chevron-down Created with Sketch Beta.
September 16, 2022 Practice Points

Messaging Apps Used for Workplace Collaboration Could Open Companies to Legal Risks

While these platforms have made communicating across the office environment much easier and faster, they can also leave companies open to potential risks.

By Ashley J. Heilprin and Ebony S. Morris

With much of today’s workforce operating in hybrid and remote settings, employers are encouraging the use of various software as a service (SaaS) apps to promote worker communication and virtual collaboration.

The pandemic spawned a new way of working that involved less reliance on being physically in an office and rather leaned more heavily on technology and apps as means of collaboration in lieu of face-to-face interaction.

But while apps have made communicating across the office environment much easier and faster, using these platforms can also leave companies open to potential risks from a data-collection-and-storage perspective that should be considered.

Collecting Information Is Key

Think of all of the apps and different ways that we communicate and document things in our different organizations. These are all part of the information ecosystem and can create issues. The number of people who are using messaging apps has now surpassed social networks. Messenger apps are rapidly increasing and there’s no indication that those are going away. If your company finds itself faced with a potential lawsuit, figuring out where all of the information and data are housed within all platforms will be critical to your case. It can also be extremely difficult to track all of the necessary data and information needed without best practices in place.

Best Practices to Minimize Litigation, Cyber, and Data-Security Risks

If you are working with confidential information, you need to think about “where are you accessing that?” Organizations should have a program of security and privacy awareness and training, including periodic reminders and updates.

  • Topics should include the protection of electronic information; computer systems; avoiding malicious software; social media practices; the protection of paper records; and not discussing client matters in public places.
  • There should be procedures for security-incident reporting and handling, and there should be a designated incident-response team to handle security incidents.
  • Also, internal and client information should be backed up regularly.

Legal Hold & Preservation

If an employer finds itself in a situation where data needs to be collected for a legal matter, a legal hold should be implemented as soon as possible—there is a duty to preserve all data that is potentially relevant.

  • Consult with legal counsel as soon as possible and engage with IT personnel at early stages.
  • Notification is not necessarily sufficient; acknowledgement recommended.
  • Consider follow-up acknowledgements.
  • Consider non-enterprise sanctioned data sources when notifying custodians.

Ways to Preserve Data from Former Employees

While the best course of action may be to collect all electronically stored information (ESI) in advance of termination or transition, this is not always possible. To counterbalance this, having best practices in place can help to mitigate risk.

  • Institute a waiting period before reintroducing previously used electronic equipment back into the current workforce.
  • Develop standard operating procedures around the management of ESI of departing employees.
  • Alert new employees that a legal hold is in place.
  • Keep the legal hold current.
  • Investigate ESI issues through exit interviews—ask whether the employee used personal email or personal storage devices to store company ESI that may be subject to a legal hold.

Ashley Heilprin is a partner and Ebony Morris is an associate at Phelps Dunbar LLP in New Orleans, Louisiana.

The material in all ABA publications is copyrighted and may be reprinted by permission only. Request reprint permission here.

Copyright © 2022, American Bar Association. All rights reserved. This information or any portion thereof may not be copied or disseminated in any form or by any means or downloaded or stored in an electronic database or retrieval system without the express written consent of the American Bar Association. The views expressed in this article are those of the author(s) and do not necessarily reflect the positions or policies of the American Bar Association, the Litigation Section, this committee, or the employer(s) of the author(s).