Bloomberg Law

Police tuning on smartphones at work poses risks and repercussions if done wrong

Unauthorized messaging by employees is a growing problem for public companies that face legal and regulatory risks if communications are outside formal channels.

Companies are struggling to stay up to date with messages among employees equipped with pocket-sized personal computers in their smartphones. Besides having to deal with encrypted apps like WhatsApp, they face challenges around setting clear policies and educating their employees about potential risks.

Ministry of Justice repression About the company’s control of employees’ smartphone messages, the Securities and Exchange Commission probe In the use of external messaging by asset managers, modern settlements A total of $1.8 billion affecting 11 Wall Street banks, all pointing to an increased regulatory focus on unsupervised employees’ use of messaging apps.

“We’ve seen it with banks, but every company has this problem,” said Ian McGinley, a former assistant US attorney for the Southern District of New York. “The Securities and Exchange Commission and regulators will look at other industries and question their practices.”

It probably won’t be enough to just have policies and procedures in place, said McGinley, who now works with Akin Jump. “We are moving towards a system where you need a technology solution or at least try it out.”

fireplace phones

Policies for employee communications vary. Some companies require employees to perform work on official devices, while others allow the use of personal devices with limited applications allowed.

Ryan Rolfsen, a former attorney general at the Department of Justice who co-chaired the global anti-corruption and international risk practice at Ropes & Gray, said unauthorized messages could mean companies lose control of their data.

“It’s the old version of employees who take paper files and take them home, and never bring them back to the office,” Rolfsen said.

Companies can suffer litigation setbacks if they are not able to fully satisfy the discovery requests for internal communications. The defense against certain allegations may suffer if the corporate defendant does not have access to the relevant messages.

“You can’t refute them or you can’t muster a defense so to speak,” Rohlfsen. “If there is a wrongdoing, it is difficult to discern who was involved and to what extent.”

Companies sometimes focus too much on individual policy violations, rather than thinking about whether they need to adjust their policies and procedures, according to Veronica Martinez, a Duke University law professor who specializes in professional and regulatory ethics.

“How do we prevent them from not engaging in this behavior again, that is the broader question,” Martinez said. “Often when there is a failure to comply, people narrow down on the very specific thing in front of them rather than think more broadly about what the more systemic problem might be.”

Rodgin Cohen, senior president at Sullivan and Cromwell, said company culture is an important factor.

It “consists of trying to instil in you that the rules are the rules. And it acts quickly and decisively when there are violations,” Cohen said.

There are still restrictions. “There are so many ways to communicate, and you can’t watch them all,” Cohen said. “If two people want to break or violate the company’s mandate, they can each get a burner phone and call each other on the burner phone.”

The Securities and Exchange Commission has question Money managers to obtain information about who oversees the maintenance of electronic communications as part of their ongoing investigation.

advanced technology

The encrypted messages that make communications out of reach is a difficult challenge for companies that are more accustomed to monitoring traditional messages, such as unencrypted email.

“When you think of some of the most popular messaging apps like WhatsApp or Signal, they are by design for encryption and point-to-point communication,” Rohlfsen said.

If there is no ability to monitor messages such as a company, for example, with an employee’s email, they may need to physically inspect the phones, Rohlfsen said. Attempting to perform hold checks can be cumbersome and require more resources.

“It’s very intrusive on people. You obviously can’t do that with every employee around the world. You have to be targeted,” Rolfsen said.

Rohlfsen said companies that issue phones to employees can specify that employees must hand over devices for on-demand review.

Martinez said the SEC’s recent fines weren’t the first time employers had gotten into trouble for talking about sensitive or confidential information outside the company’s platform.

“WhatsApp is the latest iteration of what has been happening for years,” she said.

#Police #tuning #smartphones #work #poses #risks #repercussions #wrong

Leave a Comment

Your email address will not be published. Required fields are marked *