DOJ Releases Guidance on Corporate Practices Concerning Employees’ Use of Personal Devices, Communications Platforms, and Messaging Applications

Nathaniel Botwinick, Celia Cohen, Brad Gershel, Marjorie Peerce, Michael Robotti
Ballard Spahr LLP
Contact
LinkedIn
Facebook
X
Send
Embed

Ballard Spahr LLP

Summary

The U.S. Department of Justice issued a revised policy for Evaluation of Corporate Compliance Programs (ECCP), with new guidance on how the DOJ will consider corporate procedures for employees’ business-related use of personal devices, messaging applications, and communications platforms. The DOJ’s evaluation of how a company has preserved and produced such communications “may well affect the offer it receives to resolve criminal liability.”

The Upshot

  • While regulated companies have been on high alert over the past two years concerning how to capture and retain business communications on employees’ personal devices and messaging platforms, the DOJ has recently made this a potential issue for unregulated companies as well.
  • As we flagged in our September 2022 alert on Deputy Attorney General Lisa Monaco’s memo on corporate crime, and as we recently discussed in this alert, Assistant Attorney General Kenneth Polite announced that the DOJ will consider the extent to which all companies preserve such communications in determining how to resolve a criminal investigation.
  • On March 3, the DOJ codified AAG Polite’s remarks in the revised ECCP. Prosecutors are now required to evaluate a company’s “policies and procedures governing the use of personal devices, communication platforms, and messaging applications” in the workplace, and companies are expected “to update their policies and practices accordingly[.]”

The Bottom Line

Companies should take steps now in response to the revised ECCP, and consider revamping compliance policies on business-related communications in light of the DOJ’s new guidance, in order to attain more favorable resolutions in the event of a DOJ action.

On March 3, the DOJ continued its recent streak of notable policy changes related to corporate crime and compliance (as noted in our prior alerts on the DOJ’s announcements of new policies on clawbacks and voluntary self-disclosure) with a revised Evaluation of Corporate Compliance Programs policy (ECCP). As part of the revised ECCP, the DOJ has provided additional guidance on how it will consider corporate practices surrounding the use of personal devices, messaging applications (including “ephemeral” messaging) and communications platforms in the workplace. When evaluating a company’s compliance program, prosecutors are now required to evaluate a company’s “policies and procedures governing the use of personal devices, communication platforms, and messaging applications.” Companies are expected “to update their policies and practices accordingly.” Those choosing not to heed this advice could jeopardize a favorable resolution.

‘Top of Mind’

As Assistant Attorney General Kenneth Polite noted in his remarks at the American Bar Association’s (ABA) annual National Institute on White Collar Crime, when content from personal devices or non-company-provided messaging applications has not been produced during an investigation, prosecutors will no longer “accept that at face value” and will instead demand information regarding the company’s preservation and deletion policies and ability to access personal devices. Ultimately, whether a company has preserved and produced communications from messaging applications and personal devices “may well affect the offer it receives to resolve criminal liability” and should therefore “be top of mind” as companies refine existing policies.

The revised ECCP contains detailed questions prosecutors should address when evaluating a company’s policies. For example, prosecutors are now directed to determine whether a company’s policies permit the company to review business communications on personal devices and messaging applications, and whether employees are required to transfer messages from messaging applications to company recordkeeping systems to preserve and retain them. Similarly, prosecutors should evaluate whether there are consequences for employees who refuse to provide access to business-related information stored on personal devices, and whether any employees have been disciplined for not providing such access.

Policy Communication and Enforcement

Prosecutors are required to consider how these policies and procedures have been communicated to employees and whether they are enforced “on a regular and consistent basis.” Companies should also be prepared to articulate their rationale for choosing which messaging platforms and settings are allowed. Such policies should be “tailored to the corporation’s risk profile and specific business needs” and ensure that business-related communications are accessible and preserved “to the greatest extent possible.”

Companies should review the revised ECCP and take steps to critically assess their compliance programs to help prepare for and align with the DOJ’s new expectations for effective compliance programs. For example, it would be prudent to evaluate existing policies regarding the permissible use of mobile devices and third-party messaging applications, including the company’s retention and preservation policies, to ensure alignment with the revised ECCP. Companies should also ensure that their employees are receiving periodic training on their permissible-use policies and should conduct regular monitoring of communications to ensure compliance with those policies. As AAG Polite noted in his ABA remarks, “use of these services is [now] ubiquitous,” and the DOJ expects corporations to both “adapt to the realities of modern life and update their policies and practices accordingly[.]”

Conclusion

The DOJ’s update to the ECCP should be a clarion call for companies to begin updating their policies and procedures related to business-related communications. Companies should take these steps now to ensure more favorable resolutions in the event of a DOJ investigation. Ballard Spahr attorneys in the White Collar/Internal Investigations Group have deep experience in assisting individuals and entities in navigating federal criminal laws and the DOJ's policy, including the development and oversight of effective compliance programs and document collection and preservation practices.

[View source.]

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Ballard Spahr LLP | Attorney Advertising

Written by:

Ballard Spahr LLP
Ballard Spahr LLP
Contact
more
less

Ballard Spahr LLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide