Law.com Subscribers SAVE 30%

Call 855-808-4530 or email [email protected] to receive your discount on a new subscription.

The Message Is Clear: Assess Your Information Governance Practices In Light of DOJ and SEC Crackdown on Use of Personal Devices and Messaging Apps

By Jonathan B. New, Patrick T. Campbell, James A. Sherer and Luke E. Record
July 01, 2023

Regulators increasingly are scrutinizing employee use of personal devices and third-party messaging apps ― in particular, but not only, ephemeral apps where messages automatically disappear ― as employees continue to conduct business on multiple platforms and concurrent channels of communication. The Department of Justice (DOJ) recently issued its most comprehensive guidance to date on its expectations that companies preserve all business communications conducted on personal devices and messaging apps. And the Securities and Exchange Commission (SEC) and Commodity Futures Trading Commission (CFTC) continue to aggressively enforce their recordkeeping rules against regulated entities that do not properly preserve their electronic business communications. Notably, while the SEC and CFTC have been focused on regulated entities, the DOJ's guidance applies to all businesses.

This article summarizes the DOJ's recent guidance and the SEC's enforcement trends and priorities in this area, and it provides information governance best practices companies can implement now to ensure they are meeting regulators' expectations and recordkeeping rules.

|

DOJ Policy

The DOJ's focus on individuals using personal devices and messaging apps for business purposes is not new. As far back as 2017, the DOJ issued guidance that companies under investigation for alleged Foreign Corrupt Practices Act violations would be ineligible for full cooperation credit unless they prohibited employees' use of ephemeral messaging. However, after noting that many companies use ephemeral messaging for legitimate business purposes, the DOJ subsequently instead required companies using ephemeral messaging to maintain controls that ensure information is retained pursuant to appropriate retention policies and legal requirements.

This premium content is locked for Entertainment Law & Finance subscribers only

  • Stay current on the latest information, rulings, regulations, and trends
  • Includes practical, must-have information on copyrights, royalties, AI, and more
  • Tap into expert guidance from top entertainment lawyers and experts

For enterprise-wide or corporate acess, please contact Customer Service at [email protected] or 877-256-2473

Read These Next
'Huguenot LLC v. Megalith Capital Group Fund I, L.P.': A Tutorial On Contract Liability for Real Estate Purchasers Image

In June 2024, the First Department decided Huguenot LLC v. Megalith Capital Group Fund I, L.P., which resolved a question of liability for a group of condominium apartment buyers and in so doing, touched on a wide range of issues about how contracts can obligate purchasers of real property.

How Secure Is the AI System Your Law Firm Is Using? Image

In a profession where confidentiality is paramount, failing to address AI security concerns could have disastrous consequences. It is vital that law firms and those in related industries ask the right questions about AI security to protect their clients and their reputation.

The Power of Your Inner Circle: Turning Friends and Social Contacts Into Business Allies Image

Practical strategies to explore doing business with friends and social contacts in a way that respects relationships and maximizes opportunities.

Pleading Importation: ITC Decisions Highlight Need for Adequate Evidentiary Support Image

The International Trade Commission is empowered to block the importation into the United States of products that infringe U.S. intellectual property rights, In the past, the ITC generally instituted investigations without questioning the importation allegations in the complaint, however in several recent cases, the ITC declined to institute an investigation as to certain proposed respondents due to inadequate pleading of importation.

Compliance and Third-Party Risk Management Image

To gauge the level of risk and uncover potential gaps, compliance and privacy leaders should collaborate to consider how often they are monitoring third parties, what intelligence they are gathering with and about their partners and vendors, and whether their risk management practices have been diminished due to cost and resource constraints.