Please enjoy this blog post authored by LaToya Deese-Richardson, Application Analyst, Gibson, Dunn & Crutcher.
The Retention Game Plan for Microsoft Repositories highlights best practices for managing content lifecycles, enforcing retention rules, and maintaining compliance across Microsoft repositories, such as Outlook, OneDrive, and SharePoint. These best practices will help organizations remain organized, secure, and audit-ready.
As law firms utilize Microsoft repositories more frequently for document storage, the big question is: What are the best practices for utilizing these repositories?
Some individuals want to keep everything forever -- maybe because they fear losing what they consider valuable information that they may need at a future date. At the same time, they may not be aware of the negative impact this can have on the firm and themselves. Storing an excess amount of data on the network can slow down performance on their machines and the network. It can also cost the firm more money to constantly increase storage space for its users without implementing retention policies and rules.
It is helpful to understand what these repositories can do and what their limits are. It’s time for law firms to put together a game plan and enforce best practices for handling Microsoft repositories, with an emphasis on Outlook, OneDrive, and SharePoint.
Outlook
Outlook is Microsoft’s email repository for sending and receiving emails. Outlook folders can be linked to a document management system (DMS) like iManage, so when users move emails to that folder, it will sync to iManage. However, there should be an email retention policy. Email folders should only contain emails from the past six months to a year. Anything beyond that should be moved to the user’s archive mailbox, including inactive and closed matters.
Establishing a rule for attachment sizes in emails can prevent Outlook from being bogged down due to large files being sent across the network. These attachments would be ideal for a DMS. Outlook is not a safe place for client matters or sensitive data -- especially if an attacker or unauthorized person gains access to that mailbox. There is also no way to collaborate on files with other users without moving them to a DMS.
OneDrive
OneDrive allows users the ability to save and sync to local folders, such as documents and desktop. Access is restricted to that one user only. If a user needs to create and edit a document that does not require collaboration, then OneDrive is the most ideal storage location. Although it utilizes cloud storage, there are size and storage limits.
Storage space should be large enough to not limit users, but at the same time, the space shouldn’t be too large and unnecessary. For example, 20 TB would be too much without setting retention rules. Like Outlook, it is not a safe place to store client matters or sensitive data, nor is it an ideal location for collaborating on files. For long-term storage of active documents, OneDrive is not the best solution. When someone leaves the firm, their OneDrive disappears. Any files they have stored there will vanish.
SharePoint
SharePoint is an online repository for documents. Different sites can be created for various teams that require certain permissions to access. This can be accomplished by setting up rules and roles for content. An example would be restricting access to SharePoint pages to certain groups, such as IT and accounting. Policies for SharePoint content should include how long they should exist and at what point they should be placed in the archives. In other words, old files and documents can be archived after a certain period, such as six months or a year. Sensitivity labels and tagging can ensure better organization and identification of files -- especially for audit purposes. While it can be a great place to collaborate on files, there is still a file size limit that must be adhered to. SharePoint is also not a safe place to store client matters or sensitive data.
What To Do?
One conclusion is clear -- these repositories are not meant for long-term retention or sensitive data. That is what a DMS is for.
There is a need to implement structure and standardized processes. It is also crucial to know where everything is -- not just for organizational purposes, but also in preparation for audits. A standardized naming convention can quickly help locate documents. For example, include the client matter number in the document and/or folder name, as well as whether it is an inactive or active matter. This will require documentation and an outline of these processes and rules.
Aside from documentation, administrators need to monitor and understand the usage of their users. Where are users storing most of their data? Automated emails can be set up to send reminders of closed matters that should be archived. Another aspect to consider would be the last time the files and/or folders were opened and edited.
Key Takeaways
In general, using Microsoft repositories (Outlook, OneDrive, SharePoint) for document storage has its own advantages and disadvantages. They are useful for personal files, non-confidential files, active work, and temporary storage. They are not suited for storage of data related to client matters, sensitive data, closed or inactive matters, or for keeping files indefinitely.
#Microsoft#SharePoint#100Level#Retention#BestPractices