The widespread use of electronic communications channels allows us to create and share information on a scale never before imagined while at the same time easing the common logistical burdens and time constraints of conventional communication. Smartphones, e-mail, tablets, text messages, instant messaging, and social media—all once viewed as emerging technologies—are now commonplace communications channels. Survey statistics indicate:
- In 2013, business email accounts total 929 million mailboxes
- In 2013, the majority of email traffic comes from business email, which accounts for over 100 billion emails sent and received per day
- 78% of US email users will also access their emails via mobile by 2017
- Worldwide IM accounts are expected to grow from over 3.4 billion in 2013 to over 4.4 billion by year-end 2017
- 67% business professionals are using text messaging for business- related communications
- 72% of online adults use social networking sites.
In the business context, the proliferation of electronic communications channels and data types present both risks and rewards. Striking the right balance is important. Errors can range from minor typos and the transmission of inaccurate information to more large scale and problematic failures involving information preservation and production in the litigation context.
Ten Questions to Consider- Electronic Communication Channels
Electronic communications protocols can help minimize risks and improve overall organizational process defensibility. In designing these protocols, consider assessing the different ways stakeholders within the organization communicate for business purposes, and defining organizational expectations and approved technology.
In addition and importantly, protocols are only valuable to the extent employees and those covered by it understand it. To that end, the organization should consider implementing practices to train, refresh and retrain those responsible for implementation and compliance.
Questions to consider in assessing and integrating electronic communications channels with related information governance practices include:
- What types of communications channels are authorized for business purposes?
- What types of devices may be used for conducting company business (company-issued, personal, some combination)?
- What types of policies or protocols are needed to set expectations regarding electronic communications for business purposes?
- What types of practices are needed to communicate, educate, refresh, and retrain the workforce on those expectations?
- Who are the key company players that should be involved in assessing and setting policies?
- What types of practices need to be implemented to consider impacts from people movements (e.g., movements to new business units or geographies, exiting the company, etc.)?
- How will data or information be managed (including security considerations) from these new communications channels that are authorized for business purposes?
- What happens when devices need repair or are lost and when technology changes- both to the data and information and with regard to new protocol provisions or practices?
- What types of information governance considerations, including with regard to records retention, preservation or legal hold do these communications channels present?
- How might information governance policies or practices need to be updated to address any new electronic communications channels?
Electronic Communications Protocols
Robust electronic communication protocols offer an enterprise-wide approach for addressing electronic business communications. Key elements to consider include:
- Define expectations- regarding electronic communications for business purposes, including which channels may be used for business communications and which channels should not be used for substantive business communications. For example, some organizations may have instant messaging or voice mail capabilities, but may state in their protocols that such communications channels may not be used for substantive business communications.
- Define scope- some key elements to address include: types of channels (such as email, voicemail, instant messaging, text messaging, personal devices), populations the policy will apply to (such as employees, contractors, the Board, etc.), expectations regarding use, user guidelines and prohibited uses, controls and security, restrictions (hardware, software, applications), copyright and licensing, monitoring and privacy, data, security, and personal devices.
- Reflect stakeholder behaviors- consider the different ways that stakeholders within the organization communicate, determine which communication methods are important to business operations, and address those communications channels, including any expectations and limitations.
- Assess and address approved technology, authorized capabilities, and communications devices- define approved devices for business communications (e.g., company-owned or provided, personal devices, etc.) together with any limitations on use, including whether certain applications may be accessed or downloaded, whether unique information may be stored on any mobile or personal devices, etc.
- Describe privacy considerations- describe any monitoring, remote wiping capability, location tracking or other practices that may impact privacy, and how privacy requirements in certain jurisdictions may impact the organization's risk assessment of and approach to any communications channel.
- Keep it fresh- protocols are only valuable to the extent that they are fresh and understood. Accordingly, the organization should consider continually refreshing the protocol to reflect new business realities and practices, and retraining those responsible for implementation and compliance.
- Implement integrated approach with information governance practices- more on this below; set triggers or considerations to help ensure that changes to electronic communications protocols are assessed and addressed in relevant information governance protocols.
Integrating with Information Governance Practices
Connecting the dots between electronic communications and information governance is more important than ever before. Following are some issues to consider in connection with three information governance practices in specific: litigation hold efforts, personal mobile device management, and records retention.
- Preservation; Litigation Hold Efforts – Most organizations understand the need to preserve documents and institute legal holds when litigation commences or is reasonably anticipated. Recent sanctions orders issued in In re Pradaxa and In re Ethicon illustrate, among other things, the importance of the scope and language of legal hold notices, reviewing definitions included in requests for production to assess what types of electronically stored information have been requested and to object as appropriate, and approaches for managing compliance with legal holds.
As organizations assess their litigation hold efforts, some issues to consider include: Does the organization have a detailed legal hold policy and process documentation together with a protocol or process for updating, as appropriate? When legal hold notices are issued, how is the scope (including information from various electronic communications channels) defined and determined? When discovery demands are received, how are scope issues addressed? Do custodian interviews include questions regarding various electronic communications channels that may be used for business purposes? What types of practices or tools does the organization implement or use to facilitate issuance and tracking of legal holds? How are employee movements addressed? How are technology changes addressed? What is the process for refreshing and reissuing legal holds?
- Personal Mobile Device Management- According to a 2012 survey conducted by the Aberdeen group, approximately 80% of organizations allow employee-owned devices to be used for work. Among the benefits cited by proponents of “bring-your-own-device” (“BYOD”) is increased productivity, allowing employees to more easily integrate business opportunities and obligations into their daily life. At the same time, BYOD practices can present e-discovery and information governance concerns.
Issues to consider in integrating electronic communications and BYOD information governance strategies include: Does the organization have user guidelines for BYOD and provide training on the guidelines? Do the guidelines address issues such as: scope, password protection, device registration, company expectations, and privacy? Are practices in place in to avoid the storage of unique business information on personal devices and ensure that all business information from the device is also captured on a centralized system? Do the organization's mobile device management practices include remote wipe capabilities? Has the organization assessed what types of preservation and litigation hold efforts might be needed? What happens when devices are lost or stolen or when employees leave the organization? What practices may be needed to collect information from personal mobile devices, if necessary?
- Records Retention- As permissible electronic communications channels expand, consider whether any corresponding changes to records retention practices are necessary.
Questions might include: How are records defined? How are records retention policies communicated and updated? Is training provided and refreshed? If an organization does not generally retain certain types of information from electronic communications in the ordinary course of business, do system capabilities enable individuals to retain that information and how should that be addressed? How do legal holds impact records retention practices, and how are those impacts communicated? What protocols or processes are needed to trigger an assessment of records retention practices to help ensure that new business practices that may result in new business information or record types are included as appropriate?
Electronic communication plays a critical role in today's dynamic, fast-paced business environment. It allows us to stay connected, communicate messages to broad audiences, and to efficiently conduct business around the world in a manner that transcends borders and time zones. As organizations continue to leverage technology to work smarter, integrating protocols for electronic communications and information governance will become increasingly important. Building bridges to link triggering events to assessments and appropriate actions can help drive systemic continuous improvement and enhance overall process defensibility.