Microsoft 365 and WFH Considerations: An Interview with Sarah Sims-Thompson
Millions of employees globally are now working from home due to the COVID-19 pandemic. Since many have not done so before, they are facing challenges in managing their workflows and coordinating and collaborating with their peers. Corporate legal teams are now faced with the challenge of fulfilling their legal and ethical obligations in this new landscape. Though this has happened due to very unfortunate circumstances, by adopting the right tools and technologies, remote working can be a safe, convenient and most importantly, compliant, way to work.
I sat down with Sarah Sims-Thompson, Chief Product Officer of Blue Star Case Solutions, to talk about Microsoft 365 (formerly Office 365) and best practices in relation to the pandemic work from home paradigm.
What recommendations do you have from a litigation readiness perspective?
I think that corporate legal teams need to take stock of how employee behavior has changed and make sure that they update their ESI protocol to reflect those changes. Basically, they need to have a plan on how to preserve and collect all user generated data now that workers are at home. They need to start off with identifying exactly where this data is being generated; from the devices to the software they use. If the company did not support remote workers prior to Covid-19, then they probably have a lot more work to do than those that did.
Although every corporation has a unique litigation profile, in general, the following can be considered to be best practice; provide your employees with the devices necessary to perform their tasks like laptops, have an allowed software list of applications and platforms that support litigation readiness and back up your plan with employee policies. You want to know where people are storing their data and communications, you can’t have employees making their own choices. The more data sources you have, the more complex and fallible your preservation strategy will be since all employee data is discoverable, regardless of where it is. Legal teams need to work with their IT teams to reduce their ESI landscape with a clear allowed software policy which will narrow their field of scope when developing their preservation strategy. Even though they can’t prevent an employee from using apps that aren’t on their approved list, the employee would however be in breach of policy if they did so.
We must remember that a preservation strategy must be “reasonable” and defensible. It does not, and some would argue, cannot, take into consideration all possible data sources, that would be unduly burdensome. Most corporations are using Microsoft 365 (M365), which includes built in eDiscovery capabilities that can make the legal team’s job much easier.
What type of eDiscovery capabilities?
Microsoft 365 has end to end built-in eDiscovery capabilities from legal hold notification through to production. However, the features available all depend on the corporations Microsoft 365 licensing. The Advanced eDiscovery features in M365, such as legal hold notification, early case assessment, processing, and review require an E5 license or the equivalent which not a lot of corporations have for all of their employees. Most corporations have E3 licenses which allow you to preserve data in place, perform search and investigation and export the data if further review is required. With an E3 license Microsoft 365 eDiscovery allows you to preserve in place Outlook, Teams, SharePoint, and OneDrive data and allows you to apply date range limitations and other filters. I work with a lot of corporations to help them leverage their Microsoft 365 licenses. Not just because it’s cost effective but because they are preserving data in place and not collecting to preserve so they are reducing risk as well by only preserving what they need and only collecting when they need to.
You mentioned Teams, how would that benefit a company that’s now facing WFH?
Teams is replacing Skype, it’s basically Skype on steroids. Many corporations are using Teams for video conferencing, collaboration, messaging and more. Since Teams data is easy to preserve in M365 it is a smart choice.
What do legal teams find challenging about Microsoft 365?
With Microsoft 365 we have an overlap between Legal and IT, I see this as being the greatest challenge. Typically, the M365 licensing budget lies with IT, not Legal, so they are often not at the table when licensing decisions are being made and therefore, they frequently aren’t getting the licensing they need to leverage M365 functionality like preservation in place. Another challenge is that Legal and IT often don’t speak the same language making it hard to communicate their needs. IT teams aren’t usually experts in a corporation’s legal obligations and eDiscovery process whilst Legal teams don’t typically understand all the IT jargon and security requirements. We also see a reluctance from IT to give Legal permissions to access the Security and Compliance center, where the eDiscovery functionality sits, because this is really considered to be IT’s domain since this is where all the corporation’s security and threat management is managed. Even when permissions are granted to Legal, the technical interface, designed for IT, can be daunting for legal teams. I work with both Legal and IT as a translator of sorts to help educate both sides on the benefits, features and functionality of Microsoft 365 and how it will help them to reduce cost and manage risk.
I also asked Aaron Crockett, attorney at Harrang Long Gary Rudnick, who has the same challenges at his firm. Aaron stated that the skills set of the users and training attorneys on a new platform is hard.
Yes, most definitely, Legal does not want to be spending time learning another platform, they want to do what they do best - which is practice law.
Sounds like Microsoft 365 is the only solution a company needs to fulfill their duty to preserve?
Actually, that is rarely the case. Even if a corporation is using Microsoft 365 and has the right licensing, there is almost always data that requires preservation outside of Microsoft 365. Some corporations use cloud platforms like Slack, Salesforce or Asana and of course there is often relevant computer, network and phone data. Things can get complicated pretty quickly. I often challenge corporate IT and Legal teams to think about creative ways to streamline preservation without limiting their employees’ ability to get the job done. As an example: let’s say your employees are currently using their phones to text with other employees. If this data is subject to discovery, it can be VERY difficult and expensive to collect those text messages off those phones. The phrase, “I'll give you my phone when you pry it from my cold, dead hands", comes to mind. So why not issue a policy that forbids text messaging and allows for messaging through Teams on the phone instead? This way you won’t need to fight to the death to get a phone from someone. You can instead preserve those conversations when you are preserving their email in Microsoft 365. Cheaper, easier, less risk.
What if they don’t have Microsoft 365 or the right licensing to perform preservation there?
Of course, that is often the case and even if they do have all the right licensing they will still face the challenge of preserving non-365 data sources. I think it all starts with the allowed software policy. Pick applications that have built in preservation functionality. For instance, for messaging, choose something like Chatter 365 that allows you to easily place holds and preserve in place and that exports the data in an easily reviewable format, as opposed to Slack which is notoriously difficult to preserve, collect and review.
Any final thoughts?
Preparing a team to work remotely can be challenging - especially when it happens quickly with no warning as it did in March because of the pandemic. Whether you use Microsoft 365 or not, try to limit your ESI landscape so that your preservation strategy is manageable and cost effective, repeatable and defensible. If you need help or have questions, BlueStar can help. Get in touch with us to learn more about how Microsoft 365 is important to manage your remote workplace and the best ways to implement it in your organization.
We are currently offering a personalized 1-hour consultation with an eDiscovery industry expert on Microsoft 365 eDiscovery or Remote Workplace Risk assessment at no cost through September 30th. Just go here and enter code COVID19 to waive the $495 fee.
Sarah Thompson (nee Sims), is Chief Product Officer for BlueStar Case Solutions, Inc. Sarah is passionate about legal technology innovation having developed, brought to market, positioned, and managed some of the legal industry’s leading technology offerings for over 15 years. Sarah brings a wealth of legal and cloud technology expertise in the areas of product management, e-discovery, data privacy, and Microsoft 365 Security and Compliance.
Established in 2003, BlueStar has thrived and continues to successfully carry out its company mission “to deliver consistent, winning results with unmatched personal service for our clients leveraging the most sophisticated and current technologies available.” We are experts in litigation support, complex data solutions, compliance, data privacy and software platforms. Let us help you structure and implement a winning solution today. For more information go here.
Related links
Main menu