In the world of e-commerce, electronic communications like emails have long been at the heart of operations. But as technology advances, the landscape of communication is shifting. Today, many employees are turning to third-party messaging apps, such as Snapchat, Telegram, WhatsApp, and Signal. Distinctly different from traditional email systems, these apps often reside on personal devices and may incorporate “ephemeral messaging,” meaning messages vanish after a set time. As a business ethics keynote speaker, I’ve heard from far too many clients that the changing communication landscape is creating challenges for data, privacy, and overall operations.
The advent of these applications presents a conundrum for those delving into corporate investigations. Given this evolution, the Department of Justice (DOJ) is working to stay one step ahead. Their recent proposed revisions to the Evaluation of Corporate Compliance Programs (ECCP) underline this. The DOJ’s revamped guidelines now instruct federal prosecutors to probe into a company’s policies related to personal devices and messaging apps, especially those featuring ephemeral messaging.
Kenneth A. Polite, the Assistant Attorney General, outlined the implications for organizations during the ABA’s Annual National Institute on White Collar Crime in 2023. He emphasized that the absence of third-party app communications during an investigation wouldn’t go unquestioned. Prosecutors will investigate an organization’s access capabilities, storage practices, and pertinent local and privacy laws. How a company responds can influence its potential criminal liability resolution.
It’s evident from the DOJ’s position that businesses need transparent message retention policies that are both comprehensively communicated to staff and consistently upheld. Should federal officers come knocking, companies must be ready to disclose their policies’ specifics.
These guidelines are universal, transcending factors like a company’s trading status, size, or workforce. The DOJ cites three main criteria when assessing a company’s compliance program:
- Communication Channels: The prosecutor will evaluate the company’s utilized electronic communication mediums, permissible channels for employees, and any discrepancies based on location or role. The company’s data preservation strategies and their reasoning will also be scrutinized.
- Policy Environment: A corporation’s established policies, from data retention and conduct codes to “bring your own device” (BYOD) norms, come under the spotlight. Companies must meticulously design procedures to retain and access corporate data on personal devices, especially third-party apps. This ensures they can launch comprehensive internal probes when needed.
- Risk Management: Organizations must gauge if using personal gadgets and third-party apps jeopardizes their internal compliance programs, internal investigation capacities, or their response capability to enforcement agencies. Prosecutors will also be interested in understanding any repercussions for policy violations and a company’s disciplinary track record.
Aligning with the DOJ’s expectations may be an uphill battle for many. Beyond formulating the requisite policies, periodic evaluations to pinpoint compliance gaps across various technologies, gadgets, and scenarios are essential. Companies might face resistance from employees wary of potential changes and apprehensive about personal device scrutiny during investigations. Yet, the DOJ’s message is crystal clear: Ineffectively overseeing third-party apps and personal devices might have severe repercussions when gauging a company’s criminal liability.
With other federal and state agencies expected to revisit these issues, companies must introspect and refine their policies concerning employee messaging applications, data preservation, and accessibility.
Act Now!
Every organization must stay ahead of this curve, understanding the intricacies of electronic communications in today’s world. If you want to ensure your company is informed and well-prepared, consider inviting Chuck Gallagher. business ethics speaker, to share his insights on Ethics and Compliance. Let him provide your group with actionable strategies to navigate this complex landscape. Secure your corporate future today!