Is Slack a Compliance Nightmare?
What One Expert Wants You to Know About Tackling the New Wild West
The Compliance & Ethics Blog – A Podcast Recap:
Is Slack a Compliance Nightmare?
What One Expert Wants You to Know About Tackling the New Wild West
“There is a real strong desire for immediacy in communications ... when you send a text message, you can expect a response in 90 seconds ... to an average of 90 minutes with an email.“
Business email use spread like wildfire two and a half decades ago. Drafting and sending an electronic message was considered astonishingly fast-paced. Goodbye memos! Goodbye paper letters! With little friction, we were suddenly able to instantly blast out any number of messages. From a compliance perspective in regulated industries, oversight of email communications required a significant overhaul of the IT infrastructure. Archiving systems for compliance reporting were developed, which required the move from storage of paper communications and documents into an electronic information archive. And once this system was in place, organizations were better able to meet their compliance obligations to the SEC and FINRA. Email proved not too difficult to monitor.
Today, this once-dramatic change seems laughable. New technologies have catapulted the rate, volume, and complexity of electronic communications. Applications such Slack, MS Teams, and many other lesser-known apps have created a major compliance headache.
The Society of Corporate Compliance and Ethics (SCCE) is a trade group for ethics and compliance professionals. Its recent podcast, Robert Cruz on the Compliance Risks of New Workplace Communication and Collaboration Platforms, features Smarsh governance and compliance expert Robert Cruz. In the podcast, Cruz and Adam Turtletaub, the SCCE’s VP of member development, discuss how nonstop streams of texts, IMs, and social posts have hit the communication landscape like a tornado. Cruz gets into how today’s business communications between co-workers, customers, or strategic partners – have been utterly taken over by technology (and culture) that promote a send-and-response ecosystem that seems impossible to monitor.
And it's no surprise that everyone expects immediate responses. Isn't it a lot more satisfying to get a 90-second response via chat to an important question vs. the (oh-so-pokey) 90-minute old-school email response? It's 60 times faster. There is simply no putting that proverbial genie back in the bottle. Programs like Slack and Teams are growing wildly. And to complicate IT and compliance personnel lives more, new and free applications are popping up all the time. They're easy for employees to download, oftentimes outside of IT's purview. From a compliance perspective, it massively increases the risk of regulatory penalties.
Young Workforces Can't (Won't) Slow Down
How did this change happen so fast? The largest workforce cohort today are Millennials. Chat, messaging, and social posting are the ways they have grown up communicating. Naturally, they want to continue their native style of electronic collaboration while at work. This applies to internal employee/employee, external buyer/seller, and employee/partner interactions. It’s the way we live now.
Companies Have Been Slow to Catch Up
Cruz says only a small subset of people truly understand the complexity related to governance of corporate data, and those who do are growing more nervous. Often, there are no published guardrails for how employees (or even IT) should manage the flow of business-related messages between personal devices, messaging apps, or social networks. And without reliable policies and systems to monitor and flag communications, highly sensitive corporate IP is vulnerable.
And yet, despite the abundant evidence of this vulnerability, it's nearly impossible for companies to slow down the pace of business. But if IT departments can't marry compliance with the need for productivity, they will remain at substantial risk. An onslaught of newer apps is always on the horizon.
The Big Three Concerns: HR, Regulatory, and Data Privacy
Cruz points out that unlike casual personal communication, business interchanges must still comply with standards of ethics. In the face of government or legal e-discovery, every exchange must be easily retrievable. Three common triggers of e-discovery are for HR matters, such as investigation of sexual harassment; adherence to regulatory law, such as a financial institution monitoring for fraud; and data privacy cases.
Cruz adds other common concerns such as: What happens when people don't have a secure phone, tablet, or laptop? What happens when people who've used personal devices to transmit confidential data leave their job? And once the current batch of new technologies is secured, what happens when employees start (inevitably) bringing in emerging technologies?
What's Next in the Communications Revolution?
Speaking of emerging technologies, Cruz discussed multiple new modalities that are on the way. Slack will be introducing voice, video, bots, and even new emojis! He mentioned that there is going to be a major increase in interaction with non-messaging content. This will pose a new compliance challenge, since text-monitoring systems will need to be upgraded further. And of course, ever new ways to express ourselves will continue to sprout up outside the stream of messaging.
Cruz also commented on the rash of anti-trust activity in the works. Large tech companies are currently being further scrutinized by regulators. And plenty of communication auditing is on the horizon. Will they be prepared?
Training and Risk-Assessment Are Immediate Ways to Address Compliance Concerns
Cruz believes that the best way to confront the Wild West communication landscape is through intensive employee training. He recalls that some clients have over 60 tools approved for use. There is clearly some vulnerability with so many moving parts. It's critically important to assess: Have employees been adequately trained on acceptable use of these tools?
Cruz stressed that companies must weigh the benefits vs. the risks of introducing new technology, perform analysis and examine tools from a compliance, legal, and IT perspective. How vulnerable is the company to misuse of data or loss of IP? He comes back to the one question anyone concerned with compliance must ask: Is this worth the risk?
You can listen to the entire podcast on the SCCE Compliance & Ethics Blog here.
1. Gartner https://www.business2community.com/infographics/email-marketing-vs-sms-marketing-stats-infographic-02021390
Share this post!
Archiving and Compliance Blog
Our Blog explores the news, trends and best practices in electronic recordkeeping. It’s about managing and getting value from your electronic communications data. It’s about satisfying legal and regulatory obligations. It’s all about turning compliance liability into business insight.
Subscribe to the Smarsh Blog Digest
Subscribe to receive a monthly digest of articles exploring regulatory updates, news, trends and best practices in electronic communications capture and archiving.
Smarsh handles information you submit to Smarsh in accordance with its Privacy Policy. By clicking "submit", you consent to Smarsh processing your information and storing it in accordance with the Privacy Policy and agree to receive communications from Smarsh and its third-party partners regarding products and services that may be of interest to you. You may withdraw your consent at any time by emailing privacy@smarsh.com.
FOLLOW US