With over 100,000 users connecting every minute, Microsoft Teams has become the go-to communication platform for organizations worldwide. Its widespread adoption can be attributed to the surge in remote work at the onset of the pandemic. The chart below shows the number of daily active MS Teams users growing significantly in 2020,  with the trend continuing in 2021 and 2022. Microsoft Teams now boast over 300 million users.

Source: https://www.communicationsquare.com/news/microsoft-teams-vs-slack/

With the ever-growing utilization of Teams and its seamless integration with various applications, organizations are faced with the challenge of effectively navigating the complexities of record management.

During our recent webinar, "Get Ahead of the Game: Managing MS Teams Records for Compliance and Legal Purposes," Peter Callaghan, CRO of Pagefreezer, and Richard Jeffrey Cook, Head of Records Management and Consultancy of In-Form Consult, delved into the intricacies of managing Microsoft Teams records to meet compliance and legal requirements.

Keep reading to discover the highlights from their discussion or click the button below to watch the webinar in full.

Drivers for MS Teams Information Governance 

The main drivers when it comes to managing the data on Microsoft Teams are  legislation and regulation, governance, and efficiency.

1. Legislation and Regulation: Compliance and legal requirements differ based on the country, industry regulations, and data protection rules. In the English public sector, the Freedom of Information Act, Data Protection Act, and the Public Records Act in Scotland, to name but a few, all outline requirements for the storage of information or the disposal of information that contain personal data when no longer required.
   
   Regardless of the specific requirements and whether the information is captured or generated within Microsoft Teams, the ultimate goal is to ensure that records are consistently stored in a way that maintains their authenticity and allows for easy retrieval, even years later.
2. Internal Governance: Organizations themselves may also impose internal policies to ensure staff are managing information in the proper manner.
3. Efficiency in the storage, search, and disposal of records: Efficiency plays a significant role in managing Teams effectively. Cook highlighted the common challenge of information being recreated because finding existing information is considered too difficult. Recreated information is often of poor quality compared to the original data.
   
   

   "Finding existing information is considered too difficult... typically, when information is recreated, it's actually of poorer quality than the original information that the organization already holds."  — Richard Jeffrey Cook

   
   Cook also stressed the importance of being able to find critical information within hundreds and thousands of records quickly. It's easy to find something that was created yesterday, but much more challenging to locate something that a colleague created 13 months ago. Efficiently locating and utilizing accurate and up-to-date information saves time and reduces errors.
   
   

   "Efficiency is first of all, knowing that information exists... being able to find the correct information quickly and accurately is a valuable requirement."   — Richard Jeffrey Cook

   
   Finally, efficiently identifying and disposing of records that no longer need to be retained is also important. For example, Cook referred to a case where the tobacco industry was facing compensation claims due to retaining documents they could have legally disposed of. 
   

Why the Information Governance of Microsoft Teams Records is Challenging

As organizations hastily integrated MS Teams into their communication technology suite during the pandemic, there was a lack of clarity and urgency surrounding data ownership and governance—not to mention an in-depth understanding of the complex nature of data residing within MS Teams and the Microsoft ecosystem.

Here are the biggest information governance challenges with Microsoft Teams:

1. Lack of Clarity and Governance: When Teams was introduced as a communication tool in many organizations, there was a lack of understanding about how the solution would be used, what data would be stored, and who would be responsible for it. Various groups, including information managers, IT personnel, digital services, legal, and human resources had differing opinions on how the data in teams should be managed. This lack of clear guidance or established governance rules led to confusion and a fragmented approach to data management.

2. Diverse Range of Content: MS Teams conversations encompass a mix of content types, including group chats, direct messages, files, meeting recordings, and calls. This diversity poses a challenge for organizations as they need to identify and manage these different types of data appropriately. Some files and documents may be exclusively stored within Teams, which requires specific attention to ensure their proper management, whilst other files are actually stored elsewhere in the Microsoft ecosystem.

   
   

3. Complex Storage Locations: Microsoft Teams presents challenges in determining where the information is stored. As seen in the image below, the storage location of a record varies depending on the type of data and its context. For instance, group chats may be stored in a different location than private one-to-one chats. Understanding the storage locations is crucial for configuring appropriate rules and effectively managing the data across different areas.
   

4. Real-Time Activity: When it comes to electronic records management, enterprise collaboration platforms are unique in the speed at which things happen. Thousands of comments, likes, and shares can occur each hour, and with each new interaction, a new record is generated. With the average user generating 1000 messages on MS Teams each month, it is not difficult to imagine the volume of data residing within the platform.

Tips for Managing Microsoft Teams Records Effectively

A major challenge in information management is that it is often neglected until a crisis arises. This reactive approach forces organizations to scramble, highlighting the importance of proactive thinking and policy establishment to effectively address information challenges.

With the challenges outlined above in mind, Peter Callaghan and Richard Jeffrey Cook highlighted the following best practices for managing Microsoft Teams records:

1. Know the MS Teams Data Landscape  

   The complex Microsoft ecosystem makes it challenging for legal and compliance teams to locate specific information as data can be spread across multiple locations. A single conversation in Teams can generate data in chat messages, shared files, and call records, with data location changing based on user settings and collaboration tools. To effectively manage legal and compliance risks, organizations must have a comprehensive understanding of the data landscape, including storage locations, access methods, and permissions. This enables easier data location and preservation in response to legal requests, reducing the risk of fines, legal action, or damage to reputation.

2. Know the Capabilities and Limits of Microsoft eDiscovery 

   Many organizations mistakenly believe that because Teams comes with Purview, the dedicated Microsoft eDiscovery solution, they have a sufficient solution for providing legal and compliance stakeholders with Microsoft Teams records. However, this assumption is not entirely accurate. Access to the robust eDiscovery Premium solution requires a top-tier E5 Microsoft 365 license, while companies on the more common E3 license only have access to the more limited eDiscovery Standard. Additionally, even eDiscovery Premium has its limitations, such as the inability to export Teams conversations in the popular and user-friendly PDF format.

3. Set Clear Policies
   

   To create an environment that minimizes legal and compliance risks while fostering trust and privacy among employees, it is crucial to establish clear policies. These formal policies should regulate the use of an enterprise collaboration platform, including a communication policy that defines acceptable behavior and a security policy that outlines measures for data monitoring and protection. The policies should not only explain how the platform is managed but also provide the rationale behind certain actions. Maintaining transparency is key, such as clearly stating whether conversations are monitored or if managers have access to private messages and channels.

   "It's essential to set clear policies and formal policy should be established to regulate the use of an enterprise collaboration platform like Microsoft Teams."   — Peter Callaghan

4. Provide MS Teams Training 

   One of the most effective ways to combat improper use of a team collaboration tool is to provide mandatory training for employees. This training should go beyond expecting them to read and sign policies on their own, but instead, outline acceptable behavior and company policies in detail. By incorporating this training as a regular part of onboarding, organizations can foster a sense of trust while minimizing legal and compliance risks. While it may require some time and effort, this step is essential for creating a secure and productive environment for employees.

5. Manage Users, Groups, and Roles
   To maintain control over the creation of private or public channels, it is vital to carefully manage users' permissions. As an organization grows, it becomes wise to restrict channel creation to designated personnel who are charged with maintaining order and avoiding wide-reaching channels that overwhelms and cause confusion. Additionally, when executives require access to private channels and conversations, it is important to limit it to essential stakeholders and communicate the reasoning to employees.
6. Find Shadow IT
   Shadow IT, which refers to unauthorized IT-related software or hardware, can pose a serious risk to data security. Employees often resort to these tools to maintain the privacy of their conversations or to workaround the perceived limitations of the official systems. In fact, a survey conducted in 2019 found that a staggering 67% of teams in large companies introduced their own collaboration tool without involving other departments. To mitigate the threats associated with shadow IT, it is imperative for compliance teams and IT departments to proactively identify and manage all collaboration tools being used within the organization.
7. Monitor Intelligently 

   Modern monitoring and data loss prevention tools now empower businesses to protect against data loss without compromising employee privacy. These intelligent tools streamline the process by automatically detecting suspicious activity, eliminating the need for invasive surveillance. Through the use of extensive keyword libraries, they monitor conversations in real-time, flagging inappropriate language and sensitive information, such as credit card numbers. Administrators are immediately notified when any of these keywords appear, ensuring prompt action and maintaining a secure environment.
   

8. Collect and Preserve Data
   

   To maintain compliance as well as facilitate effective eDiscovery collections, organizations must securely preserve all relevant data, including edited and deleted content, in a format that is admissible by law. An optimal approach is to leverage an eDiscovery solution that streamlines the entire process, empowering legal and compliance teams to seamlessly access, search, and export evidence without relying on IT intervention. 

   "It's important to have an archive of this data separate from the system of origin." — Peter Callaghan

9. Manage Data Retention Settings
   

   It is important for organizations to align the retention periods for channels and conversations with their overall retention policies. Striking the right balance is key - messages should not be retained indefinitely, but data should not be deleted too quickly either, as this could prevent legal, compliance, and HR teams from accessing necessary records. By properly configuring retention settings, organizations can ensure they have access to the necessary data while mitigating legal and compliance risks.
   

Microsoft Teams Record-keeping with Third-Party Solutions

ADDITIONAL RESOURCES FOR MANAGING MS TEAMS RECORDS

Want to learn more about managing MS Teams for compliance and more? Check out our other Microsoft Teams resources:

1. Managing Microsoft Teams Records for Compliance & Legal Purposes

2. The Complete Microsoft Teams Field Guide for Legal & Compliance Teams

3. How to (Really) Archive Microsoft Teams Chats & Channels

4. 9 Ways to Deal With the Legal & Compliance Challenges of Microsoft Teams