Teams, Slack, Zoom. Can you imagine a workday over the past few years without them?
While these types of collaboration tools certainly aren’t new, it goes without saying that the COVID pandemic made them a crucial part of our daily life and workplace culture.
It’s also no exaggeration to say their ubiquity can create real risks for businesses. Inadvertently or not, they may allow employees to sidestep the well-controlled data storage and information governance practices of the traditional workplace. Not only are employees now creating huge volumes of new communication data — those same communications often contain informal, “uncensored” content that is indefinitely stored in undocumented or uncontrolled locations.
What we love about these tools can also lead to serious problems. Functionality that supports a wide range of business needs also allows for more casual interactions, and the relaxed tone and tenor of these more informal platforms is often a welcome reprieve from the formality and structure of more traditional forms of business communication.
But the slope from informal to inappropriate communication can be slippery. Employees may fail to consider that, just like any other non-privileged communication, chat box comments and all of the other written communications that occur within these tools are likely not private and may come to light down the road, whether during due diligence prior to a merger or discovery during litigation.
What makes this even more challenging is that companies may not have a clear view of which collaboration tools are actually being used. Ideally, employers could simply set the rules and safely assume employees will only use authorized applications consistent with the organization’s information governance and records management policies. The reality, though, is employees will often find the path of least resistance. If their organization doesn’t provide the ones they want, they will find and use them on their own.
To mitigate these risks, every organization’s near-term to-do list should include an effort to determine what applications employees are using for business purposes, where they are being used (e.g., mobile device or laptop), what types of data they are generating, and how that data is being stored, where and for how long.
Ask if your company has an information governance policy that governs the creation, maintenance, and defensible deletion of its business records. If so, there’s a good chance you’re already a step ahead.
If the answer is “not yet,” the following questions may help you find the needed motivation. What’s often overlooked is whether those practices and policies have been updated to account for virtual white board snapshots, Slack messages, Teams channels and other new data types.
- Did you know that many collaboration tools allow meetings to be recorded and can automatically generate text-searchable transcripts of the discussions, or that they often allow for one-on-one and group chat messages to be saved virtually anywhere at the user’s discretion?
- Do you know who is saving what type of data and where it is being saved? If not, consider that any data created using these collaboration tools may qualify as a business record, and may also be subject to legal hold obligations in litigation, investigations, or other civil proceedings. Functionality like virtual whiteboards, where ideas and concepts can be recorded in real time and saved by the user or another meeting participant, may be a source of these records.
- If you become involved in litigation, an investigation, or other legal proceeding, how will your organization make sure that potentially relevant content from these data sources is appropriately identified, preserved and collected? Don’t overlook the fact that license level, deployment settings, or subscription features of a particular tool may affect the organization’s ability to create, save and even delete files.
Collaboration technologies and the informal communication mechanisms they offer were a game-changer for our ability to stay connected during the pandemic, and they are here to stay. The trick to successfully mitigating the business and legal risks they can present is to make sure your organization has a firm grasp on the different applications being used across the organization, and on how and where the resulting data is being stored.
Armed with this information, the organization is better suited to make sure its information governance and litigation readiness practices account for these important, and often “enlightening” data sources.
Julie Anne Halter is an E-Discovery lawyer and chair of the E-Discovery Analysis and Technology Group at K&L Gates.