Federal agencies need the right policies and the right tech to preserve employee texts, chats and instant messages.
In January, the National Archives and Records Administration announced that federal agencies must start preserving employees’ texts, chats, and instant messages in the same way they’ve preserved emails for a decade.
With this move, NARA is finally acknowledging what’s been true for years: that most people use multiple devices and platforms to communicate about work, and that important conversations take place outside of paper and email. NARA is asking agencies to recognize this reality in an effort to better preserve content that might become relevant for congressional inquiries, FOIA requests and litigation.
Texts, chats and instant messages are only the tip of the iceberg when it comes to preservation of digital communications. Agencies should expect guidelines to rapidly evolve as digital natives become more prevalent in the workforce, and we continue to diversify the tools we use at work. Here’s how they can stay ahead.
Use policies to fence in the wild frontier of digital communications
The lines between communication about our work and personal lives can be blurry. NARA addressed this in its guidelines by stating that work-related messages—including those on personal devices—“are likely federal records.” Agency employees are required to forward or copy these messages to an official account within 20 days. What does compliance look like when employees text and chat across multiple devices, and might be communicating about work without realizing it?
The best first step is to create, distribute and regularly audit a policy outlining where and when employees can talk about their work. This must include a clear definition of what “communicating about work” means and what applications are allowable for official communication.
Remember, there’s no one-size-fits-all policy. Some agencies have lower sensitivity data, while others handle top-secret information. Unique consideration could include:
- What devices and applications are appropriate for work communication.
- Which messages (if any) can be deleted, and when.
- How and when to forward work-related messages from personal devices to an official account for preservation.
- Penalties for non-compliance.
Assistant Attorney General Kenneth Polite, Jr. recently warned of the consequences for companies that allow their employees to use ephemeral (or self-deleting) messaging apps for work communication. Doing so could lead to inadvertent spoliation of evidence, and he made it clear that the DOJ won’t accept ignorance as a defense anymore. Federal agencies should take this to heart and never assume that employees inherently understand the where’s, how’s and why’s of data preservation. Instead, provide them with clear guidelines to protect both them and the agency’s data.
Find the technology to back up the policy
The next step is ensuring an agency has the technology needed to collect and store relevant data. Even the best-documented policies become meaningless without the proper technology infrastructure to support the preservation and collection of new data types.
Many legacy solutions are only set up to store, search and collect email and standard file types. It’s important to understand how modernization helps capture and analyze newer file types like chats, cell phone messages and app data. Agencies can connect with their IT team or chief information officer to support the new tech policy:
- Talk about what types of data are covered under the policy
- Research whether in-house tools can store these data types in meaningful ways
- Confirm the ability to perform searches and collection activities on these data types in a timely manner, if it becomes necessary
- Determine whether analytics are available to help identify and collect relevant data
Cloud solutions can help agencies evolve and scale their data collection and storage. AI tools like data visualization, predictive coding and clustering can help quickly organize and glean insights from the data. Preservation is only half the battle. The ability to search, recall and produce data when prompted will be critical to a retention strategy’s success.
Keep an eye on the horizon
NARA’s new guidelines acknowledge that, “As electronic messaging platforms and tools evolve, agencies will need to continually review their policy and implementation approaches.”NARA’s decision to regulate text messages was a long time coming, and the result of tough lessons learned from deleted messages.
Agencies should expect more frequent updates from NARA going forward. Rather than waiting on the next regulatory update, they would be wise to start thinking now about how to collect, store and sort common data types beyond texts and chats, like Alexa conversations or wearable device data. Data from wearable devices has already created challenges for federal agencies, and we’re likely to see more examples of this as technology evolves. The policies and technology agencies adopt now should be flexible to future proof them against emerging trends without requiring constant overhaul.
A few things that can help include:
- Adopting cloud native technologies that have more developmental agility
- Integrated technology that does not rely on add-on applications, to simplify updates and eliminate tool bloat
- Regular policy reviews and updates to stay on top of current communication types and trends
By following these guidelines, agencies can remove uncertainty around where data lives, who has access and how they’ll collect and produce it in a pinch. This will improve compliance and response times to congressional inquiries and litigation.
Angela Kovach is senior director of public sector solutions and operations at Everlaw.