Categories
Blog

Assessing Communication Compliance: Ephemeral Messaging and Retention

I recently had the opportunity to visit with Alex Cotoia, Regulatory Manager, and Daniela Melendez, an Associate at The Volkov Law Group, on the importance of addressing electronic communications preservation and management in this new age of rapid technological change. They joined penned an article for the Volkov Law Group’s site, Corruption, Crime and Compliance entitled, “Google’s Failure to Preserve Electronic Communications — A Warning to Every Company of a New Reality Surrounding Electronic Data.”

Ephemeral messaging, a method of communication that automatically erases content after a short period of time, is becoming increasingly popular in both personal and business settings. Platforms like Snapchat and Instagram offer features that allow messages to disappear, providing a sense of privacy and security. However, the use of ephemeral messaging in business comes with its own set of challenges and legal implications. Additionally, as both Cotoia and Melendez noted “companies have to devote significant resources and attention to information technology and security, electronic communications and business-generated data, and to overall information security and governance.”

The pointed to a recent case involving Google, where the companies document retention policy for ephemeral messaging was 24 hours, yet a Court Order required such messages be preserved. The Court found Google failed to preserve its chat data, despite a preservation order that directed Google to preserve chat records by changing the default settings for the chat system.  The Court found that Google did not effectively emphasize the importance of those obligations to its employees.

The episode highlighted the concerns raised by the Department of Justice (DOJ) regarding the use of ephemeral messaging for illegal activities, leading to more enforcement actions. This poses challenges for investigations, particularly in the corporate sector. They related that at a “fundamental level, the case underscores the criticality of applying document preservation policies to all media used by an organization’s employees to conduct company business. This echoes guidance provided by the U.S Department of Justice in the context of recent updates to its guidelines concerning the “Evaluation of Corporate Compliance Programs.”  The most recent iteration of those guidelines calls on companies to thoroughly understand the various communication channels—including ephemeral messaging applications—utilized by a company’s employees to conduct business.”

The Google case is as an example of the legal liabilities and sanctions that can result from failing to preserve relevant evidence. In this case, Google was sanctioned by a district judge for failing to preserve employee chat evidence relevant to an antitrust litigation. The employees did not follow the company’s policies regarding document preservation, leading to legal consequences.

The implications of the Google case extend beyond commercial litigation and preservation of evidence. The DOJ’s focus on ephemeral messaging applications in their guidelines for evaluating corporate compliance programs sends a clear message to organizations that they need to adopt or refine their data preservation policies in relation to employee communication.

One of the key considerations for companies is to assess their risk profile and determine whether ephemeral messaging applications are appropriate for conducting business. High-risk industries, such as those prone to corruption, should prohibit the use of these applications due to the potential for concealing illegal activities. On the other hand, companies with lower risk profiles may be more lenient in allowing employees to use ephemeral messaging applications for legitimate business purposes.

The DOJ guidelines also emphasize the need for companies to proactively manage authorized communication channels, monitor and preserve all business-related electronic data, and develop specific policies for employee obligations regarding personal devices and document retention. This requires companies to account for all communication channels, maintain data consistently, and constantly monitor content for any evidence of illegal activity.

The Google case serves as a wake-up call for companies accustomed to more lax preservation policies. It highlights the importance of enforcing existing policies and providing comprehensive training to employees on document preservation. Failure to do so can result in legal consequences and sanctions.

Cotoia and Melendez also reported that they observed “an uptick” in inquiries from clients regarding ephemeral messaging policies and the need for guidance in this area. Companies are seeking advice on how to navigate the challenges and legal implications associated with ephemeral messaging in business.

The use of ephemeral messaging in business presents challenges and legal implications that organizations need to address. It is crucial for companies to refine their data preservation policies, consider the appropriateness of ephemeral messaging for their business, and proactively manage authorized communication channels. By doing so, companies can mitigate the risks associated with ephemeral messaging and ensure compliance with legal requirements.

Categories
FCPA Compliance Report

FCPA Compliance Report – Alex Cotoia and Daniela Meléndez Communications Compliance

Welcome to the award-winning FCPA Compliance Report, the longest-running podcast in compliance. In this episode, Tom Fox welcomes Alexander Cotoia and Daniela Meléndez from the Volkov Law Group to discuss the challenges and legal implications of ephemeral messaging in business.

Cotoia’s perspective emphasizes the significant risks ephemeral messaging poses for companies, particularly in terms of compliance and data preservation. He advocates for proactive measures, such as refining data preservation policies and monitoring all business-related electronic data. Similarly, Melendez, with her extensive knowledge and experience in conducting internal investigations, underscores the potential legal liabilities companies may face if they fail to secure relevant information. She cites real-world examples, like the Google case, to stress the importance of enforcing document preservation policies and educating employees on their responsibilities. Join Tom Fox, Alex Cotoia, and Daniela Meléndez as they delve deeper into this topic on the next episode of the FCPA Compliance Report podcast. 

Key Highlights:

  • Ephemeral Messaging: Balancing Compliance and Risk
  • Preserving Evidence and Compliance in Messaging
  • Data Preservation Policies and Risk Assessment
  • Paradigm Shift in Monitoring Business Communications

Resources:

Alex Cotoia on LinkedIn

Daniela Melendez on LinkedIn

Volkov Law Group

Google’s Failure to Preserve Electronic Communications — A Warning to Every Company of a New Reality Surrounding Electronic Data

Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn