Skip to content
Fairwords LogoFairwords Logo
  • Product
    • Guide – Prevention & Training
    • Review – Risk Scoring & Supervision
    • Keep – Archiving & Retention
Request a demo
Back to Resources

Fairwords Weekly: Addressing Ephemeral Messaging Compliance Risk and Information Retention, and Managing Communications Compliance

April 27, 2023

“Although ephemeral messaging is short-lived, the consequences of failing to comply with data preservation and regulatory obligations may be long lasting.”

 – Sheila Raftery Wiggins, Partner, Duane Morris LLP

This week, we consider the long-term compliance, regulatory risk, and information management requirements of using quick communication methods and highlight what companies should do to protect themselves. Next, we explore three considerations for managing communications compliance that allow companies to build trust with clients while mitigating risk. Finally, we learn the importance of establishing effective compliance programs and retention policies and procedures that specifically include ephemeral messaging.

Quick Communication and Long-Term Legal Risk

Legal department leaders have identified regulatory compliance as a top strategic priority due to evolving regulations related to ESG, data privacy, cybersecurity, and more decentralized teams. Legal teams have a broader range of information to consider, making compliance increasingly complex. Information governance policies and practices must be addressed thoroughly as organizations generate as much as 7.5 septillion gigabytes of data per day, growing by 23% each year. Organizations must have a plan and standard operating procedures for employees using messaging apps, which can be subject to discovery in the case of litigation. In-house legal teams should review their organization’s communication methods and information management policies to prepare for potential litigation.

Now You See Them, Now You Don’t: Regulatory Risks of Ephemeral Messages

The use of ephemeral messaging apps by corporations is becoming more widespread globally, offering cost savings and speedy communication. However, concerns have arisen about how this technology affects data preservation, employee monitoring, and compliance obligations. Regulators in the US, EU, UK, and Hong Kong have focused on controls around the use of these apps. The DOJ and SEC have recently announced they will make such messaging a focus of their regulatory efforts. The EU has noted that encryption, typically used in ephemeral messaging, protects data privacy and confidentiality, while global regulators have reservations about the impact of such communications on investigative access. Companies are urged to undertake a global assessment of the risks of ephemeral messaging practices.

3 Considerations for Managing Communications Compliance

The phrase “The customer is always right” has guided businesses to prioritize customer needs, but it can become dangerous regarding communications compliance. Financial service providers must balance their clients’ desire for quick, easy mobile communication with strict data security and confidentiality regulations. To strike a balance, financial institutions should provide secure and compliant mobile communication options and be transparent about security measures. They can also use compliance technology to prevent non-compliant communications, track and analyze internal and client-facing communications, and conduct a gap analysis to identify blind spots in compliance programs. By doing so, financial service providers can build trust with their clients while protecting themselves from risk.

Preservation of Ephemeral Messaging for Business Purposes

Ephemeral messaging apps, such as WhatsApp and Snapchat, are becoming increasingly popular due to their end-to-end encryption and automatic deletion of messages, making it harder for hackers to access data. However, legal risks are involved despite the benefits of reduced data storage and enhanced privacy. Compliance with subpoenas and data preservation when litigation is “reasonably anticipated” are two areas that must be considered. Regulators such as the SEC advise against using apps that allow the automatic destruction of messages. At the same time, DOJ updated its Evaluation of Corporate Compliance Programs to consider the adequacy of compliance programs. Establishing effective compliance programs and reviewing document retention policies and procedures, including ephemeral messaging and mobile device data, is essential.

Share Resources

Related Projects

  • Fairwords Weekly: Internal Investigations and Remote Work, Ethical Culture and Profitability, Uncertainty and Compliance, and More
    Fairwords Weekly: Internal Investigations and Remote Work, Ethical Culture and Profitability, Uncertainty and Compliance, and More

    Fairwords Weekly: Internal Investigations and Remote Work, Ethical Culture and Profitability, Uncertainty and Compliance, and More

    1:05 am
  • Fairwords Weekly: Compliance as a Competitive Advantage, Progressing and Future-Proofing Compliance Plans, and More
    Fairwords Weekly: Compliance as a Competitive Advantage, Progressing and Future-Proofing Compliance Plans, and More

    Fairwords Weekly: Compliance as a Competitive Advantage, Progressing and Future-Proofing Compliance Plans, and More

    5:29 pm
  • Fairwords Weekly: Compliance Leader Insights, Regulatory Updates, and Investing in a Culture of Compliance
    Fairwords Weekly: Compliance Leader Insights, Regulatory Updates, and Investing in a Culture of Compliance

    Fairwords Weekly: Compliance Leader Insights, Regulatory Updates, and Investing in a Culture of Compliance

    1:01 am

Copyright @2022 · Fairwords

Page load link

Hear from Fairwords

Sign up to receive content that will help you elevate your company culture through improving the quality of your written communications.

  • This field is for validation purposes and should be left unchanged.
Go to Top