Electronic communication is the new normal in every walk of life, including the corporate world. Communicating on a mobile device anytime from anywhere has several positive attributes. While this is extremely appealing to organizations, monitoring and preserving business-related data has become more difficult. Important information often may be stored on an employee’s personal device or with a third party.
During a litigation or investigation, organizations are responsible for preserving all potentially relevant data even if it is not maintained within the corporate walls. This can potentially cost a lot of time, money, and other resources.
How can you avoid losing data that is created and kept outside of the corporate environment? Below are a few practices organizations can use to accomplish this and decrease the risk of legal exposure:
1. Determine what communication applications your employees are using
Besides text and email, employees are commonly communicating with several other chat and video applications. It is critical to determine how your employees are communicating in the regular course of business so your organization can determine what is acceptable and what should be prohibited. Some ways to accomplish this are:
-
Circulating anonymous questionnaires
-
Conducting face-to-face interviews
-
Holding open forum meetings
Periodically conduct these investigations to keep up with communication trends. Doing so will keep your organization regularly informed about new and emerging data developments.
2. Implement written policies
Every organization should have policies surrounding both corporate and personal devices used for business by employees. The policies should first and foremost address what type of communication is allowed. Policies can be drafted to either limit the use of certain applications, or ensure all business activity is transacted within the corporate infrastructure. Your policies should also address what type of data need to be backed up or otherwise preserved.
Managing BYOD and eDiscovery
Many companies are creating “Bring Your Own Device Programs” which allow employees to use personal devices for work-related purposes. If your organization allows for BYOD, you should have a policy that grants ownership of business data to your organization and provides you with access to the device if it needs to be imaged.
Commit to compliance
Lastly, it is crucial to have a policy relating to the repercussions employees will face for failing to comply with these policies. In order to monitor and enforce these policies, organizations should invest in proper training to guarantee that all employees understand the policies.
3. Review current contracts and amend if necessary
What if important data is in the hands of an independent contractor or third-party service? Your organization must review existing contracts with these entities to see if data preservation is addressed. Ownership and access to data should be included. If any of this is not present in your current contracts, your organization should attempt to amend the contracts and make sure all contracts going forward tackle these issues.
