ASE regularly reports on electronic communications policy concerns and developments so our members can maintain their best policy and practices as well as make adjustments to their policies when necessary.
In a recent survey conducted by communications archiving provider Smarsh, it reports that 77% of the IT professionals surveyed said texting by workers presented the greatest compliance risk. How is this risk increased? Robert Cruz, Smarsh Information Services Senior Director cites employees and employers “leveraging review platforms that were not designed for text messages.” What does this mean? As an example of some texting problems, he states “Now you have communications sprinkled with more emojis and nontext characters” which can be significant in the conveyance of sentiment.
A more pertinent example would be health care providers communicating personal health information (PHI). On the one hand texting has been shown to improve the effectiveness of health programs addressing substance abuse or diabetes care. However, without a secure messaging application to put information through, the risk for unintentional but illegal information disclosure runs high.
The survey reported 54% of respondents prohibit text messaging for business communications, but 40% of respondents allow text messaging without an archiving or supervision protocol. Currently there are not many solutions that allow for segregation of business and personal text messages.
Companies are “struggling to archive popular social media platforms” such as Instagram, Facebook, LinkedIn, and Twitter. And more collaboration platforms are coming on-line all the time – platforms such as Microsoft Teams, Slack, and Cisco Webex. This reduces the amount of emails and in-person meetings. IT and management often have not put in place what users should do and what they are not to do on these platforms.
This survey also found that 37% of companies responding don’t have a policy addressing encryption messaging applications. Information technology departments may be waiting for regulatory guidance before allowing certain communication platforms that adopt encryption technology. The reporting survey found more than half (56%) of surveyed firms prohibit encrypted and ephemeral applications currently.
Where employers are most exposed to employee texting information is when it is requested as part of legal discovery. Employers may try to argue that they are not responsible for holding onto information deriving from an employee’s personal communications device. However, if that employee is using the device pursuant to an employer’s Bring Your Own Device (BYOD), program the employer cannot defend that position.
Electronic communications and BYOD policies would require more review and oversight than most other policies today as employees and employers take advantage of more and more communications media with liability exposure that is not well understood by the employers.
Additional ASE Resources
ASE Handbook Development- If you would like your current electronic communications and/or bring your own device policy reviewed, revised, or a new policy created ASE can help. Contact Mike Burns.
Sources: Employees’ Text Messaging Is Keeping Corporations Up at Night By Victoria Hudgins (11/15/2019) Original article published in Legaltech News. American Institute of Healthcare Compliance Texting as a Healthcare Provider: Risks, Uses, and HIPAA Compliance (8/31/2018); Are Your Employees Texting? The Risks To Employers In Taking Workplace Communications Offline By Seyfarth Shaw LLP on April 11, 2017 POSTED IN SOCIAL MEDIA, WORKPLACE POLICIES AND PROCESSES By Karla Grossenbacher