Still More Electronic Device Security Concerns
November 21, 2019
By Michael Burns, courtesy of SBAM Approved Partner ASE
ASE regularly reports on electronic communications policy concerns and developments so our members can maintain their best policy and practices as well as make adjustments to their policies when necessary.
In a recent survey conducted by communications archiving provider Smarsh, it reports that 77% of the IT professionals surveyed said texting by workers presented the greatest compliance risk. How is this risk increased? Robert Cruz, Smarsh Information Services Senior Director cites employees and employers “leveraging review platforms that were not designed for text messages.” What does this mean? As an example of some texting problems, he states “Now you have communications sprinkled with more emojis and nontext characters” which can be significant in the conveyance of sentiment.
A more pertinent example would be health care providers communicating personal health information (PHI). On the one hand texting has been shown to improve the effectiveness of health programs addressing substance abuse or diabetes care. However, without a secure messaging application to put information through, the risk for unintentional but illegal information disclosure runs high.
The survey reported 54% of respondents prohibit text messaging for business communications, but 40% of respondents allow text messaging without an archiving or supervision protocol. Currently there are not many solutions that allow for segregation of business and personal text messages.
Companies are “struggling to archive popular social media platforms” such as Instagram, Facebook, LinkedIn, and Twitter. And more collaboration platforms are coming on-line all the time – platforms such as Microsoft Teams, Slack, and Cisco Webex. This reduces the amount of emails and in-person meetings. IT and management often have not put in place what users should do and what they are not to do on these platforms.
This survey also found that 37% of companies responding don’t have a policy addressing encryption messaging applications. Information technology departments may be waiting for regulatory guidance before allowing certain communication platforms that adopt encryption technology. The reporting survey found more than half (56%) of surveyed firms prohibit encrypted and ephemeral applications currently.
Where employers are most exposed to employee texting information is when it is requested as part of legal discovery. Employers may try to argue that they are not responsible for holding onto information deriving from an employee’s personal communications device. However, if that employee is using the device pursuant to an employer’s Bring Your Own Device (BYOD), program the employer cannot defend that position.
Electronic communications and BYOD policies would require more review and oversight than most other policies today as employees and employers take advantage of more and more communications media with liability exposure that is not well understood by the employers.