Government’s Gap in Archiving Text Messages

February 10, 2020by Smarsh

Subscribe to the Smarsh Blog Digest

Subscribe to receive a monthly digest of articles exploring regulatory updates, news, trends and best practices in electronic communications capture and archiving.

Smarsh handles information you submit to Smarsh in accordance with its Privacy Policy. By clicking "submit", you consent to Smarsh processing your information and storing it in accordance with the Privacy Policy and agree to receive communications from Smarsh and its third-party partners regarding products and services that may be of interest to you. You may withdraw your consent at any time by emailing privacy@smarsh.com.

How to reduce organizational risk, increase response time and ensure completeness of record for public records requests.

Text messaging has become the standard way to communicate with personal and business contacts. For government employees, though, sending texts on the job requires extra sensitivity to what’s being shared.

As a result of state-mandated Sunshine laws and the Freedom of Information Act (FOIA), all government-related electronic communications must be retained for the purpose of fulfilling public records requests, including text messages sent from both government-issued and personal devices. If government agencies are unable to produce this documentation, they become highly vulnerable to the risk of litigation and financial penalties.

According to results from the 2019 Research Brief - The State of Electronic Communications in Government, 30% of organizations report allowing employees to send SMS/text messages for official business communications1. The other 70% of organizations don’t allow texting, or do not have explicit policies around it.

Without usage policies that outline which channels are allowed and what kinds of communication are acceptable, or mobile policies for Bring Your Own Device (BYOD) scenarios, government agencies are subjecting their organization and their employees to risk. If an organization doesn't allow text messaging, and it receives a public records request that includes all related text conversations, there is a high failure rate for producing a complete response, if at all. It also takes a remarkable amount of time to approach individual employees, collect their devices and scan for messages – even more so if they have been deleted. Undoubtedly, they’ll wish they would have done things differently.

As evidenced in recent news stories, text messaging is often at the center of issues brought to light by requests for records.

In the news: Strzok-Page Text Lawsuits Contain Lessons for Compliance2 - By Elin Cherry

Last year, former FBI special agent Peter Strzok and former FBI lawyer Lisa Page both brought lawsuits against the agency and the Department of Justice, accusing the government of privacy violations. The lawsuits were based on the public release of 375 texts the two had sent to each other. Putting aside the politics of the situation, there are great lessons to the case for everyone whose work communications are monitored, as well as for the companies doing the monitoring:

  1. There should be no expectation of privacy when it comes to work communications, whether they are in the form of emails, text or anything else.
  2. The people who review work communications need to show sensitivity and discretion.
  3. Monitors should be aware that one part of their duties is to watch for situations that could become human resource issues.

To BYOD, or not to BYOD?
BYOD has become the norm for government agencies across the U.S. because of IT cost savings and increases in employee productivity and efficiency. Of those organizations that allow text for business, more than 70% allow use of personal mobile devices3, yet only 29% of respondents are retaining text messages4.

In fact, 48% of respondents lacked confidence5 that they could respond to a records request that included messages sent via SMS/text or an IM and Collaboration platform.

Whether employees are required to use a government-issued phone or not, there's bound to be cross-device communication. Regardless of the device scenario you employ, there needs to be a written policy in place to determine how to capture government business-related text data on every device in use.

Four ways government agencies can ensure timely, complete responses to records requests

1. Capture text message data in real time
Many government agencies leave it up to employees to save and archive their own text messaging data, which leaves room for error. Whether an employee is unaware of the law, has not been trained on technical aspects of how to preserve data, or simply inadvertently erases their messages or loses their device, it’s unreliable and extremely risky to make them accountable for this complex set of text data. Government agencies must have a plan in place for staying in compliance with state and federal records requests.

Setting aside space in the budget for a software solution that automatically captures text data in real time is a worthy investment, eliminating the possibility of employees deleting text messaging data.

2. Make the search easy
Having to search in multiple locations for communications records takes far more time than searching a single archive. But many organizations can’t respond in time, or respond completely, to public records requests when it requires searching in multiple archives and applications. You don't want to rely on your employees or burden your IT department – the simple answer is a third-party solution to store text messages in combination with email, social and IM and collaboration content.

When it comes to SMS/text content, having the ability to capture directly from mobile carriers or directly from the personal device using containerized applications and 3rd party MDM providers are critical. Only then can you capture all metadata and conversations in context with message threading and attachments.

Records teams must be able to run searches independently and get results back instantly. Opt for a solution that offers universal search capabilities that allow you to quickly and simultaneously search across keywords, people, and types of content to return comprehensive results.

3. Leverage automation
Smart policies can help you automate processes beyond searching content for records requests, such as setting up an information retention schedule. For example if there is a need to audit certain types of content and messages around contracts or tax information, there are features available to set specific retention schedules.

You can also kick your discovery and production capabilities up a notch by using automation to scan your organization's text messaging accounts for keywords as the data enters the archive, increasing the efficiency of your legal and records teams.

Consider using a public records portal to increase access and speed up delivery of public records requests. Comprehensive archiving providers, like Smarsh, partner with portal solutions providers like NextRequest to deliver an end-to-end records management system that spans from capturing and archiving communications data, to records requests, payments and routing.

4. Enable comprehensive compliance
It’s not just text messages that count as public records, but also chats, instant messages from Microsoft Teams or Slack – and all these messages span company devices and personal devices. The ability to produce all SMS/text and instant messages in quick response to records requests is mission-critical for government agencies. Ensure that your archiving solution is flexible enough to meet your organization's needs.

Government IM Collaboration

Figure from the Electronic Communications Management in Government Infographic6

Requirements of electronic records management in government have evolved over the last fifteen years. Government agencies are receiving more records requests than ever before with escalating expectations around the depth of data that qualifies and finding over and over again, an inability to satisfy them.

It's become critical for all organizations to assess their current IT policies and procedures, ensuring they are in line with current laws and industry best practices. Government entities must ensure they are capturing all business-related digital communications and can quickly produce them upon request to avoid putting taxpayer resources at risk by facing expensive open records lawsuits.

Comprehensive and modern archiving solutions solve this problem cost effectively, for all content types, and eliminate silos of data. The best way to ensure individuals are properly keeping or deleting government records is to capture all electronic communications and store them in a single location.

Don’t miss these helpful resources:
• the full State of Electronic Communications in Government Research Brief
• the Infographic for the research brief
• the Mobile Communications Compliance Quiz
• video: How to pull a FOIA text message request in <1 minute

 

1. The State of Electronic Communications in Government Research Brief, page 5
2. Strzok-Page Text Lawsuits Contain Lessons for Compliance, Blog
3. The State of Electronic Communications in Government Research, unpublished raw data
4. The State of Electronic Communications in Government Research Brief, page 8
5. The State of Electronic Communications in Government Research Brief, page 5
6. Evolving Electronic Communication Management in Government, Infographic

connected-archive-white

Professional Archive

Retain critical information in a single, secure, search-ready repository where it can be actively monitored and produced on-demand.

Share this post!

Smarsh
Smarsh Blog

Our internal subject matter experts and our network of external industry experts are featured with insights into the technology and industry trends that affect your electronic communications compliance initiatives. Sign up to benefit from their deep understanding, tips and best practices regarding how your company can manage compliance risk while unlocking the business value of your communications data.

Get a Quote

Tell us about yourself, and we’ll be in touch right away.

Smarsh handles information you submit to Smarsh in accordance with its Privacy Policy. By clicking "submit", you consent to Smarsh processing your information and storing it in accordance with the Privacy Policy and agree to receive communications from Smarsh and its third-party partners regarding products and services that may be of interest to you. You may withdraw your consent at any time by emailing privacy@smarsh.com.

Contact Us

Tell us about yourself, and we’ll be in touch right away.