No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • CCI Magazine
    • Writing for CCI
    • Career Connection
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Library
    • Download Whitepapers & Reports
    • Download eBooks
    • New: Living Your Best Compliance Life by Mary Shirley
    • New: Ethics and Compliance for Humans by Adam Balfour
    • 2021: Raise Your Game, Not Your Voice by Lentini-Walker & Tschida
    • CCI Press & Compliance Bookshelf
  • Podcasts
    • Great Women in Compliance
    • Unless: The Podcast (Hemma Lomax)
  • Research
  • Webinars
  • Events
  • Subscribe
Jump to a Section
  • At the Office
    • Ethics
    • HR Compliance
    • Leadership & Career
    • Well-Being at Work
  • Compliance & Risk
    • Compliance
    • FCPA
    • Fraud
    • Risk
  • Finserv & Audit
    • Financial Services
    • Internal Audit
  • Governance
    • ESG
    • Getting Governance Right
  • Infosec
    • Cybersecurity
    • Data Privacy
  • Opinion
    • Adam Balfour
    • Jim DeLoach
    • Mary Shirley
    • Yan Tougas
No Result
View All Result
Corporate Compliance Insights
Home Compliance

Text Messaging Can Expose Your Company to Significant Risks

by Mike Pagani
May 31, 2018
in Compliance, Featured
Text Messaging Can Expose Your Company to Significant Risks

“Text Messaging Can Expose Your Company to Significant Risks”: In this article, Mike Pagani explains that texting is quick, easy, reliable and efficient — but if it’s used for official business communications, it can create tremendous risk for a company. Organizations of all sizes need to put the right policies in place, and implement automated text archiving and supervision systems as soon as possible—before it’s too late.

Texting is simple, concise and supported by virtually every mobile device, operating system and wireless carrier. This makes it the go-to preference employees need to communicate with their colleagues, customers, or prospects in a time-crunched, always-connected society.

Ungoverned Text Messaging is a Growing Concern

Even though texting is quick, easy, reliable and efficient — if it’s used for official business communications, it can create tremendous risk for a company. When you consider the countless regulatory, legal and general risk and brand management challenges that companies must manage today, you might think email and other “official” communications using social media accounts and corporate websites are the only content types that need to be archived or actively supervised. Although its use by employees for official company business is often prohibited by organizations, the reality is text messaging does get used and therefore should be governed the same way as all other channels. Sending text messages between mobile devices is now one of the key ways that employees connect with each other and customers, and these records need to be maintained for completeness.

Compliance, legal, IT and risk and reputation professionals across a variety of litigious and regulated industries are now realizing that proactively automating the archiving and supervising of text messages is necessary to mitigate the myriad of potential risks arising from their records retention and oversight practices not keeping pace as employee use increases. Text messaging without proper governance is a major gap that can no longer be ignored.

The following considerations have organizations of all sizes concerned about meeting the recordkeeping challenges related to text messaging:

  1. Text messages must be kept in a searchable format that cannot be tampered with, destroyed, or otherwise disposed of by anyone deliberately, or accidentally. Text messages must also be produced in a timely manner for e-discovery, public records requests, and regulatory examinations or audits to meet firm deadlines.
  2. A company may operate a tremendous number of mobile devices through contracts with one or more carriers, and erroneously assume text records are being retained by the carriers. Carriers typically only keep text messages long enough to ensure delivery to all parties before deleting them from their systems, and they aren’t obliged to provide records of them, either. The responsibility for retaining and producing requested text messages lies with the organization that creates the records.
  3. Organizations can no longer say “we didn’t know” as an excuse to avoid archiving and performing proper oversight of text messages. Several well-publicized cases involving text business messages that have been lost, altered, or mishandled in the public sector, financial services, and other industries have alerted us all to the fact that these types of messages must have proper oversight. The good news is organizations that aren’t yet retaining text messages will find they now have many technology options to take care of the issue.

Following email and social media, SMS/text messaging is perceived as the next biggest source of compliance risks by compliance professionals in the financial services industry. The Smarsh 2017 Electronic Communications Compliance Survey Report revealed that when SMS/text messaging is allowed for business communications, nearly half (48%) of firms said they still do not have an archiving/supervision solution in place. In addition, over two thirds (67%) of respondents said they are not confident that they could prove the prohibition of text messaging for business purposes is working.

In highly regulated industries, text communications need to be retained and supervised. For instance, financial services firms are required by the Securities and Exchange Commission (SEC) and Financial Industry Regulatory Authority (FINRA) to archive and supervise electronic communications used for business purposes, including text messages—and recent surveys show firms are not confident that they can adequately meet those requirements.

Not Just Compliance Risks – Legal Risks Too

Text messages can also be requested as part of an e-discovery or litigation event, since texts are often considered relevant electronically stored information (ESI) within an organization. Many courts compel the production of texts in civil litigation, if a mobile device is believed to be the source of relevant text messages – regardless of whether the device and account used is owned by the individual or the business entity.

While other forms of electronic communication, including email, are relatively straightforward to collect, archive, and extract, text is different. Companies must now figure out how to collect and preserve data from numerous devices, operating systems, and device ownership scenarios. It does not matter if an employee uses a corporate-issued device, a personally owned device, or a combination of the two for business-related texts. All devices and messages they produce are fair game for discovery in litigation if they contain relevant business communications.

If a company’s legal team cannot find, preserve and produce text data in real-time, and respond quickly and completely when asked to search and produce specific text messages for discovery events and litigation, the organization may face legal consequences related to data spoliation, missing records, or failure to produce requested data—not to mention high legal fees.

Be Proactive with Text Message Compliance and Risk Mitigation

Archiving, monitoring and producing text message data needs to become a core part of your overall electronic communications risk-based surveillance preparedness. Organizations of all sizes need to put the right policies in place, and implement automated text archiving and supervision systems as soon as possible—before it’s too late.

An important component of the chosen solution is the ability to archive the text messages directly from mobile carriers for employer-issued devices or using a device-resident BYOD containerization application for personally owned devices alongside all your other electronic communications content. Text messages should be governed the same way as email, social media, websites, instant messaging and collaboration platforms — to give compliance, legal, and risk and reputation professionals the ability to supervise and produce these records in one place, with a common user and administration interface. Implementing point products and systems for specific content types leaves gaps and creates separate silos of information. This greatly complicates the process of searching for, and producing, a complete set of records when the need arises.

When a company has access to these content types with a single comprehensive archiving solution, conversations can be monitored from a broader and more holistic perspective. For instance, conversation threads can be followed easily when a discussion starts on social media, moves to email, and concludes in text messages.

Businesses that recognize the benefits of comprehensive archiving will reap the rewards almost immediately when they implement it by allowing their employees to take full advantage of the productivity that text messaging provides while staying compliant and managing the risk out of it. Others that leave text messages out of their electronic communications compliance strategy, or implement multiple point products to try and address it, will lag and be playing the odds — at a time when compliance examinations, litigation procedures and the importance of brand reputation and risk management are more central than ever to business success. It’s time to stop ignoring the issue and take the proper measures to enable your employees to get the full business benefits of using text messaging while making its usage compliant and safe in the process.

 


Previous Post

The DOJ’s Environmental Enforcement Priorities and Expectations Refocusing on the Rule of Law

Next Post

Making GDPR Compliance Easier with a GRC Tool

Mike Pagani

Mike Pagani

Mike Pagani is the Senior Director of Product Marketing and Chief Evangelist for Smarsh. Mike is a seasoned IT professional and recognized subject matter expert in the areas of mobility, identity and access management, network security and virtualization. Prior to joining Smarsh in November 2014, Mike held executive-level corporate and technology leadership/spokesperson roles for Stay-Linked, Quest Software, NComputing, Dell Software and others.

Related Posts

low battery on iphone warning

Ethics Fatigue: The Burnout That’s Putting Your Organization at Risk

by Nick Gallo
June 20, 2025

The psychology behind why ethics professionals are exhausted and what companies risk when they let it go unchecked

news roundup new

Few Business Leaders Feel Fully Prepared for Challenges of 2025

by Staff and Wire Reports
June 20, 2025

Data center operators not using full slate of available sustainability tactics; companies continue to use AI without policies

SmartSearch Daon Partnership

SmartSearch Partners With Daon for Enhanced ID Verification

by Corporate Compliance Insights
June 19, 2025

UK digital compliance provider SmartSearch has partnered with digital identity company Daon to integrate AI-powered biometric identity technology into its...

Ondato Media Screening Launch

Ondato Launches AI-Powered Adverse Media Screening for AML Compliance

by Corporate Compliance Insights
June 19, 2025

Global online ID verification provider Ondato has released an AI-powered adverse media screening feature that automatically scans online sources for...

Next Post
Making GDPR Compliance Easier with a GRC Tool

Making GDPR Compliance Easier with a GRC Tool

No Result
View All Result

Privacy Policy | AI Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Research
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2025 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT
No Result
View All Result
  • Home
  • About
    • About CCI
    • CCI Magazine
    • Writing for CCI
    • Career Connection
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Library
    • Download Whitepapers & Reports
    • Download eBooks
    • New: Living Your Best Compliance Life by Mary Shirley
    • New: Ethics and Compliance for Humans by Adam Balfour
    • 2021: Raise Your Game, Not Your Voice by Lentini-Walker & Tschida
    • CCI Press & Compliance Bookshelf
  • Podcasts
    • Great Women in Compliance
    • Unless: The Podcast (Hemma Lomax)
  • Research
  • Webinars
  • Events
  • Subscribe

© 2025 Corporate Compliance Insights