Vanishing act – ephemeral messaging pros and cons

July 2023  |  FEATURE | LITIGATION & DISPUTE RESOLUTION

Financier Worldwide Magazine

July 2023 Issue

Ephemeral messaging applications are communication platforms that automatically erase conversations between parties immediately or after a short amount of time. Automatic deletion can occur by application default or as a feature that users or administrators can turn on or off at will. Critically, because the messages are typically encrypted and stored on personal rather than company devices, this automatic deletion often renders later forensic retrieval much more difficult, if not impossible. Businesses that choose to use software with ephemeral messaging functionality should be aware of the associated pros and cons.

For a start, ephemeral messaging can boost data security, particularly when combined with end-to-end encryption. Encryption ensures that messages cannot be intercepted en route, while the ‘self-destruct’ capabilities of an ephemeral messaging platform ensure that unauthorised parties cannot surreptitiously view or access data. Many such platforms protect against screenshotting, copying or forwarding protected communications. A device using ephemeral messaging shows no trace of past communications, which makes it utterly secure if lost or stolen.

Data breaches can also be less of a concern for companies that employ ephemeral messaging. It is harder for malicious actors to access a company’s systems and steal or manipulate communicated data, as ephemeral messaging means communications are automatically deleted from sending and receiving devices, as well as on the company’s messaging servers.

With respect to digital housekeeping, ephemeral messaging can help companies prioritise truly important data and take other, less important data, such as brief updates and notices between colleagues, out of the equation.

Companies must have enforceable policies and controls in place to minimise legal and compliance risks from employees’ use of ephemeral messaging platforms.

Ephemeral communication can also have implications for e-discovery purposes. When companies are embroiled in legal disputes, the cost of e-discovery can balloon, considering the vast quantities of data they generate. Analysing data can be expensive and time consuming. As such, an effective and appropriate data management strategy can reduce e-discovery costs.

Modern ephemeral messaging applications are also largely compliant with regulations across a spectrum of jurisdictions. Many current generation platforms allow IT teams to save a copy of all communications to designated firewalled storage. This ensures the enterprise remains compliant while removing all traces of communication from sender and recipient devices. The compliant copy of selected communications can then be encrypted and safely stored.

Document preservation

But there are potential drawbacks to ephemeral messaging. Risks may arise for businesses that need to preserve information for regulatory, compliance, litigation or other reasons. There are also questions around the legal status of ephemeral messaging. Certain jurisdictions place companies under no legal obligation to keep records of digital communications, although with some exceptions, including highly regulated sectors such as financial services. Companies may be required to retain records of digital communications if they are involved in legal proceedings, for example.

In March, the US Department of Justice (DOJ) announced updates to its policy on the collection of data from personal devices and ephemeral messaging platforms. As a result, the DOJ will consider how policies governing third party messaging applications are appropriately tailored to a company’s risk profile and business needs, while ensuring that relevant electronic communications can be preserved and accessed. It will also consider how policies are issued to employees and whether they are enforced consistently.

Companies cooperating with the DOJ should be prepared to answer questions about their available electronic communication channels, bring your own device (BYOD) programmes, and information deletion and preservation policies. A company’s answers, or lack thereof, on this topic may affect the DOJ’s assessment of its cooperation efforts, with companies told to treat this issue as a priority when a crisis hits.

Clear communication policies

Undoubtedly, there are potential hazards associated with using messaging apps for business activities without sufficient policies and procedures in place to monitor compliance and preserve communications as necessary. As such, companies must have enforceable policies and controls in place to minimise legal and compliance risks from employees’ use of ephemeral messaging platforms. Companies may also decide to institute clear policies which define business communications and prohibit employees from using ephemeral messaging apps to conduct such communications.

Furthermore, companies should develop and implement practical retention policies for authorised messaging platforms, ensure compliance with applicable rules and regulations, establish proactive legal hold response procedures to prepare for potential litigation or regulatory activity, and provide education and training programmes to employees to help them understand and mitigate the risks around ephemeral messaging.

© Financier Worldwide

BY

Richard Summerfield

©2001-2024 Financier Worldwide Ltd. All rights reserved. Any statements expressed on this website are understood to be general opinions and should not be relied upon as legal, financial or any other form of professional advice. Opinions expressed do not necessarily represent the views of the authors’ current or previous employers, or clients. The publisher, authors and authors' firms are not responsible for any loss third parties may suffer in connection with information or materials presented on this website, or use of any such information or materials by any third parties.