How to Get the 👍 From Compliance on Collaboration Adoption

Team Wiretap
2/18/19 11:26 AM

The workstream collaboration market continues to grow, and business leaders are paying attention. When introducing tools such as Workplace by Facebook, Yammer, Microsoft Teams and Slack, you will need to explain how your organization will manage legal risk and remain compliant with industry and data regulations such as HIPAA or the GDPR.

Your adoption journey will go much more smoothly if you’re prepared to answer the following questions for your compliance team:

In the wake of new data regulations like the GDPR, how can we ensure compliance within digital collaboration platforms?

The European Union’s General Data Protection Regulation, or GDPR, went into effect on May 25, 2018, affecting companies all over the globe. The State of California even passed its own form of the regulation, with some calling it “GDPR Lite.” Considered the most important change to data privacy regulations in the past two decades, the GDPR is top-of-mind with your compliance leaders and they will need to understand how to remain compliant within internal communications.

There are two major areas of the GDPR that you should pay attention to:

  1. Data Subject’s Right to Access
    Any citizen of the EU has the right to request access all of their data stored– this is called a Data Subject Access Request (DSAR). This applies to employees and any communication data that might be generated in these tools.
  2. Data Subject’s Right to be Forgotten
    In addition to accessing their data, all EU citizens have the right to be forgotten—basically, the right to have their data erased. This also applies to employees and any communication data that might be generated in these tools.

So, when it comes to the digital workplace, the best way to control legal risk is to select a data management tool that can efficiently capture and export all conversations and communications to/from an individual in the event of a DSAR. You also need a tool that has the ability to delete all of the user’s data from both the platform and any archives, should an employee request erasure or simply to comply with your organization’s retention policies.

How do we ensure that employees adhere to our organization’s own policies within tools like Workplace by Facebook, Microsoft Teams, Yammer and Slack?

Aside from industry or federal regulations, each organization also has a robust set of its own policies and guidelines for appropriate behavior. For example, generally employees sign a code of conduct that states they will treat fellow employees with respect and dignity. Yet, we see headline after headline of harassment or discrimination issues within the workplace.

Workplace collaboration tools offer coworkers a more casual and faster way to communicate with each other, but it also opens the door for conversations that are not necessarily appropriate in the workplace. Ease concerns of both your compliance leaders AND human resources by implementing a real-time monitoring solution that specifically looks for inappropriate behavior which could lead to psychological or legal risk.

How can we ensure compliance of groups and chats that are private, closed or secret?

Depending on what tool your organization selects for its digital workplace, administrators don’t always have out-of-the-box access to monitor the private communication areas. This can be concerning when 43% of all messages on collaboration platforms occur within private groups or one-to-one conversations. Without any insight into what your employees say in these messages, it’s hard to protect the rest of your workers and the overall company from unsafe sharing or legal violations.

Put your compliance leaders’ minds at ease by implementing a monitoring tool that provides visibility into all message and group types, including private, closed and secret.

The word monitoring may feel off-putting at first, but on a company-endorsed tool it is necessary to keep employees and your company safe. It’s a practice that has been in place for email for decades and when you’re open and transparent with your community regarding monitoring, your employees are likely to be understanding and comfortable with it.

What if an employee edits and/or deletes original content within these collaboration platforms? How do we stay compliant to industry regulations?

Many regulated industries require organizations to save and store data for a specific amount of time (e.g. HIPAA, FINRA). This includes the communication data that is generated within collaboration platforms. Not to mention, when dealing with litigation or other regulatory compliance issues, the importance of a searchable archive is unrivaled. How else would they collect evidence to try a case?

Bring a plan to your compliance team for how you are going to keep conversation data—including edits and deletions—in a searchable archive.

A Natural Pair: Archive and Retention

If you are storing all of your collaboration content, that can mean that you are storing a lot of data over months and years. As time passes, stored data serves less business value (or even legal value) because it is so outdated.

At that point the data is really only a liability that could get in the wrong hands. To control risk and reduce storage costs, organizations commonly implement retention policies to purge data after a set period of time. When selecting an archive solution for your digital workplace, ask if they also offer retention capabilities.


Win Over Your Compliance Team with an All-In-One Risk Management Suite

Aware by Wiretap is your one-stop solution for your digital collaboration compliance needs:

  • Aware monitors public and private communications and automates real-time incident responses.
  • Aware gives compliance leaders access to reduce data liability with comprehensive communication data management—including archiving, eDiscovery, retention and litigation holds.

Aware scans files content, size and type as well as message content­—configurable to catch even the most nuanced instances of potentially illegal sharing.

Request Demo

Subscribe by Email

No Comments Yet

Let us know what you think