Smarsh Advance Recap: Digital Communications for Government Agencies

by Smarsh

Subscribe to the Smarsh Blog Digest

Subscribe to receive a monthly digest of articles exploring regulatory updates, news, trends and best practices in electronic communications capture and archiving.

Smarsh handles information you submit to Smarsh in accordance with its Privacy Policy. By clicking "submit", you consent to Smarsh processing your information and storing it in accordance with the Privacy Policy and agree to receive communications from Smarsh and its third-party partners regarding products and services that may be of interest to you. You may withdraw your consent at any time by emailing

In this article series, we relive some of the most insightful Smarsh Advance 2022 conversations about the evolving compliance, communication and technological landscapes affecting regulated industries and government agencies.

Messaging around the world has evolved. It's no different for regulated industries and government agencies. Many have:

  • Enabled employees to work from anywhere
  • Orchestrated mass broadcasting of SMS and text messaging

Today, SMS communications are paramount to scalability goals within government. All state and local agencies managing and archiving that data for public records are required to capture and store electronic communications and make those records available upon request. Failing to produce records in a timely manner or misplacing records will result in costly fines, reputational damage and legal consequences.

At Smarsh Advance, we focused on government agencies and digital communications, highlighting messaging implications at the state and local level, as well as the need for transparency.

Leveraging text messaging for government business

Advance 22 sessions thumb office 2

With an abundance of government employees today working from anywhere, mobility is key to communication with other employees, partners, and constituents. Government entities have recognized the needs of their remote workforce, enabling employees to use a growing list of modern technologies. Additionally, they’ve taken measures to capture and retain communications data, such as text and voice messaging, for public record.

In our Advance session, Leveraging Text Messaging for Government Business, we discussed why enabling the workforce to effectively communicate is only one piece of the puzzle. Government agencies need to think beyond user interface.

Laws differ from state to state. From a legal standpoint, agencies must evaluate their communications technology from both the user and administrative perspective. Employees need easy-to-use digital communications, while administrative teams need an efficient way to capture, store and produce those records when needed.

Watch the full session here.

Providing agency-issued devices

While a bring-your-own-device (BYOD) policy might sound good to some, it can invite security and data risks. Agency-issued devices allow for better oversight and control of work-related communications and archiving. Some cities have opted to provide their own devices rather than installing software onto personal devices, archiving communication that takes place on that device and separating the work-related data for public record storage.

"The best advice that I give to employees is that if they do not want something on the front line of the newspaper, don’t put it in a text message. We archive those messages, and they are public record."

-- Brandy Wallace, City Clerk, City of Port Orchard

Along with those devices, employees must be trained and educated in the handling and storage of their communications, specifically in the public record aspect. While there is a great deal of common sense employees must use, there’s also a level of training needed for employees to understand and follow procedures when it comes to how they communicate with coworkers and the public.

“It’s really no different than email,” says Wallace. “How you correspond and send notices through email is the same as mobile text messaging.”

Keeping work-related communications contained

When passing out devices, agencies can limit the range of digital communications with an access point name (APN). An APN secures communications traffic or places that traffic into a mandated container. This means users can only message to a set group while being cut off from communicating with anyone outside of that group. This containerization is an often-used solution for narrowing communications and limiting associated risks.

"People get into snowstorms and need information on the deployment of snowplows. Those types of things are critical, and the community wants to know where people are and how things function. So, bringing that all together into one easy solution is what we focus on."

-- David Bezzant, Vice President for Public Sector, T-Mobile

“I think one of the things that IT administrators and directors are really stressed with at this time is how many of us asked questions about their mouse or power charger,” says Bezzant. “Those are the very elementary things that people are asking. It gets more complex when you have a mobile deployment and need a security environment. And then you're looking at the content, policies and behaviors of the people leveraging those tools.”

When public communications matter

Advance 22 sessions thumb data 3

Having a direct line of communication to the public is beneficial for state and local governments. In our Advance session, When Public Communications Matter, we discuss how it's not only efficient, but it also builds trust between a government and its constituents. However, that direct line also creates new risks that that are concerning to agencies from a technology, records and government perspective.

Watch the full session here.

The problem of data storage

Enabling and regulating digital communications in any industry has its challenges. One of the biggest challenges is data storage. Large, unstructured data — such as audio, video or text — is hard to keep track of, because it's abundant and requires substantial management, metadata and storage space. This can be especially difficult at the local level where funding may not be as readily available.

The best example of this is video. Video files often present more than just a storage space issue because there are more complex issues about privacy concerns, such as:

  • When certain videos can be released
  • If minors are on the video
  • Whether the retention or release of a video could affect an ongoing trial

Sizing up information risks

The proliferation and quick adoption of collaboration tools such as Slack and Microsoft Teams have blurred the lines between personal and professional communication, and what’s necessary to supervise. Further complicating the situation, some public sector agencies have chosen not to separate personal and professional devices, opting instead for a BYOD policy as mentioned above.

Many of the consequences that state and local governments have to face are the same as those we've seen hit big organizations in regulated industries. So, BYOD and employees using unsanctioned channels of communication puts the agency at more risk. And while policy is important, it's not enough. Prohibition only goes so far and it’s up to the agency to monitor use and enforce those policies.

Cybersecurity and records management

When it comes to cybersecurity, some agencies are focused on fortifying attack surfaces. Attack surfaces are essentially the many different ways people with ill intentions can access your system, including staff, laptops, mobile devices, third-party software, and more. But Don Maclean, Chief Cyber Security Technologist, TD Synnex, Public Sector suggests that focusing on attack surfaces might not be the best option.

“It’s a whack-a-mole situation,” says Maclean. “You patch one hole today and someone creates another hole tomorrow as they discover a new way in.”

What Maclean is seeing instead, especially in federal government, is a strong push toward zero-trust security — which recognizes that users can be a security risk and lead to insider threats. However, taking a zero-trust approach focused on attack surfaces can make the IT department feel like a hamster on a wheel. Instead, Maclean suggests a protect surface focus.

“It’s kind of the other side of the coin of the attack surface,” says Maclean. “The protect surface is simply an enumeration of all of the things, mostly data, that you want to protect in your system.” An organization can determine the protect surface by conducting data discovery to find out what it has, what it needs to keep and what it needs to protect.

Share this post!

Smarsh Blog

Our internal subject matter experts and our network of external industry experts are featured with insights into the technology and industry trends that affect your electronic communications compliance initiatives. Sign up to benefit from their deep understanding, tips and best practices regarding how your company can manage compliance risk while unlocking the business value of your communications data.

Ready to enable compliant productivity?

Join the 6,500+ customers using Smarsh to drive their business forward.

Get a Quote

Tell us about yourself, and we’ll be in touch right away.

Smarsh handles information you submit to Smarsh in accordance with its Privacy Policy. By clicking "submit", you consent to Smarsh processing your information and storing it in accordance with the Privacy Policy and agree to receive communications from Smarsh and its third-party partners regarding products and services that may be of interest to you. You may withdraw your consent at any time by emailing

Contact Us

Tell us about yourself, and we’ll be in touch right away.