Blogs

IG Considerations for M365 and Teams: Chat Retention and Archiving: Part 4

By Chuck Barth posted 07-29-2021 16:13

  

In our 2021 Information Governance blog series regarding Microsoft Teams, we will take a look at the chat features and considerations around the retention and disposition of these messages. The information presented here is not intended to be considered legal advice nor instruction. The blog will provide explanations on the various setup configurations from an Information Governance perspective and highlight key concerns. It will enable you to have conversations with your technical and compliance resources, including Human Resources, to configure your system to meet your particular internal governance policies and risk thresholds.

Microsoft Teams provides configurability for two types of chats within the program: Channel chat and individual/group chat.  A high level explanation of the differences between these distinct types follows below.

Channel chat messages are posted within a specific team amongst the one, or many, channels that have been set up inside each team.  The assumption is that the conversations within the channels will directly relate to the subject for which the team was created, and any subtopics within each channel.

Individual/Group chat messages are those that happen between individuals or a group. The group chat that is created for a meeting set up in Teams is also included in this configuration. While many of these conversations may reference a specific topic, particularly for the meeting chat, it is more than likely that there will be a variety of subjects discussed and personal conversations between colleagues.

A good start to configuring the system is to answer several important questions: 

  1. What will your organization use Microsoft Teams for?
  2. What direction will your organization give to what the different chat functions are to be used for?
  3. Is Teams replacing any other chat programs your organization is currently using? If so, was there already a retention and archiving policy in place?

Focusing on the legal industry, Teams could be set up and used for specific legal work, identified by client matters. The information contained in client matter teams could be classified as client work product. Subject to your internal Information Governance policy, this could identify all chats within each channel of team as information that is part of the data file.  If this is the case, your retention should be configured to match what is defined in your retention policy for client data.  It is very possible that a team could be set up for internal use for various administrative departments such as billing, human resources and information technology. The retention of the chat messages within the teams should also mirror your internal retention policy.

The organization should give clear direction on what the usage expectations are for using the different chat features within Teams.  A sample communication may give the direction that personal conversations be limited to the individual chat format and all client work should be contained to the specific channels within a team set up for that client matter.  A reminder that there is no expectation of privacy within any chat format.

If Teams is replacing another application used for instant messaging or chat, instructions should be clear on any difference on how messages are to be managed and/or archived.  This will hopefully prevent any confusion when the Teams application is deployed and may operate differently than its predecessor.

Retention for teams chat can be configured  to match your internal policies.  The individual chat can be configured to be retained and visible for at minimum, one day, up to many days. The setting that is chosen should match the expectations of your internal policy, advice from the General Counsel and input from Human Resources.  Some firms may want the messages to only be retained for one day and then removed, while other might require a longer history to be provided. While the expectation is that firm property be used only for professional purposes, there is a risk that it could be exploited by dishonorable conduct. Such things should be taken into consideration by the stakeholders. 

Any channel chats in a client matter team, should be configured to retain the data until no longer needed. While there may be advances and upgrades in the technology down the road, the best practice is to configure the retention to hold the data indefinitely and be archived/deleted when the matter it is tied to has reached the end of its retention period.

When the retention period for chat messages has been reached, the data is removed from the user’s view and then moved by the system to the SubstrateHolds folder before they are permanently deleted. Messages will remain in the SubstrateHolds folder for at least 1 day, and then if they are eligible for deletion, the timer job permanently deletes them the next time it runs. Figure 1[1] created by Microsoft illustrates the process flow. 

Fig 1.

[1] Learn about retention for Teams - Microsoft 365 Compliance | Microsoft Docs

Careful consideration must be given to the retention of the messages, as once they are permanently deleted, they are truly gone form the system and are not recoverable. An exception is, that if a user deleted a message in a channel chat within a team that is subject to a Litigation Hold (and configured as such), the message will not be deleted. The messages will remain in the SubstrateHolds folder until the Hold is lifted. While the messages will not be visible to the general user group, they will be discoverable through the eDiscovery process.

Chat retention can be configurable to meet the organizations current policies, as we’ve discussed. The important takeaway is for IG to facilitate discussions on the impacts to ensure the configurations adhere to all internal policies. Microsoft provides a wealth of information on their Microsoft-365 site on Teams, retention and shat retention. A link is provided below and anyone responsible for the configurations or understanding the process would be encouraged to read all the information provided.

Learn about retention for Teams - Microsoft 365 Compliance | Microsoft Docs


#SecurityProfessionals
#ServerOperationsandSecurity
#Security
#InformationGovernanceorCompliance
#Microsoft
0 comments
55 views

Permalink