How Microsoft Teams can Address Remote Work Compliance Challenges Post COVID-19

By Jim Koziol| May 04, 2020
The COVID-19 pandemic has compelled many organizations to adapt to the new normal of a remote workforce. This new environment brought on additional challenges that IT, legal and compliance and remote workers quickly needed to address. For some organizations, Microsoft Teams (“Teams”) was not widely used, or perhaps not used at all. However, in a post-COVID 19 world, it quickly became a critical application to keep businesses functioning.

Microsoft recognized this challenge and is offering their "freemium" version of Teams for six months. According to Microsoft, Teams saw a 500 percent increase in meetings, calls and conference usage in China since the end of January.

IT and legal compliance stakeholders need to understand a few key considerations when rolling out Teams.
 

Data Retention and Deletion

By default, Teams’ data (chats, channels, and files) is retained indefinitely. This may be against existing retention schedules and policies and may also conflict with other regulatory obligations. Organizations need to define how Teams’ data will be managed within the organization and perhaps update or create policies, procedures and processes to address a new Teams’ implementation.

If the expectation is that Teams will only be used for a short period of time, Microsoft provides a 90-day window after a subscription ends for an organization to extract Teams’ data, if needed. Other solutions do not currently commit to a data deletion timeframe.
 

eDiscovery and Legal Hold

Microsoft’s Security & Compliance Center provides eDiscovery and legal hold capabilities for Teams’ information. Private channels were recently added to legal hold to address a previous gap. Individual users or an entire team can be put on a legal hold. eDiscovery cases can be created to include Teams’ information in the Security and Compliance Center. Stakeholders will need to be aware of content types that are discoverable and what is not (for example, audio recordings are not discoverable through the tool). With other collaboration solutions, additional 3rd party eDiscovery tools and/or manual processes would likely be required.
 

Security

Recently, cloud collaboration platforms have received negative press regarding unauthorized users participating in video conferences. In many cases, the intruder simply searched for URLs and was able to identify unprotected links for recurring meetings allowing the unauthorized party to join. Unlike these other cloud collaboration platforms, Teams provides a variety of privacy and security controls to prevent unauthorized access to meetings. Microsoft also offers a comprehensive set of compliance solutions, including auditing, reporting and identity management.


Summary

IT should partner with legal and privacy compliance stakeholders to ensure that enabling new technologies such as Teams will not cause downstream challenges. Policies and procedures may need to be updated to address these changes and additional end user trainings may be required to facilitate the remote workforce. With a little planning, organizations can realize the benefits of Teams and minimize disruption due to COVID-19.