- January 27, 2022
Originally published April 22, 2020 and updated 5/19/2020, This blog has been revised for 2023. The original topic of the blog remains the same: companies should be aware of the full ramifications of archiving and discovering Teams content and plan accordingly to ensure full compliance with regulatory as well as eDiscovery requirements.
With the onset of the global shift to remote work in 2020, many workers found themselves working from home for the first time. During this period, staying in touch with fellow employees and workgroups, as well as customers, proved to be challenging. Consequently, organizations aggressively adopted collaboration apps such as Zoom, Slack, Meet, GoToMeeting, WebEx, Jabber, and Microsoft Teams to help their newly remote workforce maintain communication and productivity.
For instance, in 2020, it was reported that Microsoft saw a surge in Teams users from 32 million to 44 million in a single week. As of mid-2023, Microsoft Teams has continued to grow and establish itself as one of the leading collaboration platforms, with over 250 million monthly active users.
Owing to the heavy reliance on Microsoft's Microsoft 365 platform by numerous companies for day-to-day operations, it was a logical step for Microsoft-centric organizations to adopt Teams for seamless communication and collaboration during the remote work era.
Why you need to be thinking about data compliance for Teams
While the initial emphasis was on ensuring the safety and productivity of the workforce, organizations had to contend with the implications of rapid adoption of new applications on their regulatory, compliance, and litigation obligations concerning data retention and management. This concern is ever-present, particularly as hybrid work models have become a mainstay in the modern workspace.
It is essential to understand that all data – including data generated by Teams - is potentially discoverable in litigation. Organizations that are subject to government regulatory data retention requirements such as SEC Rule 17, FINRA, and MiFID II, need to strategize on archiving Teams content compliantly. Moreover, organizations governed by HIPAA must institute appropriate policies to safeguard confidential patient information shared via Teams. In essence, if your organization is subject to any regulatory data retention or privacy mandates, or if you have internal data governance policies, you must implement measures that encompass Teams usage. [Read the SEC's FAQs on Rule 17a-4 ]
The need to Backup Teams vs the need to Archive…Historically, organizations have treated backup and archiving as separate processes. The backup process was originally created for disaster recovery. Backing up is the process of making a copy of operating systems and data resident on servers and storage repositories for the purpose of restoring the entire system (OS and data) to the affected server in the event of system issues. For example, an email server becomes corrupted, and the server OS, email application, and messages store needs to be restored as soon as possible. The biggest problem with backups is that data that can be lost between backup cycles (usually 24 hours). In the email server example, the email sent and received between backups is permanently lost when the email server is restored using the last backup data set– also referred to as the recovery point objective (RPO). The backup is usually performed utilizing a backup application that creates its own custom-formatted data container – meaning it is very difficult to search for and act on specific files in a backup file. In reality, the backup must be fully restored to the server to search and act on specific files. On the other hand, the archiving process stores a single copy of individual files for long-term storage and management for legal, regulatory, and business reasons. A key distinction here is that individually archived data, if stored in its native format, is easier to search for and act on. Even today, some organizations continue to rely on backups as a substitute for low-cost archives. While the cost of backup storage has continued to fall, finding and restoring these individual files can be extremely slow and expensive. For example, the estimated cost to restore, search, delete PI, and create a new backup tape can range between $1,000 and $3,000 per tape. Imagine how many of your organization’s backup tapes contain a particular data subject's PI… To learn more read this article: A Backup is not an Archive … but a Cloud Archive can be an Effective Backup |
Teams Data is More Than Just Chat
A notable challenge in extending data retention policies to Teams is that Teams generates a plethora of data objects through its various functionalities. For example, even simple chat content can be categorized into three distinct capabilities:
- 1 to 1 chat
- 1 to many chat
- Files shared and accessed during chat
Additionally, Teams hosts a variety of data types including group conversations, calendar invites, voice and video calls, meeting recordings, contacts, voicemail, transcripts, and wikis. More recently, Teams has introduced new features such as task assignments, breakout rooms, and polls.
A critical aspect to consider is that Teams does not possess a singular storage repository within Microsoft 365. Instead, it saves data across multiple services within the platform. This multifaceted storage system can complicate data management.
As Microsoft Teams continues to evolve, it has brought forth new methods for managing and archiving data, streamlining processes for IT professionals. Nonetheless, staying informed of these changes and adjusting data management strategies accordingly is paramount.
One point of contention is that Teams does not facilitate the application of a universal retention policy across an entire Team. Instead, it necessitates the creation and application of retention policies for each data type within each separate repository. This stipulation posed a significant compliance challenge, particularly for sectors with fluctuating regulatory requirements. It is important to note that Microsoft has been actively working to improve and simplify compliance processes within Teams, and organizations are advised to regularly monitor updates and best practices in this area.
Table 1: Teams data is stored in different repositories depending on the content type. (Table taken from Microsoft article: "Location of data in Microsoft Teams")
This dispersed Teams data storage schema can become a real challenge for the Financial Services (FinServ) industry. For example, SEC Rule 17 requires that all broker/dealer-related data (communications and related files) be captured in a way that guarantees the file is a complete copy of the original and has not been altered, is serialized, is stored in two different geographic locations, and is stored on immutable storage – WORM (Write Once, Read Many). [read our blog on Azure WORM storage here]
As you can imagine, FinServ compliance and IT departments have been scrambling to ensure their use of the Teams application is compliant.
Unified Communications Archiving
Discover how Unified Communications Archiving can streamline your organization's communication records management while reducing risk and optimizing eDiscovery spend. Download our whitepaper now.
Built-in Teams archiving
When a Team is no longer needed, a Team owner can delete it. When a Team is deleted, it disappears from the Teams client and is no longer available to end users. When a team is deleted, the various data objects in the deleted Team are automatically deleted at the same time and retained on the backend of Microsoft 365 for 30 days and recoverable any time before the 30-day period ends. After 30 days, the Team and its associated data are permanently deleted. A safer practice is to archive the Team instead.
Microsoft has made Teams archiving available to individual Team owners. But unlike a live archiving capability such as a live journaling feed from an email box to an email archive, the archived Team is a snapshot in time meaning when archived, all activity in that specific Team is frozen and made "read-only," including all uploaded/shared files. This makes sense in that the Team owner is designating the Team as no longer needed; they may still want to retain the data for regulatory, legal, or business purposes. As I mentioned in the previous section, archived MS Teams groups can have retention policies applied to them but because Teams utilizes several Microsoft 365 applications, Teams retention policies will need to be set in each of the separate Microsoft 365 apps.
It's also important to note that Microsoft has been actively working on enhancing the archiving capabilities of Teams. Innovations such as integration with cloud-based storage and enhanced search functionality have been introduced, and organizations should continuously monitor for new features and options that may better serve their compliance needs.
Although the archived Team is discoverable through the Microsoft Purview Compliance Portal search and could be used in an eDiscovery case, content within the Team is not guaranteed to be retained for a specific period of time since the Team can technically be restored or deleted at any point by the Team owner – an obvious litigation hold issue.
%20(1).png?width=150&height=150&name=Podcast%20(260x260)%20(1).png)
Podcast Episode: Archiving Microsoft Teams | Michael Osterman from Osterman Research details under what circumstances organizations may need to reach out to third parties to provide additional archiving support. (Listen Now)
Capturing Teams Data for eDiscovery
eDiscovery is the process in which electronically stored information (ESI) is sought, secured (legal hold), reviewed, and turned over to opposing counsel with the intent of using it as evidence in a civil or criminal legal case. In the U.S., the eDiscovery process is represented by the Electronic Discovery Reference Model (EDRM) and the Federal Rules of Civil Procedure (FRCP). Responding to an eDiscovery request fully and in a timely manner is an absolute responsibility for any organization, under the U.S. legal system. Failure to respond in the appropriate manner can result in loss of case, fines, having to pay the cost of opposing counsel, loss of professional designation (J.D.), and in limited circumstances, jail time. As I mentioned in the opening of this blog, all relevant data is potentially discoverable no matter where it is stored, including all metadata.
Obviously, this means Teams data (and all metadata) is not exempt from an eDiscovery request which means that companies across all industries that have incorporated Teams into their remote or hybrid workforce must be able to capture and secure all Teams data in a legally defensible manner when litigation is anticipated.
How would your organization find and secure potentially responsive Teams data of select custodians if needed? The obvious answer is "with difficulty." And could you guarantee that all relevant Teams data would be found and placed on a litigation hold? The truthful answer: maybe not.
In fact, Teams has a somewhat complicated persona when dealing with litigation hold and eDiscovery. To begin with, not all Teams content is discoverable from within Microsoft 365. All Teams 1:1 or group chats are saved (journaled) through to the respective users' mailboxes and are therefore discoverable. All standard channel messages are journaled through to the group mailbox representing the Team. Files uploaded in standard channels are covered under the eDiscovery functionality for SharePoint Online and OneDrive for Business. eDiscovery of messages and files in private channels works differently than in standard channels. Additionally, placing a user on hold does not automatically place a group on hold or vice-versa.
However, Teams’ continuous evolution has led to improved eDiscovery capabilities. Teams now supports more advanced search and holds options, making it easier for administrators to retrieve and preserve content relevant to litigation. This has been a significant step forward in addressing the complexities previously associated with eDiscovery in Teams. Microsoft Teams' compliance features have also been updated to better align with international standards, ensuring a more global application.
When eDiscovery is run from the Microsoft Purview Compliance Portal, Teams data will appear as IM or Conversations in the Excel eDiscovery export output. Administrators can use an eDiscovery case to create holds to preserve content that might be relevant to a given case. You can place a hold on the mailboxes and sites that are associated with Microsoft Teams or Yammer Groups. When you place content locations on hold, content is held until you remove the hold from the content location or until you delete the hold.
Microsoft has been investing in expanding the capabilities of the Microsoft Purview Compliance Portal to provide more granular control over eDiscovery processes, which reflects their commitment to supporting compliance needs across various industries.
One issue to be aware of after you place a content location on hold, it can take up to 24 hours for the hold to take effect - enabling inadvertent data spoliation. However, with the rapid advancement in technology, Microsoft has been working on reducing the time it takes for holds to take effect, thereby minimizing the risk of data loss.
So, what is the answer to these Teams' regulatory and eDiscovery challenges?
Read More: Today’s Adoption of Microsoft Teams Creates Tomorrow’s Litigation and eDiscovery Issues
Teams data consolidation and archiving
Because Teams stores data across several applications in Microsoft 365, placing a litigation hold and reviewing data across Teams repositories can be complex, risky, and time-consuming because it involves manual processes. To simplify the process and ensure compliance with regulatory and eDiscovery requirements, companies should look to consolidate their journaled Teams data streams into a central archive ensuring data management, search, placement of litigation hold, review, and production can be quick and compliant.
Challenges and Importance of Teams Data Archiving
With the ever-growing usage of Teams, especially in hybrid work environments that have become the new norm in the post-COVID era, the need for efficient data consolidation and archiving has become even more critical. Moreover, an essential capability for compliant Teams regulatory response and eDiscovery review is the ability to capture Teams content in context. Specifically, the ability to capture and review not just an individual chat conversation or uploaded piece of content, but entire conversation threads, with all data objects, within complete timelines. Only this form of Teams archiving will ensure that the true meaning of the conversation and any Teams object posts can be accurately viewed, and the meaning easily determined. For organizations looking to implement a third-party Teams archiving solution, beware that some Teams archiving applications are unable to capture and manage all Teams data and only capture the chat function.
Advancements in AI and data analysis have seen remarkable developments in recent years, leading to a marked improvement in the accuracy and contextual understanding of Teams data. When selecting a third-party archiving solution, it's paramount for organizations to opt for one that seamlessly integrates these cutting-edge technologies, ensuring that data is captured more efficiently and effectively. [read our blog on predictive information governance here]
Again, in litigation, all data is subject to litigation hold and eDiscovery. Data objects that cannot be discovered pose a significant liability for organizations responding to eDiscovery requests. In a typical scenario, a knowledgeable attorney may intentionally target Teams data objects that they believe can evade discovery searches, potentially leading to complaints about incomplete eDiscovery. It is important to recognize that the Teams ecosystem is not static. With continuous updates and improvements in Teams and related third-party solutions, the range of discoverable data objects is constantly expanding. Organizations must stay vigilant and informed about the evolving capabilities and limitations of the available tools.
A consolidated Teams archive simplifies this complex situation. Instead of searching across multiple Microsoft 365 storage locations, the archive provides a single, unified dashboard for efficiently searching, securing, and reviewing Teams content to ensure regulatory compliance and support eDiscovery. It is encouraging to witness the emergence of innovative third-party solutions that specialize in Teams data consolidation and archiving. These advanced solutions streamline data management by offering automated tagging, categorization, and other efficient features. For instance, Archive360 offers an archiving solution tailored for Microsoft Teams, helping organizations efficiently consolidate and manage their Teams data in a secure and compliant manner.
Microsoft Teams is undoubtedly a highly productive collaboration tool. However, its use in organizations bound by regulatory retention requirements or involved in litigation introduces a layer of complexity. To navigate this complexity, streamline Teams archiving, and mitigate risks associated with compliance and eDiscovery, it is crucial to employ a comprehensive, standalone Teams archiving application capable of managing all Teams data effectively.
Conclusion
In conclusion, the landscape of data management and compliance is continuously evolving. It is vital for organizations to stay informed, periodically review, and adjust their Teams archiving strategies. Aligning these strategies with the latest best practices and regulatory requirements is not just a checkbox exercise; it is a strategic move that facilitates meeting legal obligations and unleashing the full potential of Microsoft Teams as an indispensable tool in the collaborative workspace of today and tomorrow.
For more information on how Archive360 can help solve your Microsoft Teams archiving needs: Click Here.
Contact Us to speak to an expert or schedule a demo today.