In Connect on Tech, Lisa Douglas and I wrote on the role of information governance in addressing the challenges of capturing business records in workplace texts and instant messaging. Recent developments illustrate the double-edged sword of regulators accepting a common business practice that can also expose companies to potential liability if the technology employed is not properly governed and controlled.

Key points:

  • Retention periods should be applied to communications based on their content, not their form.
  • Data protection authorities enforce the line between an employee’s private communications and the legitimate business records that may be implicated in these messages.
  • Even where a company has policies and procedures prohibiting the use of external systems or personal devices, lack of employee compliance with these policies may result in regulatory consequences.