Survey: Compliance struggles to keep pace with mobile, social tech in workplace

At the moment, most companies seem to be halfway there.

Virtually three-quarters of organizations (74 percent) allow employees to use their personal devices at work, according to the “Electronic Communications Compliance Survey Report” published by digital archiving company Smarsh. The survey canvassed over 300 IT and compliance leaders and practitioners in North America, 81 percent of whom are personally responsible for Electronic Communication Compliance (ECC) at their firms; another 6 percent oversee ECC related activities.

While organizations have come around to cultivating a bring-your-own-device (BYOD) culture, they fall short when it comes to managing the communications generated through new communication channels and platforms.

SMS/text messaging

Forty-four percent of respondents admitted they lack the confidence their organizations are capturing and archiving all business communications on mobile devices. Over three-quarters of respondents (77 percent) said that SMS/text messaging represented their greatest compliance risk.

Firms have reason to be nervous. Over two-thirds of respondents (69 percent) said they have low or no confidence that, if examined, they could supply specifically requested messages from SMS/text messaging channels within a reasonable time frame.

Although the survey suggests SMS/text messaging is a primary source of electronic communications compliance risk, the answer is not to prohibit it outright.

For one thing, there is “undeniable value” in using text/SMS messaging as a means of improving employee productivity and client communications, the report states. For another, prohibiting new channels only increases the risk of “shadow IT”—additional compliance risk born from the covert use of preferred technologies at work.

“While the volume of digital exhaust is overwhelming, managing risk is made even more complicated by how quickly business conversations shift from one channel to the next. … Attempting to prohibit the dynamic nature of these conversations could cause employees to circumvent the process, introducing additional risk in doing so,” the report warns.

Moreover, 82 percent of respondents who prohibit the use of devices for work communication felt little or no confidence they could prove adherence to their policy of prohibition.

In lieu of prohibition, the report suggests firms take a more proactive approach. Compliance teams should “continuously update policy and written supervisory procedures to accommodate a higher volume of complex content from constantly-evolving channels; anticipate the likelihood that employees are using unauthorized technologies or channels; and ensure they can respond to all data production requirements, beyond adhering to books and records obligations.”

Collaboration platforms

Collaboration tools such as Microsoft Teams, Skype for Business, and Slack are booming technologies that bring together instant chat, video conferencing, file sharing, and storage, and other new integrations and capabilities, making the challenge of collecting, preserving, and reviewing a diverse volume of electronic communications all the more difficult for compliance teams.

“Compliance teams should be active participants in the evaluation of features offered in new collaborative tools. Additionally, firms should take extra care in assessing interactive capabilities such as persistent chats that will complicate supervisory review in compliance tools designed for email and static messaging,” the report advises.

While 42 percent of survey respondents said their firms have policies in place governing the use of collaboration tools, 41 percent said they have no written policy. Another 17 percent said they have a written policy in place prohibiting such a tool. However, as previously mentioned, prohibition leaves firms open to the risk that employees adopt the solution anyway, whether they’re aware of the restriction or not.

Social media

Major compliance gaps exist across other contemporary communication platforms, as well. Exactly half of survey respondents said they allow Instagram at work but do not have an archiving/supervision solution in place for it. Nearly 30 percent made the same admission about Facebook.

Moreover, 26 percent of firms have no policies in place for Instagram; 22 percent have none in place for Twitter; 19 percent for Facebook; and 11 percent for LinkedIn. Despite the benefits of leveraging social networks for work purposes, in total 44 percent of survey respondents reported they prohibit their use.

“Don’t assume that these channels are not being used or that employees understand the risks of using them, even in a very limited fashion,” Smarsh’s report states. “Involve the right stakeholders, including team members from marketing, sales, legal, HR, and IT departments; it’s critical to create internal policies and processes that reflect today’s evolving digital communications landscape, and to put solutions in place to capture the data from these channels at scale.”