Poof it's gone . . . or is it? Using Messaging Apps to Conduct OneTrust Business
Today’s TrustBeacon will help guide us through the murky waters of using unapproved messaging apps to conduct OT business. What if a customer demands that you communicate with her about our bid in response to an RFP through WhatsApp or Telegram? What if you prefer collaborating with your teammates via Signal in order to save time on a project by avoiding those restrictions on data sharing?
Simply put, OT employees are prohibited from using unapproved messaging apps to conduct OT business. There is an avenue for seeking exceptions to this prohibition, but even if granted, it is your responsibility to keep and not delete all of these business-related communications in order for OT to uphold its value for acting with the utmost integrity, as well as satisfying its obligations to both internal and external stakeholders.
One of those external stakeholders is the U.S. Department of Justice (DOJ). When determining whether a company has an effective compliance program, the DOJ takes into consideration a company’s policies and procedures addressing the use of messaging apps for business. How a company like OT manages the risk of conducting business through messaging apps will affect the resolution of whether or not criminal liability in the context of an investigation attaches to the company and individual employees. DOJ’s aim, which is in line with OT’s, is to ensure that a company is able to preserve, access and provide evidence in the form of electronic communications relevant to detecting and investigating potential misconduct.
For more about OT’s position on the use of messaging apps, please refer to the Acceptable Use Standard v1.7.pdf