications such as Microsoft Teams). They did this knowing that that several weeks’ of data would not have been captured and placed on legal hold. The attorney would then argue that the defendant had destroyed evidence and push for immediate case settlement.

Are you currently able to automatically capture and preserve ALL Teams data, in real time?

Issue 3: Internal investigations

Many organizations journal their email for regulatory requirements, eDiscovery, and also for internal investigations. Journaling is the process of automatically capturing a copy of every email (sent and received) before it reaches the user’s mailbox.  Organizations then use third party journal archiving tools to manage the retention and disposition of the email.  When complaints are filed against employees for inappropriate behavior, HR departments will surveil specific employees by asking IT to begin journaling the targeted employee email to oversee what they are currently doing in real-time, as well as review past employee emails for evidence of misconduct.  This practice is widely accepted and used primarily to catch issues before they turn into outside litigation. As companies adopt new collaboration apps, this same journaling/archiving capability for collaboration applications should also be considered.

This same internal investigation capability is used by corporate legal departments to ensure employees are not inadvertently leaking intellectual property or stealing and sending it outside the corporate firewall.

How are you implementing journaling in the cloud? Since comprehensive email journaling is not supported in Office 365, Microsoft suggests an on-premise or third-party cloud archive to be used as the journal mailbox.

Preemptive archiving of collaboration communications

How would you preemptively address these issues so that you would not run into challenges with your eDiscovery/ligation hold responsibilities? The answer is both simple and difficult. First, the simple part: ensure you can capture, archive, and secure all communications, including all content generated by Microsoft Teams, in real-time in case of future litigation. The tricky part is that journaling, archiving, and being able to place legal holds on content from many of these collaboration applications is not straight forward. While these applications provide a myriad of user productivity capabilities, they were not designed with regulatory or legal response in mind.

For example, Microsoft Teams does not have a common repository in which Teams data can be stored, so individual retention/disposition policies must be set in several different parts of Office 365. Additionally, placing litigation holds on Teams data is not simple. For more details on Teams data retention and legal hold placement, please refer to my previous blog titled Why Microsoft Teams Archiving is More than Capturing Chat.

In summary: most organizations will need to utilize a third-party cloud-based archive which includes the ability to automatically capture all Teams data objects, the ability to place/change retention policies quickly, and the ability to search and place legal holds, quickly, from one, easy to use dashboard. Considering issues 2 and 3 above, a third-party Teams archive would also need to be able to journal Teams data from Office 365 for ongoing litigation and internal investigations.

With the current and future business environment, organizations will need to completely rethink how their IT departments adopt, capture, manage, and supervise all communications in the age of social media and collaboration applications.

For information on how to archive Teams in a legally compliant fashion or learn how Archive360 can help your organization address these challenges, please call us by clicking here and either calling or emailing us.

Read more about why Microsoft Teams archiving is more than capturing chat!