The use of smartphones in the workplace is commonplace. Smartphones can offer many benefits to employees and employers, such as increased productivity, communication, collaboration, and flexibility. Hence, many companies issue corporate smartphones to employees or allow them to bring their own devices to work (BYOD).

Still, corporate smartphones and BYOD can pose challenges and risks, such as distraction, privacy, security, and regulatory violations. Organizations must implement clear policies and guidelines on using smartphones in the workplace effectively and responsibly.

Many companies implement policies and procedures to ensure the retention of business-related records, including electronic communications, in compliance with their industry recordkeeping requirements. They may advise employees to use approved electronic communications and avoid unapproved methods, including use of their personal devices and apps, such as WhatsApp. They may also prohibit using personal email, chats, or text messaging applications for business purposes or forwarding work-related communications to personal devices for convenience in conducting business outside of normal work hours.

Despite establishing clear policies, companies continue to run afoul of regulatory rules for recordkeeping, such as from the US Securities and Exchange (SEC) for securities brokers and dealers and from the Commodity Futures Trading Commission (CFTC) for traders in commodity futures, options and over-the-counter (OTC) derivatives or swaps. The recordkeeping rules are integral to the agencies’ investor protection functions, where the preserved records are the primary means of monitoring compliance with securities and commodity trading laws.

For example, the SEC requires broker-dealers to create and preserve a comprehensive record of each securities transaction they execute within their broad securities business. In general, if the books and records pertain to an account, the retention period is for six years after the account is closed or six years from the creation date of the books and records. (17 CFR § 240.17a-3 and 17a-4). The CFTC requires traders to keep regulatory records of any swap or related cash or forward transactions from the record’s creation date until the termination, maturity, expiration, transfer, assignment, or novation date of the transaction and for not less than five years after such date. Where the commission requires retaining oral communications, traders must keep oral records for not less than one year from the date of the communications. (17 CFR Part 1 § 1.31.)

Employees often ignore smartphone policies in favor of the convenience of conducting business and personal matters on the same device or using preferred (but not approved) apps to facilitate their work. Also, many companies have not yet implemented a system of follow-up and review to determine if employees are adhering to company communication policies and are committed to their recordkeeping responsibilities.

Company policies should include notifying employees annually that electronic communications are subject to surveillance by the company and implementing sufficient monitoring to ensure employees follow the company’s recordkeeping and communications policies. To investigate and collect targeted smartphone data relevant to SEC, CFTC, and other regulatory compliance issues, teams need to make that data available in one place for review. This enables multiple people, not one investigator, to quickly determine if there is an issue, what the issue is, and to isolate the communications surrounding the issue.

Advanced mobile device collection technology will:

• Collect ONLY the information responsive to compliance initiatives, litigation, or investigations
• Collect data from both Apple iOS and Android smartphones
• Collect short-message chat applications, such as WhatsApp and SMS text messaging
• Monitor recordkeeping responsibilities
• Capture any regulated communications necessary to meet requirements of securities and trading laws
• Protect custodians’ privacy rights to their smartphone data
• Access and transfer ONLY the targeted data authorized by company policies or within the parameters of litigation or investigation.
• Provide a collection inventory summary
• Detail a list by custodian, individual file size and number of messages, threads, and photos.

Technology has advanced recently to bring relief to those corporations and their counsel needing to monitor or investigate dispersed teams with relevant information on mobile devices. To see the advances that ModeOne has made with its patented, revolutionary approach to mobile device discovery, click here.