Recently, we have seen a remarkably fast uptake in law firms’ adoption of Microsoft Teams as their preferred collaboration platform. In fact, it is not a stretch to predict that it is no longer a matter of if law firms will implement Teams, but when they will do so. And while there has been a lot of messaging around implementing and using Teams in the legal industry, there has been nothing about the real work that is required for governance and compliance. Implementing, provisioning and managing Microsoft Teams is only part of what needs to be done. Teams is complex and, as a preliminary step, it is important for law firms to develop the appropriate policies, procedures and controls within Microsoft Office 365 to ensure they are ready for a secure and compliant Teams roll-out.
Why Law Firms Are or Will Be Using Microsoft Teams
There is no doubt that the biggest driver of the sudden penetration of Teams has been the pandemic. The 2020 work-from-home phenomenon has driven adoption of Teams to triple-digit growth this year, with law firms of all sizes pushing for the rapid implementation of the software to support remote work and collaboration. Law firms are becoming increasingly comfortable with the cloud environment and have already adopted some parts of Office 365—many have moved email to Office 365 Exchange Online.
Another reason for Teams’ ascent is that Microsoft will be sunsetting Skype for Business by July 2021. Law firms presently using Skype that do not move soon to an alternative communication/collaboration platform will be in a world of hurt. Teams is Microsoft’s designated replacement technology for chatting, screen sharing and video conferencing, so even those firms that do not want to use its full functionality may be forced to roll out the application (or look elsewhere) if they wish to continue using those popular capabilities.
A third key driver toward Teams adoption by law firms is the fact that their clients are increasingly demanding the move. The Microsoft Office 365 ecosystem is still the most popular choice among corporate law departments for their day-to-day business software applications and they want to be able to easily collaborate with outside counsel. If firms cannot offer their own Teams platforms, then the collaboration will live with the client, potentially affecting firms’ control of the content.
The Information Governance Challenge
This inevitable rollout of Microsoft Teams presents several information governance challenges, some unique to law firms.
Widely dispersed information. Teams’ tight integration with other Office 365 tools, including OneDrive, SharePoint, Microsoft Exchange (email), Groups and additional productivity tools such as Planner and Stream means information generated via Teams is being stored across all of these workloads and must be carefully managed.
Data privacy concerns. For law firms, wide-ranging regulatory requirements pertaining to data privacy have ratcheted up the pressure to carefully manage data collection, storage, production and disposition. It is critical that law firms consider fundamental information governance issues such as records management and retention; information security and data classification; data privacy; eDiscovery; and issues related to remote access and client access.
Confidentiality and privilege issues. In addition to the above, law firms also have specific issues related to the confidentiality and privilege rules inherent in the practice of law. Firms must be concerned about data portability, ethical walls of separation within the firm, matter-centric content management, integration with legal document management systems and other information management challenges that are unique to the law firm environment. These considerations must be also taken into account by implementing Teams in sync with your firm’s information governance strategy.
Beyond Simple Provisioning: How to Meet the Challenge
Many law firms are already leveraging Teams’ chat, voice, meetings and screensharing functions, while others are jumping ahead, looking to start provisioning Teams across the firm to support practice areas and operations. Unfortunately, though, many of these activities are happening without the appropriate foundation. It is important to integrate information governance planning throughout the Teams implementation. The areas to address include preliminary issues related to governance and control and issues involved in provisioning and maintenance of Teams.
Governance and control issues to address include the following:
- A governance program. A structured governance program should include a steering committee with clearly defined roles and responsibilities to support Teams (as well as Office 365 as a whole), and should define roles, responsibilities and reporting structures so that key decisions can be surfaced and decided upon in a timely fashion.
- Policies and procedures. Firms should have adequate policies and procedures addressing the various aspects of Teams adoption, from acceptable use to security and privacy considerations. These policies should address the various use cases that define the personae with access to various Teams functions, in order to limit the firm’s exposure and risk.
- External access control. It is important to develop requirements and limitations for guest and federated users, clearly defining why and how external access should be granted, monitored and even revoked when no longer necessary.
- Retention policies and processes. Firms must have retention policies, as well as the accompanying processes, to ensure content that is generated throughout the Teams lifecycle is adequately protected, retained and disposed of according to the firm’s and its clients’ requirements.
- Security and compliance. To ensure effective application of eDiscovery, security and overall compliance, the Teams strategy should take advantage of the native Office 365 information protection, data classification and eDiscovery features.
Maintenance and provisioning issues to address include the following:
- Lifecycle management. True Teams lifecycle management goes beyond the obvious high-level provisioning, management and disposition, about which much has been written. It includes procedures, policies, rules and checklists that cover all aspects of Teams management.
- Reporting. Similarly, firms should develop processes that leverage native Office 365 reporting features for both Teams and related application workloads (e.g., OneDrive for Business and SharePoint Online), to better understand the firm’s adoption and use of Teams for compliance and audit purposes.
- Third-party solutions. Finally, firms must select and effectively leverage the right third-party solutions to handle lifecycle management, as well as Teams’ integration with the firms’ document management systems, ethical walls, and other practice systems. These areas are foundational, and without them, serious issues may arise in the future.
Law firm adoption of Microsoft Teams as a collaboration tool now appears inevitable. As a result, law firm IT leaders need to be prepared to manage the implementation of this new application within the Office 365 environment in a way that protects their firms from information risk. While there are many companies that can assist in implementing a Teams management solution, rolling out and managing Teams is not enough in a law firm environment. You must establish an information governance process that addresses the Teams functionality, multiple applications and varied information storage locations.
For more information on how to make sure your firm’s adoption of Teams is as safe and secure as possible through is integration with your firm’s overall information governance strategy, please feel free to contact me.