Retention and deletion policies in Office 365 are changing for the better – here’s what you need to know.
What are retention policies and why are they important?
Retention policies let your organisation manage information in accordance with industry standards, legislation and internal policies. They help you implement good governance, reducing the risk of legal problems and security breaches, and letting your staff manage information in a way that keeps it structured and relevant to your business.
Office 365’s built-in retention polices can be applied to Office documents, Outlook emails, Skype conversations or any other content that might need to be managed in a particular way.
Office 365’s Security & Compliance Centre features a ‘Retention’ page, where it’s now easier than ever to create and manage retention policies.
Setting up a policy is as simple as choosing how long information is to be retained and selecting whether to automatically delete it after that time. You can choose to configure advanced options, such as detecting and retaining content that contains sensitive information, that matches specific conditions, that was created in a specific location, or by a particular group of users.
Microsoft has also created template policies for specific pieces of legislation, mainly focused on personally identifiable information (PII), such as the Personal Information Online Code of Practice (PIOCP). These pre-defined policies let administrators quickly implement governance based on laws affecting their business scenario.
In-place record management
Another key change is that Office 365 now features ‘true’ record management. Information will no longer be moved to a Records Centre when a retention policy kicks in – everything remains in-place. That means people can continue using and editing the document, but Office 365 will automatically and securely store a copy as it was at the moment the retention policy kicked in.
Another new introduction is labels. Labels let you instantly apply policies to individual documents, emails or records. Administrators can grant users permission to apply labels manually in Outlook, OneDrive, SharePoint and Office 365 Groups.
You can also set up labels to be applied automatically, such as when an email contains specific keywords, or when a file in OneDrive is detected to contain sensitive information like a passport number.
Another powerful feature of labels is that they can be automatically applied to selections of existing documents based on particular conditions. You could, for example, apply a label to any existing documents that contain sensitive information, or to all the Word documents in a specific SharePoint library.
Understanding policy precedence
As of the latest update, retention and deletion can now be managed within a single policy. Where more than one policy is applied simultaneously, Office 365 will figure out which takes precedence. Policy precedence is figured out in the following order:
- Retention wins over deletion – A policy to retain will always take precedence over a policy to delete.
- Longest retention period wins – If one policy says to retain for three years and the other for five years, the information will be retained for five years.
- Explicit inclusion wins over implicit inclusion – If you use a label to set a policy for a specific document, it will take precedence over the overall policy set for its parent folder or library.
- Shortest deletion period wins – A policy to delete after 3 years will win out over one to delete after 5 years.
If one policy says to delete the document after two years, and the other says to retain it for five years, the document will be removed from circulation after two years, but will still be recoverable for a further three before being permanently deleted.
Head over to Microsoft’s website for the full picture on Office 365 retention and deletion policies. You can also learn more about labels.