In Connect on Tech, Lisa Douglas and I wrote on the role of information governance in addressing the challenges of capturing business records in workplace texts and instant messaging. Recent developments illustrate the double-edged sword of regulators accepting a common business practice that can also expose companies to potential liability if the technology employed is not properly governed and controlled.
Key points:
- Retention periods should be applied to communications based on their content, not their form.
- Data protection authorities enforce the line between an employee’s private communications and the legitimate business records that may be implicated in these messages.
- Even where a company has policies and procedures prohibiting the use of external systems or personal devices, lack of employee compliance with these policies may result in regulatory consequences.
As the growing volume of messaging and range of communications platforms encourage automated solutions for records capture, it becomes increasingly important that clear retention protocols are associated with the implementation of IT solutions.
