Mike Pagani (mpagani@smarsh.com) is Chief Evangelist at Smarsh in Portland, OR.
Let’s face it, texting is simple, concise, and supported by virtually every mobile device, operating system, and wireless carrier. This makes it the go-to preference when an employee needs to communicate with their colleagues, customers, or prospects in a time-crunched, always-connected society.
In fact, according to the Pew Research Center, 97% of Americans who own smartphones use them to send or receive text messages,[1] demonstrating that mobile messaging is one of the most widely used forms of electronic communications today. However, even though texting is easy, reliable, and efficient, if it’s used for official business communications, it can create tremendous risk for a company.
Text messages can be problematic
When you consider the countless regulatory, legal, and general risk and brand management challenges that companies must manage today, you might think email and other official communications using social media accounts and corporate websites are the only content types that need to be archived or actively supervised. Although its use by employees for official company business is often prohibited by organizations, the reality is that text messaging does get used and therefore should be governed the same way as all other channels. Sending text messages between mobile devices is now one of the key ways that employees connect with each other and customers, and these records need to be maintained for completeness.
According to the Smarsh 2017 Electronic Communications Compliance Survey Report, one alarming thing is that companies don’t give text messaging the same level of recordkeeping attention as other forms of digital communications.[2] Many don’t have an archiving solution in place for the retention and oversight of text messages, which causes problems and significant risk when facing a regulatory examination, an open records request, an investigation, an e-discovery event, or litigation.
Compliance, Legal, IT, and risk and reputation professionals across a variety of litigious and regulated industries are now realizing that proactively automating the archiving and supervising of text messages is necessary to mitigate the myriad of potential risks that arise, because their records retention and oversight practices are not keeping pace as employee use increases. They need to meet the challenge of accurately identifying specific sources of additional risk with this form of communication as employees use it for business purposes. Text messaging without proper governance is a major gap that can no longer be ignored.
The following circumstances have organizations worried about recordkeeping challenges related to text messaging.
Searchable and retrievable format
Text messages must be kept in a searchable format that cannot be tampered with, destroyed, or otherwise disposed of by anyone deliberately or accidentally. Text messages must also be produced in a timely manner for e-discovery, public records requests, and regulatory examinations to meet firm deadlines.
Retention issues
A company may operate a tremendous number of mobile devices through contracts with one or more carriers, and erroneously assume text records are being retained by the carriers. However, carriers typically only keep text messages long enough to ensure delivery to all parties before deleting them from their systems, and they aren’t obliged to provide records of them either. The responsibility for retaining and producing requested text messages lies with the organization that creates the records.
Proper oversight
Organizations can no longer say, “we didn’t know” as an excuse to avoid archiving and performing proper oversight of text messages. Several well-publicized cases involving text business messages that have been lost, altered, or mishandled in the public sector, financial services, and other industries have alerted us all to the fact that these types of messages must have proper oversight. The good news is, organizations that aren’t yet retaining text messages will find they have plenty of technology options to take care of the issue.
Following email and social media, SMS/text messaging is perceived as the next biggest source of compliance risk by compliance professionals in the financial services industry. The Smarsh 2017 Electronic Communications Compliance Survey Report revealed that when SMS/text messaging is allowed for business communications, nearly half (48%) of firms said they still do not have an archiving/supervision solution in place. In addition, more than two-thirds (67%) of respondents said they are not confident that they could prove the prohibition of text messaging for business purposes is working.
In the public sector, citizens’ expectations have changed in relation to government records transparency and accessibility. Community members and watchdog groups want to be able to readily access information from government organizations and to hold public officials accountable for their decisions. Text-related public records requests are now a lot more common, and people routinely ask for text messages from agencies alongside emails and social media content. Maintaining text records to comply with open records laws means that an organization must be able to easily secure, retain, search, and retrieve those records. Government offices have increasingly faced lawsuits over text messages if they fail to retain and manage them properly.