When it comes to ensuring that data is preserved and available for litigation, investigations, or government inquiries, it all starts with establishing and codifying clear data governance policies and procedures.

When updating policies for corporate data governance, consider the following focus areas:

• Bring Your Own Device (BYOD) or Company Issued Device (CID) policies
• Corporate communication applications – Slack, MS Teams, Bloomberg, Confluence, Jira, etc.
• Ephemeral messaging apps
• Privacy considerations around BYOD and CID
• Compliance guidelines
• Business value of each communication channel

Let’s take a high-level look at each area to show the need for further examination.

Bring Your Own Device (BYOD) and Company Issued Device (CID) Policies

One of the largest issues in corporate data governance is the use of new communication applications without proper authorization. Employees often use their devices for communicating internally and externally, which can lead to unintentional confidential data leaks.

Additionally, gaining access to potentially responsive data on these devices during investigations or litigation can be challenging. When creating either a BYOD or CID policy, consider your company’s potential for litigation, internal investigations, or compliance issues.

For highly regulated organizations, BYOD policies may pose compliance risks, as all communications need to be in company-sanctioned applications. Training for all employees, especially executives who heavily use messaging apps, is essential to avoid non-compliance issues. Small to mid-sized businesses might have more relaxed BYOD policies, but education on business versus personal communications is still necessary.

One solution is Mobile Device Management (MDM) platforms, which can help partition corporate versus personal communications and processes. MDMs allow organizations to better access mobile devices and enable IT to monitor, manage, and secure devices, whether they are employee or corporate-owned.

Corporate Communication Apps

Since the beginning of the pandemic, the global workforce has shifted from in-office communications to chat applications like Slack, MS Teams, and Bloomberg. Manfred Gabriel, Partner at Holland & Knight LLP, explained: “The matters we handle for our clients now frequently include data types beyond email and business documents. We are seeing a rise in corporate chat and collaboration tools, such as Microsoft Teams or Slack. Messaging apps like WhatsApp and iMessage are also increasingly collected for the custodians, because business conversations continue to migrate away from email.”

This shift creates downstream issues when this data is subject to litigation or internal investigations. Depending on the organization and the communication app, a technology upgrade may be needed to allow for easier data export for eDiscovery. For instance, Slack only allows data exporting if the customer has the Business+ license or better. Microsoft Teams users face similar challenges, as a Premium version of Teams is needed for less restrictive data exporting.

These considerations should be determined by the staff responsible for exporting, reviewing, and producing this data. Many decisions to use these platforms were reactive and implemented quickly due to the pandemic. If you haven’t already, now is a good time to audit what is currently being utilized and develop a consolidation and information governance (IG) plan around it.

Ephemeral Messaging Applications

Ephemeral messaging applications, where content disappears after a certain time, typically do not serve business purposes and should be banned from approved communication applications unless cleared by the legal department. Understanding the downstream impacts of these applications is crucial when putting together your IG plan.

Privacy, Compliance, and Business Value

These elements should align with your current IG policies but also consider their impact on platforms like Slack, MS Teams, Bloomberg, Jira, Confluence, Zoom, GoTo Meeting, etc. Ask yourself: “What are the impacts of using these applications, and are there business or compliance reasons for keeping this data?” Privacy guidelines should be tailored to device usage, especially with BYOD.

By addressing these areas, you can modernize your information governance policies and ensure efficient text and chat data discovery, making the process smoother and more compliant.

In our next blog of this series, you will learn how to ease the data collection challenge, especially with regard to modern data. You can also download our complimentary guide to learn how to benefit from eDiscovery technology to accelerate finding key evidence in texts and chat data.