Legalweek 2021 Recap: Enabling Remote Staff and Managing Risk

February 09, 2021by Smarsh

Subscribe to the Smarsh Blog Digest

Subscribe to receive a monthly digest of articles exploring regulatory updates, news, trends and best practices in electronic communications capture and archiving.

Smarsh handles information you submit to Smarsh in accordance with its Privacy Policy. By clicking "submit", you consent to Smarsh processing your information and storing it in accordance with the Privacy Policy and agree to receive communications from Smarsh and its third-party partners regarding products and services that may be of interest to you. You may withdraw your consent at any time by emailing privacy@smarsh.com.

Last week was the annual Legalweek event, bringing together thousands of legal professionals or legal-adjacent professionals to discuss the legal landscape and emerging trends. This year’s event was fully virtual — a big change from the previous events in New York City and a major theme for attendants and presenters. The Legaltech focus included topics such as e-discovery, AI, cybersecurity and data privacy. There were rich discussions about online collaboration driving the adoption of new legal technology, reframing the perception of AI, and how increased data volumes require proper information governance.

Smarsh led a panel discussion with experts to talk about the intersection of communication technology, legal discovery, and regulatory compliance.

  • Robert Cruz: VP, Information Governance at Smarsh, moderator of the panel and expert in cloud computing and discovery cost and risk reduction
  • Anthony Diana: Partner at Reed Smith global law firm, advising clients on data and technology
  • Andrew Stokes: Managing Director of Bank of New York Mellon, responsible for the organization’s workplace technology

The panelists discussed the technology that firms are relying on to support a remote workforce and how to manage the technical, compliance and legal risks that accompany new communication tools. Their discussion focused on these best practices:

  1. Enable communication technology
  2. Determine which records must be preserved
  3. Install a communication governance council 
  4. Prepare for the future

Enable communication technology to manage risk

Collaboration and conferencing tools like Microsoft Teams, Zoom and Slack went from “nice to have” to business-critical almost overnight in 2020. Just like any new tool, they’ve brought with them benefits and risks.

In many industries, people have adopted new collaboration tools to become more connected, interactive and responsive to business needs. The ability to connect with colleagues and clients is easier and more instantaneous, lowering the barrier for internal collaboration and customer service. The panelists agreed that communication technology is a true “equalizer” for organizations  bringing together people from multiple geographies and across demographics.

Technology moves quickly, and new platforms and innovations are introduced every day. Adopting new channels to meet employee and customer preferences is not a simple on-and-off switch. It means a lot of different communications sources and data that an organization now needs to be able to control, to ensure they can meet all their legal, technical and regulatory obligations. The use of disparate networks, personal devices and the latest messaging applications (i.e., encrypted and/or ethereal messaging) keeps the risk-to-reward ratio in constant flux. Do you prohibit the use of these tools and hope to avoid risk, or enable them to manage it?

The panelists agreed that the latter was the path forward. Every day employees are requesting to use applications like WhatsApp, Slack and other collaborative tools. Prohibiting the use of these tools doesn’t mean they won’t be used. In fact, as work from home looks like it’s here to stay, people are likely to covertly use them anyway. The result of prohibition policies is that you won’t be able to apply proper controls to protect the organization.

This doesn’t mean you must allow every communication tool that’s been requested by employees (and often driven by customer preference). But with a modern, cloud-based capture, archiving and e-discovery solution, you can support and monitor all the channels employees and clients want to use — and manage legal and regulatory risk. It’s also critical to document and enforce usage policies that outline which communication platforms and devices are allowed and prohibited, as a reinforcement.

"Users are asking us for 10 or 15 tools — some of those tools for just one or two meetings — which has been a challenge while we're trying to simplify the tools our internal customers use."

-- Andrew Stokes - Managing Director, Workplace Technology, Bank of New York Mellon

Determine which records must be preserved to manage risk

As discussed, technology innovation moves fast. It certainly moves faster than legal and regulatory processes. Many financial regulations specifically were drafted before the advances in communication technology that we’ve come to rely on. Discovery and regulatory examinations must now also include a whole host of modern communications data. Not only are there a growing number of communication platforms to use, but each one has its own set of features and functionality that could include:

  • Virtual whiteboards
  • Voice calls
  • Video calls
  • Bots
  • Group chat
  • Direct chat

Regulated firms are already tasked with determining what constitutes a record, how to capture and preserve that data, and how to appropriately supervise registered individuals. When it comes to proactive discovery processes, non-regulated companies should make the same considerations. It may be necessary down the road to dig up a conversation on Teams or someone’s LinkedIn posts that could be material to an investigation. But do digital whiteboards count now that they’ve gone digital? Are companies thinking now about how modern communications may affect eventual discovery or regulatory processes?

Information governance is critical to this discussion. Just like prohibition policies, it may be unclear to some employees what counts as a record. Decisions about what communications data to retain, how to preserve items that qualify as necessary records, and how long they should be retained are all necessary considerations that require technical and legal expertise.

There’s also a delicate balance to strike between the retention of communications data and emerging data privacy laws. Data privacy laws vary, but they apply to regulated and non-regulated organizations handling personally identifiable information in most capacities. For a global organization with hundreds of legal entities, contending with regulators around the world, data privacy is a critical component of managing business risk.

Every company should work with legal, IT and compliance departments to outline the electronic communications and data that qualify as records, and how to apply the necessary controls for their use. As an established regulation, GDPR can be a helpful blueprint for managing data privacy across organizations big and small.

Install a communication governance council to collectively manage risk

Decisions about communications technology, risks and requisite usage policies should be made with executive stakeholders from cross-departmental functions. For example, legal, compliance, IT and information security are all key voices with equally important perspectives. This is true for small firms and for large, global organizations. Each organization’s risk profile is unique, depending on the nature of their business, so there’s no one-size-fits-all answer. A panel of internal experts is the only way to ensure collaboration and risk mitigation.

Initial discussions should include these questions:

  • Who should be involved in making approval decisions for technology?
  • Who should be involved in developing communication policies?
  • What is the best way to serve each of these departments without putting the company at risk?

An information governance council that serves the purpose of managing communications risk has the added benefit of helping interactions with regulators if they can see you’ve made a good-faith effort to manage your compliance infrastructure. They expect that you’ve done due diligence when launching new communications technology. A documented process with signoff from legal, compliance, IT and executive staff will support your effort.

Prepare for the future to get ahead of risk

The panelists’ ultimate message was to get comfortable with the virtual business landscape because it’s here to stay. Even when organizations begin to move operations back to brick-and-mortar offices, the panelists predict those offices will be looked at more as “collaboration centers,” where virtual meetings continue to take place.

We’ve gotten used to the many features of collaboration and conferencing tools — gathering with multiple people, sharing links or documents we would have once emailed, even moving from desktop to mobile device — all during a meeting. Communication methods and platforms will continue to evolve, in ways we can’t yet imagine. Adopting modern technology to support that evolution will help you stay ahead of risk.

v-play-btnSmarsh OnDemand - Managing the Discovery Risk of the Remote Workforce

Share this post!

Smarsh
Smarsh Blog

Our internal subject matter experts and our network of external industry experts are featured with insights into the technology and industry trends that affect your electronic communications compliance initiatives. Sign up to benefit from their deep understanding, tips and best practices regarding how your company can manage compliance risk while unlocking the business value of your communications data.

Ready to enable compliant productivity?

Join the 6,500+ customers using Smarsh to drive their business forward.

Get a Quote

Tell us about yourself, and we’ll be in touch right away.

Smarsh handles information you submit to Smarsh in accordance with its Privacy Policy. By clicking "submit", you consent to Smarsh processing your information and storing it in accordance with the Privacy Policy and agree to receive communications from Smarsh and its third-party partners regarding products and services that may be of interest to you. You may withdraw your consent at any time by emailing privacy@smarsh.com.

Contact Us

Tell us about yourself, and we’ll be in touch right away.

Smarsh handles information you submit to Smarsh in accordance with its Privacy Policy. By clicking "submit", you consent to Smarsh processing your information and storing it in accordance with the Privacy Policy and agree to receive communications from Smarsh and its third-party partners regarding products and services that may be of interest to you. You may withdraw your consent at any time by emailing privacy@smarsh.com.