5 Steps to Effective and Compliant Use of Mobile Devices
Mobile devices have become a common and crucial tool in the workplace. An employee’s ability to engage with clients and customers from anywhere and at any time has allowed organizations to reach new heights in productivity, collaboration and responsiveness.
But this also comes with great compliance risks for industries where all forms of communication need to be captured and retained for auditing or litigation purposes.
Robert Cruz (Smarsh V.P. of Information Governance Solutions), Brian Panicko (Smarsh V.P. of Enterprise Sales and Channel Partners) and Brandon Leatha (Leatha Consulting CEO) explain in a recent webinar how organizations can maintain productivity while minimizing the risks associated with mobile device use.
Mobile business continues to trend upwards
According to Open Market’s recent survey:
• 80% of millennials prefer to text a company’s 1-800 customer service line vs. waiting on hold
• 60% of millennials prefer two-way text engagement with companies for speed and convenience
• 75% of millennials would choose a text-only phone over a voice-only phone
But texting isn’t the only way people are interacting on their phones. Collaboration applications like Slack and social media platforms are used by employees across mobile devices, too. And depending on the content of the messages, if it pertains to the business, they may need to be captured and retained.
“The results depicted in this report reflect the division’s focus on rooting out misconduct that can do significant harm to investors and our markets, and the focus the division places on identifying wrongdoing and taking prompt action to effectively help harmed investors,” said SEC Chairman Jay Clayton.
By archiving or supervising texts, social media or collaboration application messages, firms can enable employee-client engagement on the platforms they prefer.
“The reality is that business-client relationships are often stronger and more successful with immediate communication engagements,” says Leatha. “But these should be treated like any other correspondence, and they need to be captured and easily retrievable should they ever be needed.”
Here's how organizations can balance the use of mobile devices without opening their business up to potential recordkeeping fines:
1. Good governance begins at technology procurement
The use of mobile devices and associated applications goes beyond the purview of a business’ technology department. It’s important to create a governance council within the business that includes the IT, legal and compliance departments, to:
• Evaluate the risks and value of mobile devices or mobile applications
• Anticipate new features and modalities
• Establish onboarding, offboarding and maintenance processes
“Having a multi-team evaluation of new technology or applications is key,” says Leatha. “Develop a proof of concept to not only test the technology, but to also understand the effectiveness of new governance.”
“Evaluating technology isn’t just about looking at the technology itself,” adds Panicko. “You have to understand the ‘ask’ for the technology. It could be as simple—and important—as using the same chat application that’s most used by prospective clients in specific regions. Knowing the ‘ask’ can help you find alternatives that align more with your governance.”
2. Actively develop mobile device governance
Existing mobile device or communication policies need to be reviewed by all stakeholders, including the governance council, as well as the employee or end user. Having this discussion with all those involved can reveal if policies that protect the organization are also empowering the user or employee.
Establish a mobility task force whose role is to:
• Assess existing mobile environment
• Refresh policies per user group
• Update policies as new apps and functionalities are deployed
• Examine latest trends and benchmarks
3. Stay on top of preservation requirements
Electronic communication is becoming increasingly nuanced with emojis, images and GIFs. That’s why it’s vital to have an archiving solution that not only captures these messages, but also be able to retrieve and display them in their native formats to get the complete context.
"Our strategy is to work with native versions of each of these communications so that we understand what the context is and what's in a persistent chat," says Cruz.
4. Proactively define supervision protocols
Communication supervision isn’t just an ongoing requirement for regulated industries. It’s also knowing how business data and information is being shared on mobile devices.
Firms shouldn’t wait until an investigation is taking place to learn that employee messages are violating rules. Proactive supervision of messages sent on mobile devices can help refine protocols and reduce compliance risks.
5. Train and retrain employees
Training employees isn’t a one-and-done session. It’s an ongoing process as firms review existing protocols, identify industry standards or adapt to new laws.
“New laws can change how you use your devices,” says Leatha. “For example, Texas recently passed a law stating if an official sends or receives any business-related message—regardless if they use their personal device or a government-issued device—that message needs to be captured and archived.”
Assess your firm’s mobile communications preferences and policies
Businesses that enable employees with modern tools will have a competitive edge when it comes to hiring as well as in customer interactions. However, it can be a delicate balance between appeasing customers and staying compliant with strict regulations.
“Firms need to understand how clients or customers want to engage with them,” says Cruz. “Then they need to decide if those methods are acceptable or not within the firm’s mobile strategy.”
This article is based on the recent webinar: The Time Is Now: Understanding the Mobile Landscape. You can watch the full webinar here.
Share this post!
Archiving and Compliance Blog
Our Blog explores the news, trends and best practices in electronic recordkeeping. It’s about managing and getting value from your electronic communications data. It’s about satisfying legal and regulatory obligations. It’s all about turning compliance liability into business insight.