Electronics Communications Risks in the Era of Ephemeral Messaging
Listen now
Description
Ephemeral messaging applications like Snapchat, WhatsApp, and Telegram have presented a complex challenge for compliance professionals and legal counsel. On one hand, these technologies can reduce data storage and preservation costs, minimize breach exposure, and allow prioritization of communications data. On the other hand, they can create blind spots by deleting communications records and seriously obstruct internal investigations. How can companies balance the benefits of ephemeral messaging against the risks of compliance program undermining? In this week's episode of Corruption, Crime and Compliance, Michael Volkov discusses recent DOJ guidance regarding ephemeral messaging risks and outlines practical steps organizations can take to strike the right balance.  You’ll hear him discuss: Ephemeral messaging can reduce data storage and preservation costs, which can be significant for companies facing litigation or investigations. It also reduces potential breach exposure by deleting data.However, ephemeral messaging can obstruct internal investigations and create corporate blind spots by deleting communications records before they can be reviewed. This undermines compliance programs.DOJ's guidance outlines several steps companies can take to allow ephemeral messaging while mitigating risks:Understand how the apps delete data and what types of data are stored;Tailor policies on use to your specific risk profile and business needs;Clearly communicate policies to employees and ensure regular enforcement;Examine how policies impact the ability to conduct investigations and respond to subpoenas;Evaluate the overall reasonableness of the risk mitigation strategy.Practical steps to make ephemeral messaging safer include:Restricting use to specific authorized purposes like scheduling;Requiring employees to maintain deletion settings;Conducting periodic audits of devices;Requiring preservation and company access to work communications,Coordinating ephemeral messaging policies with broader data preservation policies.If a company provides devices to employees, it has more control and ability to restrict apps and access data, but even then, steps need to be taken to mitigate risks.BYOD policies are more complex since consent and privacy restrictions may limit what companies can do. However, a BYOD policy still needs to address comprehensively:  Preserving data  Allowing corporate audits and access  Segregating work data where possible  Outlining consequences for violations  Respecting local privacy laws  Getting employee consentWith the right policy framework, BYOD can potentially allow ephemeral messaging while protecting data availability. KEY QUOTES “Companies have a vested interest in preserving their internal communications for a variety of reasons, to hold internal actors accountable, or even outside actors sometimes, and to protect the organization from potential private and government claims or investigations that may have serious direct or collateral consequences.” - Michael Volkov “If the government issues a grand jury subpoena as part of a criminal investigation and the company fails to preserve data generated by use of an ephemeral messaging system, a company could be held liable for failing to preserve data relevant to the criminal investigation. Such consequences can be significant...” - Michael Volkov “While a company may have limited access to employees' personal devices when it supplies devices to its employees, the company should regularly secure certifications by its employees that has not used its personal device for work-related purposes, with emergency exceptions, of course. Similarly, companies have to develop testing protocols for its BYOD policy and secure employee consent to examine the personal device limited solely to business data.” - Michael Volkov Resources Michael Volkov on LinkedIn | Twitter The Volkov Law Group
More Episodes
What happens when a major defense contractor faces scrutiny for ethics and compliance violations? In this episode of Corruption, Crime, and Compliance, Michael Volkov dives into the high-stakes world of corporate accountability, exploring Raytheon's recent $428 million settlement with the U.S....
Published 11/18/24
Published 11/18/24
The SEC notched another FCPA settlement, continuing its steady pursuit and resolution of FCPA cases. In the meantime, the Justice Department has been silent in the FCPA enforcement arena. In this episode of Corruption, Crime, and Compliance, Michael Volkov dives into the SEC’s recent FCPA...
Published 11/11/24