Pandemic-Driven Ways of Collaborating Require New Digital Compliance Approaches

A lot has already been said about how Covid has allowed for new digitally-enabled ways of working, some of which may become permanent as remote and hybrid working scenarios become more of the norm.

Enterprises need to ensure that these different types of content that have grown during the pandemic meet legal, compliance, and business data archiving requirements and that their organization can respond quickly to legal, regulatory, and discovery requests.

Here are some best practices:

• Know the regulations that affect your industry. Financial services must capture all conversations between broker/dealers and customers to comply with FINRA regulations, FCA policies, and to meet MiFID II regulations for companies trading in the E.U. Communications includes conversations in collaboration systems (ex. Teams, Slack, etc.) and may require the capture of both the transcript and original audio/video artifact. US Federal agencies must capture SMS text and Twitter as per guidance from the National Archives on record keeping.   Be aware of compliance requirements for preservation and discovery.
• Take a comprehensive data protection and archiving approach that incorporates SaaS platforms. Collaboration tools like Slack and Teams offer their own built-in data recovery features. But IT teams should not solely rely on them for file restoration. Their data backup and recovery solution should be able to back up data from SaaS platforms like Microsoft 365, SharePoint, Slack, Dropbox, Google OneDrive – which many teams are using to share data. The backup and recovery approach should be robust enough so that they can recover the data from any data loss scenario, including accidental deletion, and also mitigate threats such as ransomware.
• Know immediately when breaches happen. HIPAA, Soc 2, GDPR, and other regulations have stringent requirements for promptly reporting a data breach. Your data protection solution should be able to collect and back up direct messages and files being shared via these platforms. It should also give IT teams complete visibility into the risk profile of their data so that when a data breach happens, they can take immediate steps, including notifying authorities exactly what data was compromised and whether it contained sensitive information.
• Use purpose-built tools to enable fast discovery and compliance review. As much as 52 percent of companies’ data is unclassified, which includes much of the data being shared on video conferencing and collaboration platforms. IT teams should have the ability to quickly search for and locate critical data for discovery purposes, and that requires tools with capabilities specifically designed for discovery. For example, Teams content should not be presented as an email. It should retain the collaboration view with
  all rich metadata that is shown natively in Teams (reactions, attachments, URL previews), and the ability to review the entire conversation – not just a single-day view. They should also have the ability to transcribe voice and video content and be able to jump to the relevant parts to accelerate review, avoiding having to watch an entire video or audio.

The use of pandemic-friendly business communication platforms shows no signs of slowing as companies want to support flexible “work-from-anywhere” policies. By taking a more centralized and automated approach to retaining, classifying, and visualizing data employees are sharing on Slack, Zoom, Teams, Skype, and other channels, enterprise IT teams can be confident they are complying with new regulations while mitigating risk.