Office 365 Data Protection: Litigation Hold

March 31, 2021

Office 365 Data Protection: Litigation Hold

Any business, both large and small, might find itself on the receiving end of legal proceedings. The question is not if your business will undergo litigation, but when. And when that time inevitably comes, it’s best to be prepared. In this article, we will see what businesses can do to protect themselves from lawsuits specifically in terms of a process called litigation hold in Microsoft Office 365.


What is Litigation Hold and How Does it Work?

When a user “permanently deletes” an item in the delete folder, that item goes to the Deletions subfolder in the Recoverable Items folder where it is available for a specific period after which it is purged or permanently deleted.

With Office 365 litigation hold (also called legal hold), no item can be purged or automatically deleted. The items will be available for eDiscovery and Archive mailboxes will continue to be active. Once the litigation hold is lifted, the retention policy will take precedence once again, and any actions (such as automatic deletion) that should have taken place previously will be actioned immediately.

It is important to remember, however, that litigation hold does not restore lost data. It is designed to ‘freeze” electronically stored information (ESI) to prevent unlawful or unauthorised deletion, alteration, or information loss.


Why do you need it?

Email is often used as evidence in litigation today. However, as with other forms of evidence, the reliability of e-mail evidence will be subject to scrutiny. To be able to retrieve information for legal or official purposes, information must be properly retained. Failure to preserve email can expose an organization to legal and financial risks such as scrutiny of the organization’s records retention and discovery processes, adverse legal judgments, sanctions, or fines.

As an example, if the Human Resources department, Legal department, or outside Legal Counsel wants to gather information, it’s not good enough to just go into a user’s mailbox and extract information because the information in a mailbox is considered “fragile.” It is fragile because a user can easily “delete” a key message or the user can even go in using the Microsoft Outlook client and complete EDIT and CHANGE a message. If someone opens a user’s mailbox, the messages in the Outlook client can be tampered with and are NOT considered valid evidence (even if modified accidentally).

Preventing unauthorized deletion or modification of data from cloud platforms is crucial. Otherwise, any user could manipulate the essential data of your organization. Office 365 litigation holds preserve the original and all modified versions of each item even if a user deletes an item from their mailbox using any version of Outlook, Office 365 retains the item for discovery purposes.


Document Archiving Solutions

Any organization should diligently document and maintain all business-related email communications so that they are easily accessible in the event of an eDiscovery request or litigation hold. There are two primary forms of email record retention: email journaling and email archiving.


What is Email Archiving?

Archiving of electronically stored information refers specifically to the ability to completely move a message from one data store to another. Emails are stored in the most protected manner, moving and securing only one copy of the email or social media interaction, immediately after it has been sent or received. This allows your organization to collect, secure, and store extremely large amounts of email in a central location, which can be easily searched for.

Archiving maintains the data in a fashion which cannot be altered or deleted, guided by the parameters of your organizational retention policy. This guarantees that your organization can present any necessary information should you be faced with litigation or open records requests.

What is Journaling?

‘Journaling’ is the ability to record all communications for use in the company retention or archiving policy. A journaling system will create a copy of each individual communication and store it in its own separate mailbox, continuously stockpiling historically stored information ((in other words, copies of the messages are sent to another destination, besides the intended destination or mailbox). If an email is deleted from the original mailbox or the mailbox becomes unavailable, the journal will still hold the message.

What is the difference between Archiving and Journaling?

We’ll keep it simple: Archiving is generally perceived to be a strategy of backup and restore in a Disaster Recovery Framework, whereas Journaling is more of an ongoing audit of communications.


Few things to consider when using litigation holds:

• When you create a hold, you can specify a hold duration (also called a time-based hold) so that deleted and modified items are retained for a specified period and then permanently deleted from the mailbox. Or you can just retain content indefinitely (called an infinite hold) or until the Litigation Hold is removed.

• Litigation Hold cannot preserve data retroactively, which means if any data is deleted before implementing litigation hold, then it will not be protected unless it was already under a retention policy.

• Before turning on Litigation Hold, it is important to make sure your legal team weighs in and is in the loop. In fact, the legal team should typically be what triggers the litigation hold request.

• As previously stated, litigation hold only retains content from an entire user’s mailbox. However, it does not create a copy of your email data that you can store in a secure location. Backup data is generally considered to be a copy of content stored in another location that’s able to be used in the event of data loss.

What that means is that Litigation Hold and a Backup are different and cannot be used to substitute for each other. In a situation such as a ransomware infection, you cannot delete the infected email if the mailbox is on litigation hold. Also, since there is no secondary copy of the data, there’s no option to delete the infected email and restore the rest.


Enabling Litigation Hold

Litigation Hold in Office 365 is one of the most important compliance measures that organisations must implement to secure data. Only authorized users that have been added to the Discovery Management role-based access control group or those assigned the Legal Hold and Mailbox Search management roles can enable this feature. Here is Microsoft’s helpful guide on how to do a Litigation Hold.

If you are concerned about meeting compliance requirements or if you need some guidance on setting this up, speak to one of our experts. Contact us here or call us at 1300 911 000.

Share article

Sign up to our newsletter