Not so long ago, remote communications among colleagues or with customers and suppliers were essentially confined to two mediums: phone calls and emails. This limited number of channels made monitoring, retaining and retrieving records reflecting such communications relatively easy for companies if they found themselves involved in a dispute or litigation in which such evidence could prove relevant or determinative.
Now, however, the connectivity that sustained so many businesses through the pandemic involves multiple channels, from videoconferencing platforms to instant messaging through collaborative tools like Slack and Microsoft Teams to encrypted messaging services like WhatsApp. Much of this communication takes place on mobile devices, whether those issued by a company or employees’ personal devices. This has made it far more challenging for businesses to keep track of and preserve the constant stream of electronic communications among their workforce and with third parties. This lack of oversight and record management can expose companies to legal risks. And these dangers are most manifest in that most ubiquitous form of electronic communication: text messaging.
Compliance, legal and IT professionals now realize that proactively automating the archiving and supervising of text messages is necessary to mitigate myriad potential risks arising from insufficient records retention and oversight practices. For distributors, allowing employees to conduct business through text messaging without proper governance is a major compliance gap they can no longer ignore. Here are three reasons why companies need to get a handle on their texting policies and practices.
The Informality of Texting
Texting is largely seen as a much more informal way of communicating than email, hence the copious use of acronyms, emojis and other forms of digital shorthand in text messages. But while a causal and relaxed approach may suit personal communications, it can lead to sloppiness in business matters. An employee may not see a text as being as “official” as other forms of communication and make statements, admissions or commitments that they otherwise would be more careful about. As discussed below, this attitude can be costly and damaging to their employer if such texts become relevant to a dispute or proceeding.
Legal and Evidentiary Risk
In business litigation, as well as government investigations or prosecutions, a company’s records are center stage. In the best case, those records can serve as evidence to support or defend a claim. Conversely, they may contain damaging, problematic or embarrassing material. Either way, the party on the other side of the dispute will ask for – and be entitled to receive – all relevant business records. And from an evidentiary perspective, there is no difference between a printed document, an email and a text message. All will need to be turned over if properly requested, and all can be admissible as evidence in court.
Recent high-profile cases, including the Congressional investigation and criminal prosecutions related to the Jan. 6 insurrections, have illustrated both the importance of text messages as evidence as well as the scrutiny and legal exposure faced by those who fail to retain such communications.
It is irrelevant if a text was sent or received on a company-owned device or an employee’s personal device; if it is relevant, it is subject to production. If a company fails or is unable to produce requested text messages, it can face consequences for spoliation of evidence, which involves the tampering, destruction or concealment of evidence relevant to current or future litigation. Additionally, failing to retain text messages can deprive a company of favorable or exculpatory evidence.
Businesses should not make the mistake of believing that the content of text messages can be retrieved from phone carriers, as they only retain such content until they confirm delivery, if they retain it all.
Most text messaging services are not highly encrypted and vulnerable to unauthorized access or other breaches. Hackers can use text messaging to acquire a company’s sensitive commercial information or the personal information of individuals. Phishing texts may also be an avenue through which cyber criminals can gain access to a company’s larger data systems, putting them at risk for ransomware and other cyber attacks.
For these reasons, archiving, monitoring and producing text message data should become a core part of a company’s overall electronic communications and record management and retention regime.
Companies should put policies in place to manage the use of text messaging, including delineating what kind of information can be shared in texts and what devices employees can use for business communication (whether personal or company-owned). Third-party IT vendors can provide text message archiving solutions that can create a comprehensive, searchable record of all text messages sent and received by employees on their devices. Exclusive use of encrypted messaging apps can reduce security vulnerabilities and ensure that all texts are exchanged through the same system.
The bottom line is that distributors cannot treat text messaging by employees regarding business matters as casually as many of us do in our personal lives. Recognizing these communications as the critical business records they are is the first step towards shielding your company from unnecessary risk and exposure.
If you have questions or concerns about the risks of using text messaging to conduct business, please contact me at 312-840-7004 or [email protected].
Fred Mendelsohn is a partner with Burke, Warren, MacKay & Serritella PC in Chicago.