See what Smarsh can do for you today.
Prior to fully embracing SMS/text messaging, organizations need to assess how and why their employees want to use text communications, develop and communicate use policies, and ensure all information sent via text can be retained and archived. Remember, any communication sent or received by government organizations—including public safety departments and their employees—is subject to open records requests.
In this report, we examine how public safety agencies can create policies that allow for compliant use of SMS/text messaging, and how to retain and archive those communications for a more efficient response to open records requests.
Read our guide to learn:
- How other public safety departments are using text messaging
- What you need to consider for public record requests
- What to consider when building your communications policy
In Our Guide You’ll Learn:
See what Smarsh can do for you today.
Smarsh conducted it’s annual survey of compliance firms and found an industry facing a barrage of new communications and compliance concerns.With more comprehensive regulatory exams and a growing chorus of clients and employees clamoring to use new communications channels like text messaging for business, compliance teams have seen a transformative and tumultuous year.
Public Sector Guide to Text Message Policy and Retention: 2017 Edition
State and local governments must ensure that they have the ability to produce public records, regardless of when, where, or who created the communication. This obligation may create additional search requirements for the organization, and add more time and dollars spent responding to public records requests.
Smarsh has provided this example of a Public Records Retention Policy for state and local Government organizations. This example can be used as a template of a policy that specifically addresses the use of text messaging and electronic communications created by public employees and officials.
At a jungle-themed event with more than 1,000 Oregon business leaders last night, the Portland Business Journal revealed its top 100 fastest-growing private companies of 2017.
We are thrilled to say that, once again, Smarsh is on the list!
The PBJ ranks companies by revenue growth and employment figures between 2014 and 2016.
According to the Portland Business Journal, businesses on the list combined for $3.2 billion in overall revenue in 2016. That is a 33 percent jump from the combined 2015 revenue of companies on the list last year, and is also double the amount of 2015’s Private 100 companies. In addition, businesses on this year’s list employed 15,670 workers last year, about double the figure in 2014.
With increased regulatory, legal and compliance requirements, companies continue to change the way they do business and manage their electronic communications governance and risk. The demand for Smarsh solutions continues to grow across a diverse number of industries, and we continue to focus on innovation and customer service.
We’d like to thank our clients for their continued support, and congratulate the companies on the list!
In this three-part e-book, Don DeLoach walks public sector organizations through the key elements needed to respond quickly and accurately to open records requests: identifying what information needs to be retained and archived, best practices and procedures for retaining communications, finding and implementing an automated solution, and the important roles stakeholders play in the records response process.
From a CIOs perspective this eBook covers:
- The challenges of archiving communications
- Choosing the right archiving solution for your organization
- Internal policies and rules
Results from the 2017 Electronic Communications Compliance Survey show that the current compliance landscape has continued to become increasingly broad, complex, and heavily scrutinized. In addition to trying to keep up with an ever-expanding number of non-email communication options, firms are dealing with an unprecedented increase in regulatory actions, with 2016 shattering the record for the amount of fines levied on the financial services industry. With more employees than ever clamoring for the collaboration and knowledge sharing communication tools that have become essential to growing a successful business, it’s increasingly important for compliance teams to understand how other firms are managing the challenges posed by supervising new channels and platforms. In this report, you’ll find out: Want to compare against last year’s survey report? You can find it here.
Results from the 2017 Electronic Communications Compliance Survey show that the current compliance landscape has continued to become increasingly broad, complex, and heavily scrutinized. In addition to trying to keep up with an ever-expanding number of non-email communication options, firms are dealing with an unprecedented increase in regulatory actions, with 2016 shattering the record for the amount of fines levied on the financial services industry.
With more employees than ever clamoring for the collaboration and knowledge sharing communication tools that have become essential to growing a successful business, it’s increasingly important for compliance teams to understand how other firms are managing the challenges posed by supervising new channels and platforms.
In this report, you’ll find out:
Want to compare against last year’s survey report? You can find it here.
On-Demand Webinar: Key Findings from the 2017 Electronic Communications Compliance Survey
It’s time to take stock of the compliance landscape, and to understand how other firms are managing the challenges posed by supervising new channels and platforms.
With the unanimous Supreme Court ruling, California joins other states, including Washington and Florida, and the Federal government in issuing a clear statement that all records regarding government business, even private email or text message accounts, are subject to open records laws.
The ruling may have monetary implications for the City of San Jose; the City may be required to pay the plaintiff’s costs and attorneys’ fees. Also, some states have statutes that include personal fines or criminal penalties for egregious violations of public records laws.
In the City of San Jose v. Superior Court of Santa Clara County, the City of San Jose argued that the City should not be required to disclose communications on the personal phones lines or email accounts of government employees or officials. The City also argued that privacy law protected their employees’ personal text messages and email messages from public disclosure.
Consistent with other states rulings, the California Supreme Court ruled that emails and text message communications are not excluded from disclosure under the California Public Records Act when they are on a personal account or device. Rather, the court ruled that it is the content, not the location of a communication, that determines whether an email or text message is a public record. Like San Jose, many other state and local agencies also assume that privacy law protects communications on employee personal phones or accounts. However, the California Supreme Court specifically held that individual privacy rights are not subservient to public records disclosure.
The rule is clear: all agency communications are subject to open records requests (with limited statutory exceptions) regardless of the channel of communication. The ruling is also consistent with California’s very strong public policy favoring the public’s fundamental right of access to information regarding public matters, as set forth in the CPRA.
3 Tips for Compliant Records Requests Programs after The City of San Jose
Without prescribing a specific policy or procedural framework, the Supreme Court in The City of San Jose discussed how agencies may implement policies to ensure all public records can be produced. So, what policies and procedures should an agency use?
- Make Sure Your Record Request Policy is Clear.
Many states, along with California, have held that a record is a public record if it is about public business, no matter where it’s located. Agencies need to review and update the definition of ‘public record’ in their policies and procedure documents. The definition should be stated clearly so government employees and officials understand the agency’s disclosure obligations.
In addition, policy and procedure documents need to make it clear that when there is a request for records which may be located within an employee’s or government official’s private account, the individual must perform a good faith search of their accounts or devices for all public records and sign an affidavit attesting to such search. Here’s sample text for California:
Records Subject to Disclosure. Every record made or received by the Department is presumed to be a public record that members of the public may inspect or obtain a copy upon request. Records made by Department officials or personnel about Department business, whether within the possession of the Department or not, are presumed to be public records.
Only records that are exempt from public disclosure under federal, state and/or local law may be withheld. Examples of records the Department is prohibited from disclosing or may decline to disclose include: [Department to list statutory exemptions].
- Train, Communicate, Repeat.
The League of California Cities provides a resource on the CPRA that public entities may use to train employees and officials. To ensure employees and officials understand the CPRA, it is essential that public entities provide initial, in person training for each employee or official and continue to provide training on an annual basis thereafter. Further, cities, states, and agencies must ensure training includes information about which channels of communication are approved for agency business and which are prohibited. Employees and officials must understand that if they choose to use unapproved channels, such as personal text messages or email accounts, then those accounts may become searchable. In the extreme scenario, personal information may be subject to judicial review to determine whether a record is a public or personal record.
A good training program must be supported by an ongoing communication plan. Agencies must build awareness through repeated intra-agency communications. Agencies may send email updates, newsletter articles, create awareness campaigns, or find other venues to make announcements. Repeated reminders will help build a culture of compliance.
Using the records request process is another way to generate awareness and educate employees and officials. With each record request received by the public entity there is an opportunity to educate employees and officials on the CPRA and an individual’s obligations with respect to the CPRA. Agencies should consider including educational statements with records requests notices. Such statements might say:
The purpose of the California Public Records Act is to ensure transparency in government activities. Records under the California Public Records Act include any record about the business of the [Department]. As a public entity, we are required to produce all records which are responsive to the request and which are not excluded under [applicable statute].
This includes records that may be sent through personal accounts or devices. Government personnel are required to perform a good faith search of their personal accounts or devices for communication related to public business.
- Require a Good Faith Search + Employee Affidavit.
The California Supreme Court made it clear that the onus is on the city, state, or agency to ensure production of all responsive records. California is not alone. Many other courts have concluded the same. Cities, states, and agencies need to either ensure their employees are not using unapproved communication channels for public business or they need to update their policies to require a good faith search by employees where appropriate. An employee’s good-faith search for public records on his or her personal device can satisfy an agency’s disclosure obligations under the statute in some states (See Nissen v. Pierce County).
After an employee performs a good faith search, the agency should require the employee to submit an affidavit stating they performed a good faith search of all communication channels and provided all records related to public business. It’s important to note the employee should not determine which records are or are not responsive to the public records request. The employee should produce all records that involve the public entity’s business.
Smarsh Can Help
Public records requests can require a great deal of effort on the part of a public agency, especially if the agency doesn’t have technology in place to help dramatically streamline the process. Agencies are usually required to locate, search, redact, and produce responsive records with limited personnel and budget devoted to handling requests.
The Archiving Platform from Smarsh gives government agencies a centralized platform to manage record requests across the entire range of digital communications, including email, social media, websites, instant messaging and mobile messaging. Agencies can easily search across all communication channels for responsive content and export the content at the click of a button – making the process faster and more efficient for the agency and ultimately the tax payer.
For more information on text message risks and policies, visit:
Public Sector Guide to Text Message Policy and Retention: 2017 Edition
5 Actions to Take for an Airtight Mobile Use Strategy in Government
3 Ways Text Messaging Exposes Government Organizations to Massive Risk
In concluding our series, 5 Actions to take for an Airtight Mobile Use Strategy in Government, we bring steps 4 and 5 across the finish line. This excerpt will help you determine if your organization needs a MDM solution, and show you how to capture and report on text message data.
4. Determine if your organization needs to use an MDM solution.
Mobile device management is a security software used by IT departments to monitor, manage, and secure any corporate, or employee-owned mobile devices that access critical business data, deployed across multiple mobile carrier providers, plans, and operating systems.
Some solutions including MobileIron and AirWatch incorporate security, and compliance policies and configurations across an organization from a single platform, and provide the visibility and controls needed to deploy, manage and retire devices when employees replace devices or leave the company.
Depending on the size of your organization, an MDM solution can be incredibly helpful, providing a view into the security of mobile devices on a given network. MDMs can also handle tasks that help ensure the proper archiving of text messaging content (such as disabling iMessage and other non-text messaging apps on iOS devices).
If your organization decides to use an MDM solution, look for one that integrates with your comprehensive archiving solution so text messages can be archived alongside other digital communications, including email, social media, and other data.
5. Capture, monitor and report on text message data.
Your model for providing mobile devices, operating systems, and mobile carriers will determine how your organization should capture and retain text messages. Review the details for the following device ownership models:
- BYOD: For an employee’s personal phone, an over-the-top (OTT) application can be used to provide a virtual phone number and a container-based approach where text messages can be captured and directly sent to your organization’s comprehensive archive. (Make sure iPhones are supported).
- CYOD: To capture text messages without an additional application required on devices, choose an archiving provider that partners with major mobile carriers such as AT&T and Verizon Wireless. Also, the archiving provider should be able to capture any inbound and outbound content on any US carrier with the use of a lightweight OTT application.
- COPE: When your archiving provider is integrated directly with a mobile carrier’s network, this allows for any device to be archived without installing an additional application on mobile devices. iPhones and other popular smartphones can be supported.
To make risk and records management much easier, look for an all-in-one archiving solution that lets you capture, search, review, monitor, and produce text messages in one platform, alongside other critical electronic communications including email, social media, website content, and more. That way, you’ll be able to see when a conversation begins in an email, moves to text messaging, and concludes on social media. You’ll also be able to quickly produce records of these conversations when you have a records request.
Put it All Together
Fusing the five key elements listed above together to form your mobile use strategy will help ensure that your legal, IT, records, risk management, and HR teams coordinate and prepare to mitigate text message risks. Accurate planning provides a greater opportunity for success. When you expand support for text communication channels while preserving governance requirements, your workforce can become truly mobile, without worry.