- January 27, 2022
Unified Communications Archiving
Discover how Unified Communications Archiving can streamline your organization's communication records management while reducing risk and optimizing eDiscovery spend. Download our whitepaper now.
Built-in Teams archiving
When a Team is no longer needed, a Team owner can delete it. When a Team is deleted, it disappears from the Teams client and is no longer available to end users. When a team is deleted, the various data objects in the deleted Team are automatically deleted at the same time and retained on the backend of Microsoft 365 for 30 days and recoverable any time before the 30-day period ends. After 30 days, the Team and its associated data are permanently deleted. A safer practice is to archive the Team instead.
Microsoft has made Teams archiving available to individual Team owners. But unlike a live archiving capability such as a live journaling feed from an email box to an email archive, the archived Team is a snapshot in time meaning when archived, all activity in that specific Team is frozen and made "read-only," including all uploaded/shared files. This makes sense in that the Team owner is designating the Team as no longer needed; they may still want to retain the data for regulatory, legal, or business purposes. As I mentioned in the previous section, archived MS Teams groups can have retention policies applied to them but because Teams utilizes several Microsoft 365 applications, Teams retention policies will need to be set in each of the separate Microsoft 365 apps.
It's also important to note that Microsoft has been actively working on enhancing the archiving capabilities of Teams. Innovations such as integration with cloud-based storage and enhanced search functionality have been introduced, and organizations should continuously monitor for new features and options that may better serve their compliance needs.
Although the archived Team is discoverable through the Microsoft Purview Compliance Portal search and could be used in an eDiscovery case, content within the Team is not guaranteed to be retained for a specific period of time since the Team can technically be restored or deleted at any point by the Team owner – an obvious litigation hold issue.
Podcast Episode: Archiving Microsoft Teams | Michael Osterman from Osterman Research details under what circumstances organizations may need to reach out to third parties to provide additional archiving support. (Listen Now)
Capturing Teams Data for eDiscovery
eDiscovery is the process in which electronically stored information (ESI) is sought, secured (legal hold), reviewed, and turned over to opposing counsel with the intent of using it as evidence in a civil or criminal legal case. In the U.S., the eDiscovery process is represented by the Electronic Discovery Reference Model (EDRM) and the Federal Rules of Civil Procedure (FRCP). Responding to an eDiscovery request fully and in a timely manner is an absolute responsibility for any organization, under the U.S. legal system. Failure to respond in the appropriate manner can result in loss of case, fines, having to pay the cost of opposing counsel, loss of professional designation (J.D.), and in limited circumstances, jail time. As I mentioned in the opening of this blog, all relevant data is potentially discoverable no matter where it is stored, including all metadata.
Obviously, this means Teams data (and all metadata) is not exempt from an eDiscovery request which means that companies across all industries that have incorporated Teams into their remote or hybrid workforce must be able to capture and secure all Teams data in a legally defensible manner when litigation is anticipated.
How would your organization find and secure potentially responsive Teams data of select custodians if needed? The obvious answer is "with difficulty." And could you guarantee that all relevant Teams data would be found and placed on a litigation hold? The truthful answer: maybe not.
In fact, Teams has a somewhat complicated persona when dealing with litigation hold and eDiscovery. To begin with, not all Teams content is discoverable from within Microsoft 365. All Teams 1:1 or group chats are saved (journaled) through to the respective users' mailboxes and are therefore discoverable. All standard channel messages are journaled through to the group mailbox representing the Team. Files uploaded in standard channels are covered under the eDiscovery functionality for SharePoint Online and OneDrive for Business. eDiscovery of messages and files in private channels works differently than in standard channels. Additionally, placing a user on hold does not automatically place a group on hold or vice-versa.
However, Teams’ continuous evolution has led to improved eDiscovery capabilities. Teams now supports more advanced search and holds options, making it easier for administrators to retrieve and preserve content relevant to litigation. This has been a significant step forward in addressing the complexities previously associated with eDiscovery in Teams. Microsoft Teams' compliance features have also been updated to better align with international standards, ensuring a more global application.
When eDiscovery is run from the Microsoft Purview Compliance Portal, Teams data will appear as IM or Conversations in the Excel eDiscovery export output. Administrators can use an eDiscovery case to create holds to preserve content that might be relevant to a given case. You can place a hold on the mailboxes and sites that are associated with Microsoft Teams or Yammer Groups. When you place content locations on hold, content is held until you remove the hold from the content location or until you delete the hold.
Microsoft has been investing in expanding the capabilities of the Microsoft Purview Compliance Portal to provide more granular control over eDiscovery processes, which reflects their commitment to supporting compliance needs across various industries.
One issue to be aware of after you place a content location on hold, it can take up to 24 hours for the hold to take effect - enabling inadvertent data spoliation. However, with the rapid advancement in technology, Microsoft has been working on reducing the time it takes for holds to take effect, thereby minimizing the risk of data loss.
So, what is the answer to these Teams' regulatory and eDiscovery challenges?
Teams data consolidation and archiving
Because Teams stores data across several applications in Microsoft 365, placing a litigation hold and reviewing data across Teams repositories can be complex, risky, and time-consuming because it involves manual processes. To simplify the process and ensure compliance with regulatory and eDiscovery requirements, companies should look to consolidate their journaled Teams data streams into a central archive ensuring data management, search, placement of litigation hold, review, and production can be quick and compliant.
Challenges and Importance of Teams Data Archiving
With the ever-growing usage of Teams, especially in hybrid work environments that have become the new norm in the post-COVID era, the need for efficient data consolidation and archiving has become even more critical. Moreover, an essential capability for compliant Teams regulatory response and eDiscovery review is the ability to capture Teams content in context. Specifically, the ability to capture and review not just an individual chat conversation or uploaded piece of content, but entire conversation threads, with all data objects, within complete timelines. Only this form of Teams archiving will ensure that the true meaning of the conversation and any Teams object posts can be accurately viewed, and the meaning easily determined. For organizations looking to implement a third-party Teams archiving solution, beware that some Teams archiving applications are unable to capture and manage all Teams data and only capture the chat function.
Advancements in AI and data analysis have seen remarkable developments in recent years, leading to a marked improvement in the accuracy and contextual understanding of Teams data. When selecting a third-party archiving solution, it's paramount for organizations to opt for one that seamlessly integrates these cutting-edge technologies, ensuring that data is captured more efficiently and effectively. [read our blog on predictive information governance here]
Again, in litigation, all data is subject to litigation hold and eDiscovery. Data objects that cannot be discovered pose a significant liability for organizations responding to eDiscovery requests. In a typical scenario, a knowledgeable attorney may intentionally target Teams data objects that they believe can evade discovery searches, potentially leading to complaints about incomplete eDiscovery. It is important to recognize that the Teams ecosystem is not static. With continuous updates and improvements in Teams and related third-party solutions, the range of discoverable data objects is constantly expanding. Organizations must stay vigilant and informed about the evolving capabilities and limitations of the available tools.
A consolidated Teams archive simplifies this complex situation. Instead of searching across multiple Microsoft 365 storage locations, the archive provides a single, unified dashboard for efficiently searching, securing, and reviewing Teams content to ensure regulatory compliance and support eDiscovery. It is encouraging to witness the emergence of innovative third-party solutions that specialize in Teams data consolidation and archiving. These advanced solutions streamline data management by offering automated tagging, categorization, and other efficient features. For instance, Archive360 offers an archiving solution tailored for Microsoft Teams, helping organizations efficiently consolidate and manage their Teams data in a secure and compliant manner.
Microsoft Teams is undoubtedly a highly productive collaboration tool. However, its use in organizations bound by regulatory retention requirements or involved in litigation introduces a layer of complexity. To navigate this complexity, streamline Teams archiving, and mitigate risks associated with compliance and eDiscovery, it is crucial to employ a comprehensive, standalone Teams archiving application capable of managing all Teams data effectively.
In conclusion, the landscape of data management and compliance is continuously evolving. It is vital for organizations to stay informed, periodically review, and adjust their Teams archiving strategies. Aligning these strategies with the latest best practices and regulatory requirements is not just a checkbox exercise; it is a strategic move that facilitates meeting legal obligations and unleashing the full potential of Microsoft Teams as an indispensable tool in the collaborative workspace of today and tomorrow.
For more information on how Archive360 can help solve your Microsoft Teams archiving needs: Click Here.