Remaining Compliant Amidst Challenges When Using Chat Applications in the Workplace
- Regulatory & Compliance
- 4 min read
Communication is different in the modern workplace. Gone are the days of phone calls and email being the primary channels of interaction. Many organizations are frequently utilizing chat applications like Microsoft Teams for internal communication. This includes informal chats, formal project discussions, video meetings, phone calls, and group collaboration. User-friendly chat applications are a great way to improve collaboration efforts and streamline projects – especially in a work environment involving remote employees or global offices. However, this also creates new eDiscovery and compliance obstacles to consider when it comes to creating policies around chat application usage and data collection workflows. Not only is business data stored in several cloud repositories, but it is also subject to rapidly evolving global regulations.
Failure to understand where internal data lives and implement appropriate retention protocols can result in violation of regulatory and industry requirements. Consider the four tips discussed below to help meet eDiscovery, human resources, and other compliance obligations.
#1) Remain aware of communication habits and where data may live internally
This is arguably the most important step because lack of visibility is now a common issue. Data usage is complex and moving outside of the traditional singular instances of IT storage locations. Data in modern communication platforms is stored in many locations across the enterprise. Not being aware of where sensitive information resides can cause major compliance issues resulting in regulatory fines or increased litigation costs. Leadership cannot ignore the fact that workplace communication preferences have changed and will continue to evolve as new technologies enter the market.
Since chat applications are here to stay, it is crucial to understand how these solutions store data. For example, there are two types of data sources in Teams (chat and channel), which adds complexity to collection and review. Teams’ chats are automatically stored in a user’s online mailbox. The files shared in Teams chats are stored in the sender’s OneDrive for Business site. Pulling all this data back together as one conversation thread becomes challenging during the review process.
Channels are harder to piece together because there are multiple people with access—some of whom do not even participate in the conversations or get left on after project completion. To add further complexity, the chat is stored in a dedicated group mailbox and the files sent are stored in a dedicated SharePoint site. When private channels are in use, the chat is stored in the end user’s mailbox and the files sent are stored in another SharePoint site. This renders identification a challenging feat. A hybrid approach using technology and custodian interviews is an optimal way to determine which channel conversations to attribute to a certain person and where relevant data resides. It is also crucial to remember private channels can be a data source for collection or legal holds.
File sharing in modern chat applications is difficult not only because of the complex storage strategy but also because of versioning. With Teams, it is the default setting for SharePoint and OneDrive to save the last 500 versions of a file. This version history is not based on intentional actions the user takes but rather on saving incremental versions. This means many versions of each file will exist. Matching a chat to the time a file was sent is crucial to maintain context during review. Failure to do so can result in reviewing a subsequent version of the file consisting of different content than what was originally provided. Exploring solutions that can piece conversations back together and preserve context can relieve review burdens associated with modern chat data.
#2) Update data governance workflows
Data is at an unprecedented level and will only continue to grow. This requires a deep understanding of how frequently utilized applications generate data and where retention gaps exist. Organizations need capabilities around deleting unnecessary chat data. Platforms such as Teams already offer this as a built-in feature. Carefully determine what the retention period should be for chat data and whether to store certain communications longer than others. Having sound retention policies in place is a great way to reduce risk while also minimizing the data review pool for future cases or investigations. Other solutions that promote compliance include label analytics and rich audit trails. After implementing a sound retention policy, consider creating an equally thorough in-place preservation practice to comply with legal and regulatory requirements.
#3) Implement privacy and data protection management controls
Investing in data privacy management tools must be a top priority as more governing bodies continue to update their privacy laws to provide consumers with enhanced protection. It is now the norm for employees to discuss customer matters and share sensitive information via chat applications. Additionally, having a data loss protection solution in place can greatly minimize data leakage risk and allow organizations to remain compliant with applicable privacy regulations. Another offering to explore is deploying automatic policy alerts when a user violates pre-established regulatory or corporate communication policies.
#4) Enhance forensic auditing and investigation capabilities
Opting for extended auditing logs is a way to improve forensic auditing and investigation. This will include extended licensing. It is crucial to have solid lines of communication between IT, legal, and leadership to understand current licensing capabilities. This helps legal and compliance teams to know where to advocate for additional services that can offer business value. Advanced auditing solutions preserve communication logs longer, offer extended retention options, and provide deeper visibility into messaging activities such as message read features or edited chats.
When it comes to data retrieval needed for a case or investigation, organizations need to know how certain data is structured to collect it effectively. Being aware of common obstacles presented with chat data will shine light on the solutions needed to remain compliant. Examples include modern attachments, reactions, versioning, gifs, emojis, and stickers. All of these unique data sources exist within applications like Teams but are stored and shared differently. A service provider with capabilities around collecting and transforming complex data is an optimal outsourcing opportunity to better manage these processes.
To continue to meet legal, business, and regulatory compliance challenges in the modern workplace, the ability to protect and quickly retrieve vital information is necessary. Integrating the considerations listed above into eDiscovery and compliance workflows can help organizations remain compliant. The goal should be to implement tools and partnerships that relieve the data management and collection burdens inherent in emerging technologies.
If you enjoyed this blog, consider viewing our recent webcast Emerging E-Discovery and Compliance Considerations in a Microsoft Teams-Centric Modern Workplace.