Essentially, if you’re not familiar with email threading, the idea is that if a group of people is sending emails back and forth by hitting the Reply button, and the previous email is copied into the body of the previous email, you don’t really have to read each individual email. At some point, later emails have the entire conversation in them. This means that it’s not necessary to read the “lesser included emails” because you already read them as part of the thread. But, the problem Judge Aaron describes is that while the text is there at the end of thread messages, you’re missing important metadata that is unique to the individual message.
As I said, having worked with Teams messages often I have seen this, where a transcript doesn’t have all of the message metadata, especially the time/dates of each message versus the beginning or end of the chat. If you’re creating those transcripts and not including each message in your production, you might be running afoul of your production requirements.
But, as I said, IANAL, so don’t take my word for it, do your own testing.
A good chunk of these breaches are not someone actually trying to steal data, but just someone trying to either make something more easily accessible outside of the office or taking information when they leave related to things like contact information, maybe some documents they’ve written themselves that they want to keep, etc.
It’s likely that these folks aren’t actively trying to commit some sort of corporate espionage, they just aren’t really thinking about what they do. It might just be that the once-per-year required video just isn’t enough to make it top of mind every day.