Technology is a beautiful thing! It is crazy to think about how far we have come in the last 10 years with regards to our communication capabilities. With all these improvements and enhancements come the need for companies to adapt to that change. Many financial companies are still highly dependent on the traditional communication methods (E-mail, Instant Messaging, and Voice) mainly due to the fact that they have had these processes in place to ensure they are compliant with any and all relevant information they capture. Nowadays you have some added communication capabilities such as persistent chat, video, voice chat, and document sharing. This can be a great thing for companies as it gives them more flexibility in how they communicate and collaborate. However, this also means that some companies aren’t able to modernize on these enhancements and sacrifice on modernization because they cannot meet regulations like MiFID II, FINRA Rule 3110, and GDPR. These regulations ensure that firms capture, store, and manage access to digital communications internally between employees as well as externally with customers, partners, or regulators. Consequently your firm may be stuck in the past, which is never a good thing in this ever changing technology world.
Microsoft is happy to cater to these demands by announcing the availability of retention policies for Microsoft Teams. Teams admins now can use Office 365 Security and Compliance to set retention policies for Teams chats and team channels. This will allow admins to decide what types of content they want to retain for the entire organization, specific locations or users, or even specific teams. This will allow your company to stay compliant with regulations mentioned above all while providing a modernized collaboration platform. Some of the capabilities of the retention policies will allow you to:
- Comply proactively with industry regulations and internal policies that require content retention for a minimum period
- Help reduce risk in the event of litigation or a security breach by permanently deleting old content that they no longer need to keep
- Expedite the document review process and avoid unnecessary efforts to dig into duplicate or less relevant records
- Share knowledge effectively and be more agile by helping to ensure that employees work only with content that’s current and relevant to them
So you may be wondering, “where will the data be stored?” Great question! For Teams chats and channel messages, a copy is stored within the chat service and a separate copy is stored (archived) within the Exchange online mailbox (both user and group). By default, retention policies will retain data for Teams chat, channel messages, and files forever. However, Teams retention policies will allow admins to set two types of Policies in Teams chat and channel messages:
- Preservation. These policies preserve information for a specified time period. That means even if employees delete Teams messages on their devices, the messages are preserved for compliance reasons and available in eDiscovery for the specified time, after which they can be deleted either automatically per the policy or manually by an administrator.
- Deletion. These policies help ensure organizations do not preserve data that could be a liability. After the specified duration, data is deleted from all relevant storage in Teams.
Admins also have the ability to manage the process and execution of data subject requests for data within Teams which can be accessed in the ‘Data Privacy’ tab in the Office 365 Security and Compliance Center. This will help your financial firm respond to Data Subject Requests from individuals in the EU whom request access to their data (this is a core requirement for GDPR compliance). To learn more about this, check out the Microsoft Tech Community blog on Events Based Retention Policies here.
For all things Teams and Skype for Business, check back regularly. I plan on doing a more in depth blog article on Teams governance in the near future!