The implications of lost chat records and data, regardless of originating application, can be significant to any business, especially for those governed by compliance regulations or eDiscovery requirements. An August 24, 2020 article from the Register (which as of press time still awaits further confirmation/comments from KPMG and Microsoft) reports that the personal chat histories of 145,000 Microsoft Teams users at KPMG were permanently deleted and also asserts the data is unrecoverable. The article goes on to state that “only personal chats were lost” but this brings up important questions about chat, data retention, compliance regulations and the potential impact of lost records.
An insightful article from Law360 helps to decipher these complex issues by providing recent information and legal opinion relevant to the retention and compliance requirements for chat and messaging as well as looking at the evolution of Ephemeral Messaging Applications (applications that allow the message and/or message and payload to disappear from the user device after a period of time) in a regulatory environment. Whether Sarbanes-Oxley (SOX, section 802, Retention of Records) or Europe’s General Data Protection Regulation (GDPR, Rights of Rectification and Erasure) or HIPAA audit trail and PHI retention requirements, specific chat and messaging data is governed by compliance regulations and should receive the commensurate level of retention and back-up considerations.
Protecting Against Microsoft 365 Data Loss
While Microsoft 365 offers excellent services that provide anytime-anywhere access to business-essential applications as well as many other business benefits, the customer is empowered to be ultimately responsible for its data and Microsoft recommends, in the Microsoft Services Agreement, that you regularly backup Your Content and Data that you store on the Services or store using Third-Party Apps and Services. With this in mind, selecting the optimum 3rd party backup and restoral solution becomes imperative. Veeam (provider of Cloud backup solutions and partnering with Otava’s cloud solutions to provide Backup for Microsoft 365 that includes chat backup) provides a very helpful whitepaper regarding 6 Critical Reasons for Office 365 Backup including accidental deletion, retention policy gaps, internal security threats, external security threats, legal and compliance requirements and managing hybrid email/migrations to Office 365.
Answering the compliance and retention requirements for new applications and collaboration methods is critical as any business evolves, but as another recent Otava blog on Microsoft 365 backup points out “In a [post-pandemic] environment that will have increasing numbers of distributed workers as well as distributed applications and data, an important question remains: is your business truly protected and fully survivable in today’s distributed environment?” Noting the significant increase in the number of Microsoft 365 subscribers, the global distribution of subscribers, the requirement for an ironclad approach to compliance and Microsoft’s own recommendation for the use of third-party backup services, what is your revised business plan for backing up Microsoft 365?
Built for the latest and greatest Microsoft 365 productivity cloud services, Otava Cloud Backup for Microsoft 365 is a comprehensive backup and recovery solution for Microsoft Online Applications in a simple as a Service package. Get complete protection against accidental deletions, malware, security threats and retention policy gaps. With no additional fees for bandwidth, storage or licensing, it’s never been easier to back up your critical data. Try it free for 30 days and see for yourself the power of additional backup protection for your critical Microsoft 365 data.
6 Critical Reasons to Back Up Microsoft 365: There are six critical requirements for Microsoft 365 Backup. Download this free whitepaper sponsored by Veeam, the leader in cloud data management™.
Tools to Assist Security, Compliance, and Improved Cloud Economics: With the rapid implementation of advanced networking environments, new tools and automation can provide assurances that the appropriate levels of security and compliance are resident end to end. (Read more)
Disaster Recovery Lessons We All Can Learn: Thanks to the cloud, disaster recovery has evolved from a complex beast that was difficult and expensive to manage into something a little simpler and tamer to handle. Does that mean DR is something where we “set it and forget it”? (Read more)