There is no simple solution to accounting for increased scrutiny from U.S. regulators regarding recordkeeping of business-related employee communications.

If you just ban employees from accessing platforms like WhatsApp, Snapchat, or WeChat, you’re “missing the point,” said Amy Schuh, partner at law firm Morgan Lewis, during a panel discussion at Compliance Week’s National Conference in Washington, D.C. Updating policies and procedures alone also won’t cut it, she said, as agencies like the Department of Justice (DOJ) will be focused on how you are communicating expectations to employees, what you are doing to monitor them, and what’s your protocol for addressing instances of noncompliance.

Amid this risk landscape, the concept of bring your own device (BYOD) has received renewed attention. Many modern businesses default to this standard, a reflection of the expenses necessary and complications that come with providing company-owned and -controlled devices for each employee. There are also societal norms to consider, as most people default to using their personal smartphones on instinct and don’t desire to be responsible for more than one device.

As unrealistic as it might seem to transition away from BYOD in 2024, Scott Taylor, vice president and chief privacy officer at Johnson & Johnson, said his more than 30 years of experience has shown him the value of the alternative regarding device access and navigating employees’ privacy rights.