Pagefreezer

The Complete Microsoft Teams Field Guide for Legal & Compliance Teams

How to Effectively Manage the eDiscovery and Compliance Requirements of MS Teams

Want this guide as a downloadable PDF?

Microsoft Teams may not have been the first of the modern enterprise collaboration platforms to hit the market—Slack is generally regarded as the first mover here—but Teams has nevertheless quickly become the most popular.

Thanks to its bundling with Microsoft Office (and a free pricing tier), Teams has enjoyed incredible growth. In November 2019, the app had 20 million users. By March 2020, just as the biggest effects of the COVID-19 pandemic started to be felt, it had 44 million users, but thanks to lockdowns and remote work, this number quickly shot up to 75 million by April 2020. And while the worst of the pandemic might be over, this growth trajectory has continued. In 2021, Microsoft reported that Teams had 145 million users—and in 2022, it announced an increase to 270 million users.

Over the last decade, tools like MS Teams, Slack, and others have greatly reduced the internal use of email within many companies—and in some instances, have done away with it almost entirely. But they have done even more than that—they changed the very nature of communications within companies.

Microsoft Teams is more than a simple instant messaging tool. True, it lets employees quickly and easily chat with one another, but it also allows them to share files, effectively collaborate in group channels, launch audio and video calls, receive automated real-time notifications of important events, easily conduct polls across an organization, share GIFs and videos, and much more.

Teams data is multifaceted; it consists of shared files, images, GIFS, videos, emojis, etc.

The social media-like nature and varied capabilities of Teams has resulted in a much richer communication platform than traditional email or instant messaging services. With Teams, it’s quicker, easier, and more fun to collaborate.

And unlike more standalone options such as Slack and Workplace from Meta, Teams enjoys complete integration with Microsoft’s suite of products. For instance, you can send an email to a Teams channel by using that channel’s email address. Or, you can quickly create a Teams meeting through Outlook.

But, as great as Teams can be for improving productivity and collaboration, there are also challenges. The ease with which MS Teams allows employees to communicate and share information has introduced significant legal and compliance challenges. We’ll look at these in detail below, and we’ll also look at effective solutions that mitigate these risks. First, however, we’ll look at all the benefits of Teams that have made it so ubiquitous in the modern workplace.

SECTION 1

The Benefits of Microsoft Teams

While there is some justified concern that tools like MS Teams with all its constant messaging and GIF sharing can be disruptive, there is also ample evidence that it improves communication and collaboration. Cal Newport, the productivity expert and author of Deep Work, has even argued that companies should completely replace email with team collaboration tools.

Moreover, the COVID-19 pandemic has created an environment in which a tool like MS Teams is absolutely essential. With countless employees working from home, team collaboration tools have become central repositories that remote teams depend on to communicate and collaborate in real-time.

The ROI of Improved Collaboration

Team collaboration tools can have a very real impact on a company’s bottom line. In a study on the economic impact of Microsoft Teams, research and advisory firm Forrester found that the implementation of Microsoft collaboration platform can offer a tremendous return on investment.

“Overall, customers were pleased with Teams and how well it integrates with the rest of Office 365. They cited associated cost savings as a key factor in adopting Teams. For a standard 5,000-user organization, the study reported benefits and costs of roughly $30.3 million and $3.3 million respectively, resulting in an overall net benefit of $27.1 million over three years,” states the report.

In other words, MS Teams can deliver a 10x ROI. How is this possible? According to Forrester, it all comes down to the fact that the tool makes it easier to meet, communicate, and collaborate—which drastically cuts down on the time needed to make decisions and get work done.   

What Better Collaboration Looks Like

While it might be hard to believe that improved communication and collaboration could have such a massive financial impact, the cumulative effect of a series of efficiency gains should not be underestimated. According to the Forrester report, MS Teams offers (among others) the following key benefits:  

  • Employees have fewer meetings—and those meetings tend to be shorter. Teams makes it quick and easy to have virtual meetings, which results in potential savings of $6.9 million.
  • Workers save four hours a week thanks to better collaboration and information sharing. With crucial files and conversations all centrally located, there’s less time spent hunting around for information. This can result in savings of $14.3 million.
  • Employees save an hour a week because they’re not constantly switching between applications. Crucial apps—especially those within the MIcrosoft suite—are all easily accessible within Teams, which again means less time wasted. Savings here can be up to $4.8 million.

To see the other seven benefits mentioned, have a look at the full Forrester Total Economic Impact Of Microsoft Teams Report.     

SECTION 2

The Legal and Compliance Challenges of Microsoft Teams

While the use of Teams can be beneficial to the organization as a whole, it does introduce certain challenges—specifically for departments like Legal and Compliance.

The financial services industry is a perfect example. As great as it is to be able to easily communicate with clients through channels and chats, MS Teams use must also comply with regulations laid out by entities like the Securities and Exchange Commission (SEC), Financial Industry Regulatory Authority (FINRA), and the Federal Financial Institutions Examination Council (FFIEC).

Microsoft Team Collaboration Tools — The New Email

To understand the recordkeeping and compliance challenges of a modern enterprise collaboration platform like Teams, it’s useful to compare it to email. Although it is hard to imagine today, there was a time when organizations were not entirely sure how emails should be stored and managed to meet compliance needs. As the technology evolved, and regulators and courts started to hand down specific rules and guidance, companies slowly understood what was required of them and implemented robust retention systems and processes.

Today, just about every company understands that employee emails have to be retained for a set period (usually somewhere between three and seven years), and subsequently have some sort of email vault or other archiving solution in place. And even if an organization isn’t operating in a highly-regulated industry, the threat of litigation makes it a prudent thing to do.

Broadly speaking, emails need to be archived for the following reasons:

  • Regulatory Compliance: Meeting the requirements of organizations like the FDIC, FFIEC, FINRA, and IRS, and preparing for related regulatory audits
  • Litigation and eDiscovery:Keeping detailed records of communications in the event of a legal matter, both external lawsuits and internal employee matters. As with any digital file, an email can be altered, so it’s important to have an accurate copy of the original.
  • Data Security and Knowledge Management:With so much digital information being shared, it’s important for companies to monitor the flow of information and keep close track of what is being shared.

Just like with email, Microsoft Teams content should be collected and preserved to meet the above requirements.

Simply put, if a recordkeeping rule applies to email, it also applies to an enterprise collaboration tool like MS Teams. So any organization looking to understand how they should handle the recordkeeping requirements of Teams need only look at how they currently deal with email. Is every employee’s emails being archived for seven years? Then the same should happen with enterprise collaboration records.

The Recordkeeping Challenges of Microsoft Teams

While the recordkeeping requirements of MS Teams might be similar to that of email, the practical process of collecting and retaining Teams data looks very different.

The fact of the matter is, collaboration tools like Teams are upending traditional approaches to recordkeeping, which is why it is giving records managers, compliance professionals, and legal teams so much trouble.

Companies are used to dealing with discreet records (like emails and PDFs), but Teams has more in common with a social media platform like Facebook. The following characteristics of the platform complicate the recordkeeping process:

  • Real-Time Activity:Unlike with an email or PDF, content in Teams content is always evolving. Not only can users chat and share files in real-time, but they can also edit their posts and delete content. This means that as soon as a record is created (by, for example, taking a screenshot) it is already outdated because the content has been altered.
  • Teams’s Multifaceted Nature: Microsoft Teams channels and direct messages contain far more than text messages. They consist of GIFs, reactions, videos, shared files, etc.
  • App Integrations and Linked Content: Many popular third-party applications boast Teams integrations. Most importantly, Microsoft’s own vast suite of products all integrate seamlessly with Teams. This results in a great user experience, but when it comes to recordkeeping, untangling this web of linked content can be tricky.
  • Complex Data Structures: As alluded to above, understanding where exactly data resides within the Teams ecosystem can be difficult. Files linked in chats and channels can reside within SharePoint, OneDrive, OneNote, etc.

SECTION 3

Microsoft Teams and the Legal Department

SECTION 4

Microsoft Teams and the Compliance Department

Although it’s advisable that all companies keep detailed records of MS Teams data, it’s non-negotiable in highly-regulated sectors (like banking) where firms are expected to archive all communications.

As stated in “The Legal and Compliance Challenges of Microsoft Teams” section of this document, it’s useful to compare Teams with the recordkeeping requirements of email. If your organization archives all employee emails, it should also be archiving all Teams communications. If a regulator like the SEC or FINRA has laid out recordkeeping requirements that cover email, they also cover Teams communications.

Because of this, the needs of compliance departments are very similar to those of legal teams. Compliance professionals need to:

  • Have easy access to the platform to find relevant records.
  • See edited and deleted content that’s no longer present on the live platform.
  • Quickly search the platform for relevant records.
  • Export these records in a defensible format that will be accepted by regulators during an audit.

All Compliance Starts with Records Management

Apart from the issue of recordkeeping requirements, it’s important to realize that all compliance starts with good records management.

The compliance function of an organization can’t effectively assess a firm’s policies, controls, and procedures without access to reliable records of online data. For example, no compliance team can assess the risks of money laundering and terrorist financing without seeing the relevant records and data related to due diligence processes, transactions, and internal and external reporting.

The same considerations apply when it comes to assessing the risk of misselling or market abuse and insider trading. A review will be flawed if financial promotion records, checklists, and transaction records are incomplete.

In other words, there is a very close link between compliance risk and the integrity of online data. If there are no formal controls in place to manage the vast volumes of electronic data, the compliance function will be of little help when there is a regulatory matter. With so much regulatory focus on responsibility and accountability, it is crucial that the integrity of data is maintained and that everyone understands their own responsibilities.

This obviously has massive implications for the use of Microsoft Teams, especially when employees are working remotely and depending on the platform to share documents. If compliance professionals don’t have access to reliable records, the potential repercussions extend far beyond fines related to recordkeeping requirements—every aspect of compliance (including those related to very serious allegations like money laundering, terrorist financing, and misselling) can be impacted.

Monitoring Teams for Compliance

Another issue worth discussing is monitoring. While accurate recordkeeping and good information governance of Teams is crucial to regulatory compliance, active monitoring can go a long way towards preventing compliance issues from escalating—and in many cases prevent them from happening altogether.

Monitoring and Data Loss Prevention (DLP) solutions can be used to notify compliance professionals and other stakeholders as soon as sensitive information (like credit card numbers, social security numbers, bank account numbers, etc.) is shared over Teams. 

These monitoring tools can also be used to ensure that use of Teams complies with internal communication policies. As with sensitive information, text patterns can be used to monitor the platform for profanity and other inappropriate language, thereby making it easier to curb bullying and harassment in the workplace.   

SECTION 5

Mitigating the Legal and Compliance Risks of Teams

SECTION 6

Dealing with Microsoft Teams Data for Compliance and eDiscovery

What does it look like for legal and compliance teams to deal with Teams data in practical terms? Say, for instance, a specific piece of Teams data is needed for a legal matter or regulatory audit. How would teams find that relevant piece of content and export it?

Screenshots of Live Teams Data

The easiest way to tackle this task is to search for the content directly in the platform with the help of Teams’s own search functionality—and once found, to take a screenshot of it.

But this approach has a couple of issues. First, giving various legal and compliance team members admin rights that provide them with access to all private channels can make it easy to find data, but it also runs counter to the principle of least privilege and introduces privacy and security concerns. Moreover, it would not give these investigators access to direct messages between employees, so a significant blindspot would still exist. 

Second, taking a screenshot of content directly in the platform doesn’t capture any metadata that would prove its authenticity. The only metadata attached to the screenshot would be that of the JPEG itself, so it would be impossible to prove that the content had not been tampered with in Photoshop or some other image-manipulation tool.

In short, the above is not a scalable or reliable approach to Microsoft Teams recordkeeping.

Microsoft Purview (eDiscovery)

Microsoft Purview is a data governance solution that enables organizations to discover, analyze, and manage their data assets across various platforms and data sources. It provides a unified, centralized view of an organization’s data, helping to ensure that data is accurate, secure, and compliant with regulatory requirements.

Purview can connect to a wide range of data sources, including on-premises, cloud-based, and SaaS data stores, and allows users to search and explore their data using natural language queries. It also provides data lineage and data cataloging capabilities, enabling users to track the origin of their data and understand how it’s being used throughout the organization.

As part of Purview, legal and compliance teams have access to Microsoft eDiscovery. The solution is part of the Microsoft 365 suite of products and services and is designed to help organizations efficiently manage their eDiscovery workflows and comply with legal and regulatory requirements.

With Microsoft eDiscovery, organizations can search and collect data from a wide range of sources, including emails, documents—and Microsoft Teams. The solution includes search and filtering capabilities, as well as features for preserving and exporting data in a legally defensible manner.

Microsoft eDiscovery also includes features for managing and collaborating on eDiscovery cases, such as assigning tasks and roles to team members, tracking case progress, and generating reports. The solution is designed to be scalable and can handle eDiscovery workflows of any size, from small, ad-hoc requests to large, complex cases.

Overall, Microsoft eDiscovery is a robust solution for managing eDiscovery workflows, enabling organizations to reduce the time needed to respond to legal and regulatory requests while ensuring compliance with legal and regulatory requirements.

So is Microsoft eDiscovery the only solution that legal and compliance departments need when dealing with MS Teams data?

Microsoft eDiscovery Standard
The reality is, not all users have access to the full capabilities of Microsoft eDiscovery. In order to make use of advanced features, you need a top-tier Microsoft 365 E5 license. Users on the far more common E3 license are required to accept certain limitations. For instance:

  • Rather than automatically searching across the multitude of locations where Microsoft data can potentially reside, users must identify individual locations to be searched, such as a drive or cloud location.
  • Targeted collections within Teams will only return search hits, not the surrounding messages in the conversation (which can potentially be very relevant to an investigation).
  • Linked files in Teams are not logically connected to their corresponding messages.
  • Each Teams message is archived and exported as an individual message item in PST format. This means that legal and compliance professionals are forced to manually reconstruct conversations from PST files, which need to be opened in Microsoft Outlook and individual messages in a discussion thread are presented as a single email — a slow, frustrating, and error-prone process.

An example of Teams conversations broken into individual PST files. Reconstructing these chats can be slow and frustrating work.

Microsoft eDiscovery Premium
What about the top-tier E5 version, called Microsoft eDiscovery Premium? As mentioned, it is a robust solution—but it still has some limitations, especially when it comes to MS Teams. Below are some examples:

  • It is expensive compared to the Microsoft E3 license. As a result, many organizations simply do not feel as if the added cost per user can be justified.
    eDiscovery Premium is complex and not particularly user-friendly—onboarding users can require time and effort.
  • Searches are slow to execute, especially when dealing with large data volumes. Searching through Teams chats is also challenging. A search often returns replies to a comment and not the original thread.
  • PDF exports of Teams data—a very popular format—is not available through Microsoft eDiscovery.
  • The tool offers limited customizability in terms of features and design options for specific verticals/users.
  • Due to its integration with other Microsoft products, it excels at finding data within that ecosystem. However, searching for information, files, and applications that are not part of Microsoft 365 remains a challenge.

Overall, eDiscovery Premium is a comprehensive solution that is all but a necessity for organizations that make use of the full spectrum of Microsoft solutions. Due to its integration with the Microsoft suite, eDiscovery Premium is incredibly effective at facilitating investigations across MS Office, ProofPoint, OneNote, OneDrive, etc. But when it comes to dealing specifically with Teams chats and channels, eDiscovery Premium is arguably not the best solution—especially if cost is a key factor.

Microsoft Teams Graph API and Export API

The best solution for legal and compliance teams is to adopt a tool that leverages Microsoft’s Teams Export APIs.

In order to simplify compliance and eDiscovery, Microsoft offers APIs that can be used by third-party vendors to offer dedicated solutions. Pagefreezer for Microsoft Teams is exactly this kind of solution.

With Pagefreezer, legal and compliance teams can get access to Teams data through a dashboard that recreates the native platform exactly. So instead of dealing with confusing PST files, content can be viewed in its original context, complete with all the GIFs, videos, emojis, etc.

MS Teams chat conversations are displayed as a message chain within the Pagefreezer platform and can be exported in PDF formats for more in-context review.

Legal and compliance professionals can also use advanced search to quickly and accurately deliver relevant content across all users, chats, and channels within Teams.

And when it comes to preparing this data for a legal matter or regulatory audit, Pagefreezer users can instantly select relevant content, add it to a case file, leave comments and notes, and then export this data to local servers. Content is exported in user-friendly PDFs, complete with associated metadata.

All of the above is delivered at an affordable cost that is significantly lower than other license options, while delivering legal and compliance departments with a sophisticated tool designed specifically to meet the challenges of Microsoft Teams chats. With a solution like Pagefreezer for Microsoft Teams, finding, reviewing and exporting Teams content becomes a breeze.

SECTION 7

Conclusion

Like other data sources—such as email clients, websites, and text messaging apps—Microsoft Teams requires the implementation of effective legal and compliance solutions. Given how much communication is taking place over enterprise collaboration platforms these days, ignoring their existence is simply not an option for legal and compliance departments. Their content is guaranteed to become increasingly relevant to legal and regulatory matters

That said, Teams and other team collaboration tools should not be seen purely as data sources that need to be corralled. Teams also serves as a centralized hub for legal and compliance professionals to access critical information, such as legal documents, policies, and regulations. This helps to ensure that everyone has access to the latest information, reducing the risk of errors and omissions. With the right legal and compliance solutions in place, these platforms can actually improve information governance and make it easier to identify crucial ESI.

Would you like to see Pagefreezer for Microsoft Teams in action?

Click the button below to book a personal demo.

Book a Demo

1-888-916-3999
support@pagefreezer.com

Head Office:
#500-311 Water Street
Vancouver, BC V6B 1B8
Canada

Europe Office:
Van Leeuwenhoekpark 1 - Office 5
2611 DW, Delft
The Netherlands

UK Office:
+44 20 3744 7173

Australia Office:
+61 (07) 3186 2199

Subscribe to our Blog

Get targeted Industry news, great tips and valuable insights

©2024 Pagefreezer Software Inc. All Rights Reserved. Privacy Policy and Acceptable Use Policy. Commercial use and distribution of the contents of this website is not allowed without express and prior written consent of Pagefreezer Software Inc. subject to existing copyright exceptions and limitations.