When it comes to instant messaging for business, the issue of privacy can be a very slippery slope. While employees generally ought not to expect a true degree of privacy concerning their work texts — these are business-related discussions, after all — there is still a distinct unease surrounding the idea of others reading their messages. In fact, most will likely cringe at the idea of their boss scrolling through their instant messages.
Instant messaging privacy issues are a very real part of the business communication landscape, which begs the question: How do you maintain privacy and productivity when it comes to text messaging in the workplace?
Instant Messaging Privacy Issues and “Big Brother”
Most would agree that an employee should not expect their business communications to be fully and truly private. This extends from instant messages, to emails, phone calls, SMS text messages and even in-person discussions. There is generally an understanding that these communications could be subject to review by an administrator or supervisor at any point in time.
Yet there is a sense of unease surrounding instant messaging privacy. We tend to feel a bit uncomfortable with the idea of others reading our messages, even when we’ve done nothing wrong and have nothing to hide. Perhaps it’s a result of feeling as though there’s someone looking over your shoulder; a “big brother” watching your every move and judging not only you, but also the work that you do. That’s enough to make anyone’s nerves a bit frayed, adversely impacting productivity in the process.
To avoid this, company leaders should establish a clear policy surrounding instant messaging privacy and moderation. This instant messaging policy may include the following components.
- When will an employee’s messages be reviewed? – Offer specific reasons for reviewing a staff member’s work-related IMs. Provide clear examples of circumstances that may lead to a review of an individual’s messages, such as auto-generated flags, user flagging, specific blacklisted keywords or some sort of larger issue or conflict whereby these communications can shed light on the situation. Messages may also need to be reviewed in an attempt to gain insight into past discussions with a client or to help a new employee get up to speed. There are also regulatory compliance-related audits and recordkeeping requirements that may prompt a company to seek message data exports.
- Who will have the ability to review others’ messages? – Indicate who has the ability to review and moderate messages, such as an admin or supervisor. Ideally, there should be a very limited number of individuals who can gain access to others’ communications. This is important for alleviating privacy concerns, especially in cases that are more contentious than one where you’re seeking to export message data to comply with recordkeeping regulations.
- What is the process for message reviews? – Explain the process for message review. Will an employee know when their messages have been flagged and are under review? Will they receive notification if a message is removed from a group chat? What are the steps for requesting a messaging data export via an employee-held account on a third-party messaging platform? These are important questions that should be addressed in the process section of the instant messaging privacy policy.
The sense of unease and “big brother” overwatch will be alleviated to a large degree when everyone is informed by the instant messaging privacy policy. This ensures that everyone’s expectations are aligned and there is a reduced risk of seeing related productivity problems.
Instant Messaging Privacy Issues of Regulatory Compliance
Instant messaging privacy issues extend into the realm of regulatory compliance too, particularly when it comes to the healthcare field. Privacy issues abound, the medical field is under a lot of HIPAA-related regulatory scrutiny. PHI or protected health information must be kept private, with very strict standards surrounding how that information is discussed, transmitted, accessed and stored.
Messaging is associated with some distinct challenges because healthcare staff must use a HIPAA-compliant instant messaging app. But beyond this, there is also the issue of privacy to consider when it comes to moderation and oversight.
Again, a clear written policy is an effective mechanism for detailing what degree of privacy and confidentiality is expected, along with the circumstances and processes for reviewing an employee’s instant messages. This policy should also spell out what measures are required for HIPAA-compliant messaging so that everyone is well-informed about the organization’s regulatory compliance burdens.
Instant Messaging Privacy and Personally-Held User Accounts on Third-Party Apps
Instant messaging privacy issues get increasingly complex when a business uses consumer-grade messaging apps to communicate with colleagues, clients, customers and others within the business realm. This creates a company messaging landscape that is virtually impossible to monitor or moderate. Important information in past messages can become irretrievable either due to an employee’s departure from a company or due to the limited message retention that is so commonplace on third-party instant messaging apps.
When using consumer-grade text messaging apps for business messaging, each user has their own account and there is no company “umbrella” to allow for moderation or oversight. Nor is there any way to effectively retain, audit, access or even export messages on messaging apps like Signal and WhatsApp. That is a major problem if someone needs to reference those communications down the road after an employee has decided to move on in their career, leaving the organization with all of their messaging data in-hand.
In fact, since user accounts on third-party messaging apps like WhatsApp are owned and controlled by the individual, there is no easy, legal way for a company to compel an employee to even provide access to his or her business-related messages. This represents a major issue that must be considered if you’re allowing for business messaging via a personally-held account on a third-party platform like WhatsApp, Signal or iMessage. Your company is at risk of losing valuable information contained within that messaging data. This can pose problems across the board, whether it’s an investigation into misconduct or simply an attempt to research past messages with a customer or client. There is also a good chance that the employee is using the texting app for personal communications too — a factor that increases the privacy-related unease if they were to provide their company with account access.
The privacy issues surrounding the use of personally-held accounts on third-party business messaging platforms are so significant that some companies have opted to ban the practice entirely. Instead, employees are required to limit their work-related messaging to channels such as the official business messaging platform and even to company-owned devices.
Keeping work-related communications on a company’s official channels — ones that are auditable and moderation-friendly — simplifies matters for everyone involved, helping organizations achieve the perfect balance of privacy and efficiency in cases where past messages need to be referenced or audited.
As you develop a new instant messaging privacy policy, it is also important to consider whether your company permits the usage of personal devices — a bring your own device (BYOD) allowance — because this can have an impact on the company’s messaging policies.
BYOD has always been a slippery slope and privacy is a big part of that equation. Our smartphones contain a trove of sensitive personal information and most would feel extremely uncomfortable allowing a colleague to access a personal device.
Fortunately, messaging data can typically be accessed without the need to involve the actual mobile device. But it’s still prudent to consider your BYOD practices and whether there is any potential impact on instant messaging policy.
Regulatory Compliance and Third-Party Messaging App User Accounts
Regulatory compliance issues also arise as another challenge with user accounts on a third-party messaging app. Companies encounter challenges when they allow staff to conduct business over consumer-grade instant messaging apps while simultaneously attempting to stay compliant with mandatory recordkeeping requirements — a fact that was recently driven home for nearly a dozen major banks.
A group of 11 banks were fined a combined sum of nearly $2 billion by the Securities and Exchange Commission (SEC) and the Commodity Futures Trading Commission (CFTC) after it was discovered that they were using unapproved messaging apps such as WhatsApp, iMessage and Signal. The banks — which included major corporations, such as Morgan Stanley, Bank of America, Citigroup, Goldman Sachs, Deutsche Bank, Credit Suisse, Barclays and Cantor Fitzgerald & Co. — were issued fines for “pervasive off-channel communications” because they were unable to retain records of the messages. This constituted a violation of federal recordkeeping requirements — one of the many stringent regulations that impact the financial sector.
Instant Messaging for Business Communications: SayHey Messenger®
Highly-regulated industries like the financial sector, insurance industry and the healthcare space will see a dramatic improvement in productivity and overall manageability when deploying an instant messaging app for business. SayHey Messenger® is an instant messaging app for business, designed with the tools you need to achieve and maintain regulatory compliance. The admin portal also allows for easy moderation and data management capabilities. The latter ensures that all message data is retained and auditable for easy reference and reporting.
Instant messaging has become an integral part of the corporate landscape. In fact, messaging apps have been found to be some of the most effective business communication tools. But you need to have the right app designed for business — not a consumer-grade messaging app like WhatsApp because as discussed above, these platforms can lead to serious problems.
SayHey Messenger® is a unique and regulatory-compliant business instant messaging platform that solves many of the challenges that companies face when it comes to communication. The team at 7T developed SayHey Messenger® as a method for patching the holes in your company’s messaging situation.
The SayHey Messenger® app features:
- Data sovereignty for control and ownership of all messaging data;
- Fully compliant instant messaging for regulated businesses;
- Seamlessly integrates into existing company software platforms;
- Admin portal for moderation, auditing, and inclusivity;
- SayHey Spaces for company-wide broadcasts and team collaborations;
- Engaging, intuitive user interface for incredible adoption rates;
- Send compliant SMS messages to external users with full data retention; and
- Custom UI with your logo, colors and branding elements for a style that’s all yours.
SayHey Messenger® offers two regulatory-compliant deployments: a SayHey Messenger® Business deployment with a mobile app platform (for iOS and Android) and web app portal. There’s also SayHey Messenger® Enterprise deployments, which entail storing all messaging data in the client’s private cloud environment and the platform is fully integrated within the client’s existing software platforms, including mobile applications. This allows users to access their instant messages without leaving the screen, leading to greater productivity, higher user adoption rates and better efficiency.
Consider using SayHey Messenger® as your business messaging platform. And the best part? We can deploy this business messaging solution in a matter of days. Contact us today to learn more about SayHey Messenger®.