Lawyers are sounding the alarm about the increasing data responsibilities the General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA) are placing on organizations. In light of the heavier burden, Microsoft announced it's set to release new compliance and information governance tools to provide real-time filing and notifications regarding sensitive data at the end of the year. 

To be sure, Microsoft isn't the only tech company providing information governance and compliance tools. Take for example FileTrail Inc.'s Governance Policy Suite and Epiq, which, like Microsoft, integrates its information governance solutions into Office 365. 

Still, Microsoft 365 senior director Alym Rayani touted Microsoft's tech acumen when developing the tools and the ease of setting up integrated safeguards as key differentiators from other information governance offerings.

Plus, Microsoft is a popular platform among lawyers. Indeed, while Office 365′s lawyer usage lags behind Google Docs, Microsoft Word is used by 98% of lawyers, according to the American Bar Association's 2019 Legal Technology Survey Report. Likewise, 97% of respondents said they also use Microsoft Excel. 

Popularity aside, Rayani noted more organizations, including law firms, are attempting to mitigate risk in their organization. "Customers quite frankly say they are struggling with these and they don't have the in-house expertise to keep up with the regulations," he said.

Below are highlights from Microsoft's new releases.

Expanding Labeling, Protection

User-driven sensitivity labeling is now available in Outlook Mobile. Microsoft is also set to add automatic classification into its Office 365 ProPlus versions of Word, Excel, PowerPoint and Outlook. Users can now train Microsoft's classification engine to label data sets unique to the organization, such as customer records and contracts, Rayani explained.

The new trainable classifier can also work in tandem with retention labels to automatically label data as sensitive and apply appropriate policies.

What's more, Microsoft also included the ability to apply protections to PDFs in an email, which include encrypting and watermarking the document.

Insider Risk Management

Insider Risk Management works to identify a set of risks, such as digital IP theft, HR compliance and confidentiality breaches in Microsoft Office, Windows and Azure. It does so by leveraging machine learning to flag "communications' sentiment" and abnormal user behaviors in real-time. "It essentially uses AI to identify risks traditional methods may miss," Rayani said.

For example, Insider Risk Management notes when a user downloads files and copies them to a USB device and later sends a letter of resignation. Insider Risk Management can notify HR, corporate counsel or whomever about the actions because "it starts to paint a picture of what is happening with that employee or incident," he said.

Investigators would see a set of files that individual downloaded "frozen in time" for an investigator to assess any potential wrongdoing.

Communication Compliance

As employees leverage more collaboration apps to communicate, their regulatory and corporate compliance requirements continue. In turn, Microsoft developed Communication Compliance to detect corporate and regulatory violations across various collaboration platforms, including Microsoft Teams, Exchange Online and Bloomberg instant messages.

Once the machine learning-assisted tool flags a violation, a designated investigator is alerted. Features such as historical user context on past violations, conversation threading and keyword highlighting allows the investigator to balance the full context of a matter quickly, according to Microsoft.