The use of Zoom, Slack, Microsoft Teams, and other collaboration platforms has increased exponentially since March, when COVID-19 forced many companies to find new ways to support their employees in working from home.
Zoom, the leading videoconferencing platform, reports having 300 million-plus daily meeting participants, while collaboration apps Microsoft Teams and Slack estimate their daily active users at 75 million and 12 million, respectively.
Despite their unprecedented popularity, collaboration platforms are proving to be both a blessing and a curse to the many regulated firms who have adopted them as part of their daily workflows.
True, collaboration platforms have allowed many firms to carry on business as usual (or very close to it) during this New Normal. In many cases, these platforms have helped boost employee efficiency and productivity, despite the physical and social challenges of working remotely.
However, collaboration platforms have also created a variety of risks for many companies, which can lead to legal, security, and compliance issues, if not addressed early and effectively.
When employees use different eComms channels, their messages are often stored not in one centralized archive, but in multiple data silos, in different locations. This can complicate not only message search and retrieval, but also monitoring and supervision, especially if staff share information on unauthorized channels.
Add to this the fact that many collaboration platforms typically lack adequate message retention, eDiscovery, and legal hold mechanisms – and allow users to edit and delete content at will – and you have the perfect recipe for legal and regulatory exposure.
The use of collaboration channels will not diminish even after the threat of the pandemic has subsided. In fact, as customers, partners, and counterparties become more comfortable and accustomed to communicating through these channels, it is more likely to become commonplace.
In light of this, how can organizations satisfy both their communication and compliance needs while using collaboration platforms? Ensure authorized information is being shared exclusively through approved channels? Maximize employee efficiency and minimize corporate risks?
Using collaboration platforms need not be a scary undertaking, even for regulated firms. Here are our Six Top Tips that firms can easily put into practice.
Six Top Tips for Using Collaboration Platforms Compliantly
1.Educate employees about the messaging channels they are allowed to use. Let’s assume that when employees use unauthorized communication channels, it is usually in good faith. That is, because they genuinely did not know what they are – and are not – permitted to use. Organizations must therefore clearly define those channels that have been approved for use, establish rules around their use, and explain what, why, and how messages are being collected.
2. Collect, store, and preserve all company messages in a unified archive. Organizations must be able to access, retrieve, and produce relevant information in a timely manner, without having to scour multiple data silos and fragmented messaging systems in every instance. To do this, firms must ensure all their messages are captured and stored in a secure, unified archive – available for quick retrieval during eDiscovery, audits, investigations, and information requests, with quick turnaround times.
3. Monitor and supervise all messages – and address violations in a timely manner. To mitigate risks and monitor employee communications for compliance with regulatory and corporate policies, organizations must implement an efficient method for supervising their business communications. A robust policy-based supervision program can help firms detect and address potential violations across their archived data early and effectively.
4. Review supervision policies regularly – and refine them as necessary. Over time, organizations acquire new businesses, create additional product lines, and adopt more communication channels. Compliance regulations and corporate policies change – and so do language and word usage. Organizations must regularly review and refine their supervision policies to ensure potentially violative messages are efficiently flagged, and that no messages and communication channels are allowed to go unchecked.
5. Retain data only for as long as it serves a legitimate business need. While data is a valuable business asset, indiscriminate data retention can put organizations at risk of regulatory breaches and enforcement fines. As a rule, only data that serves a legitimate business or regulatory purpose should be preserved. Firms must implement a data retention schedule, so that data that is expired and not subject to a legal hold is defensibly deleted.
6. Determine new collaboration channels are a strategic fit before adopting them. Adopting new technology often means one additional channel for IT, security, and compliance teams to monitor and supervise. To determine the suitability of a platform, organizations must evaluate not only the platform’s features and benefits but also its ability to meet the company’s unique needs. Firms also need to ensure their archiving system can support the new platform.
This post has been sponsored by Global Relay. If you want to know more about Global Relay, go to www.globalrelay.com PlanetCompliance only publishes sponsored content from companies whose products and services we think our audience will find valuable or interesting. For additional information about we handle partnerships and content production, please have a look at the PlanetCompliance Disclosure Policy, which you can find here.