See what Smarsh can do for you today.
Prior to fully embracing SMS/text messaging, organizations need to assess how and why their employees want to use text communications, develop and communicate use policies, and ensure all information sent via text can be retained and archived. Remember, any communication sent or received by government organizations—including public safety departments and their employees—is subject to open records requests.
In this report, we examine how public safety agencies can create policies that allow for compliant use of SMS/text messaging, and how to retain and archive those communications for a more efficient response to open records requests.
Read our guide to learn:
- How other public safety departments are using text messaging
- What you need to consider for public record requests
- What to consider when building your communications policy
In Our Guide You’ll Learn:
See what Smarsh can do for you today.
Smarsh conducted it’s annual survey of compliance firms and found an industry facing a barrage of new communications and compliance concerns.With more comprehensive regulatory exams and a growing chorus of clients and employees clamoring to use new communications channels like text messaging for business, compliance teams have seen a transformative and tumultuous year.
State and local governments must ensure that they have the ability to produce public records, regardless of when, where, or who created the communication. This obligation may create additional search requirements for the organization, and add more time and dollars spent responding to public records requests.
Smarsh has provided this example of a Public Records Retention Policy for state and local Government organizations. This example can be used as a template of a policy that specifically addresses the use of text messaging and electronic communications created by public employees and officials.
In this three-part e-book, Don DeLoach walks public sector organizations through the key elements needed to respond quickly and accurately to open records requests: identifying what information needs to be retained and archived, best practices and procedures for retaining communications, finding and implementing an automated solution, and the important roles stakeholders play in the records response process.
From a CIOs perspective this eBook covers:
- The challenges of archiving communications
- Choosing the right archiving solution for your organization
- Internal policies and rules
Results from the 2017 Electronic Communications Compliance Survey show that the current compliance landscape has continued to become increasingly broad, complex, and heavily scrutinized. In addition to trying to keep up with an ever-expanding number of non-email communication options, firms are dealing with an unprecedented increase in regulatory actions, with 2016 shattering the record for the amount of fines levied on the financial services industry. With more employees than ever clamoring for the collaboration and knowledge sharing communication tools that have become essential to growing a successful business, it’s increasingly important for compliance teams to understand how other firms are managing the challenges posed by supervising new channels and platforms. In this report, you’ll find out: Want to compare against last year’s survey report? You can find it here.
Results from the 2017 Electronic Communications Compliance Survey show that the current compliance landscape has continued to become increasingly broad, complex, and heavily scrutinized. In addition to trying to keep up with an ever-expanding number of non-email communication options, firms are dealing with an unprecedented increase in regulatory actions, with 2016 shattering the record for the amount of fines levied on the financial services industry.
With more employees than ever clamoring for the collaboration and knowledge sharing communication tools that have become essential to growing a successful business, it’s increasingly important for compliance teams to understand how other firms are managing the challenges posed by supervising new channels and platforms.
In this report, you’ll find out:
Want to compare against last year’s survey report? You can find it here.
On-Demand Webinar: Key Findings from the 2017 Electronic Communications Compliance Survey
It’s time to take stock of the compliance landscape, and to understand how other firms are managing the challenges posed by supervising new channels and platforms.
Companies keep business records for regulatory and legal reasons, with IT departments and records managers typically holding the keys to the records kingdom, sometimes assisted by outside vendors. In financial services, records are frequently examined for compliance purposes, and comprehensive record keeping is a specialty of its own. In addition, protecting proprietary and business IP is vital, as is safeguarding confidential customer information.
But when employees use their mobile devices for personal and business communications, danger lurks. Text messages are the fast-growing source of business record risk.
Nearly all employees text, and many mix business and personal messages. A business record may be created every time an employee taps out a text, and the records can quickly multiply when the text is answered, shared, forwarded, revised, or deleted.
What happens to all these texts?
It’s hard to say because text message record keeping policies and procedures are in their infancy.
However, companies that don’t incorporate text messages into their business record archiving systems are squarely in harm’s way.
Text message archiving sounds daunting, and with good reason. Most messaging systems lack functions for message capture, search and retrieval, identification and preservation. And there are many different devices, service providers, and text messaging systems (some promising disappearing messages, anonymity or encryption), with unique features and operations. Adding to the challenge, record keeping rules aren’t uniform — their applicability depends on the type of record, type of business, regulatory agency involved and other factors. User privacy is also a thorny records management issue.
How do you know if texts are business records?
Rule of thumb: If a text message includes information about business activities or functions, it’s usually an official business record. A 2015 court case involving government employees’ text messages provides a good example of this rule. The Washington Supreme Court said business-related texts on private cell phones were public records under the Washington Public Records Act: “Records can qualify as public records if they contain any information that refers to or impacts the actions, processes, and functions of government.”
If a company can’t produce its business records, it can’t defend legal claims against the organization, or prove lawful conduct in a supervisory exam. Inability to produce text message records can undermine corporate claims and defenses. In some courtrooms, judges reject claims of “lost” mobile device records, and allow negative inferences to be drawn about what incriminating evidence may have been in the missing electronic communications.
There are other risks, too. Experts say most mobile-based security breaches are caused by employees. Compounding this, employees using their own mobile devices don’t feel particularly responsible for loss of company data on those devices. Some employees disable company-required security on their phones. A 2016 Verizon Data Breach Investigations Report also notes few organizations prioritize securing mobile devices.
Companies can no longer pretend they don’t know their employees use text messaging for business communications. However, they can reduce the risks by adopting text message policies and enforcement guidelines. Here are some first steps that companies can take to begin the process:
- Train employees on business record keeping responsibilities, so they understand what business records are and why they must be kept.
- Establish business texting policies and guidelines. May business be done by texting to or from an employee’s personal accounts? What restrictions apply? Examples: No deleting business text messages from devices without permission; no encryption apps or burner phones may be used to hide business messages;
- Establish and communicate consequences for employee text message violations.
- Implement the policies, audit for compliance, apply sanctions when necessary.