How to Win Over Compliance on Collaboration Adoption

by Aware HQ, on 2/18/19 11:26 AM

The workstream collaboration market continues to grow, and business leaders are paying attention. When introducing tools such as Workplace by Facebook, Yammer, Microsoft Teams and Slack, you will need to manage legal risk and remain compliant with industry regulations such as HIPAA or the GDPR.

Your adoption journey will go much more smoothly if you’re prepared to answer the following questions for your compliance team:

In the wake of new data regulations like the GDPR, how can we ensure compliance within digital collaboration platforms?

The European Union’s General Data Protection Regulation, or GDPR, went into effect on May 25, 2018, affecting companies all over the globe. The State of California even passed its own form of the regulation, with some calling it “GDPR Lite.” Considered the most important change to data privacy regulations in the past two decades, the GDPR is top-of-mind with your compliance leaders and they will need to understand how to remain compliant within internal communications.

There are two major areas of the GDPR that you should pay attention to:

  1. Data Subject’s Right to Access
    Any citizen of the EU has the right to request access all of their data stored– this is called a Data Subject Access Request (DSAR). This applies to employees and any communication data that might be generated in these tools.
  2. Data Subject’s Right to be Forgotten
    In addition to accessing their data, all EU citizens have the right to be forgotten—basically, the right to have their data erased. This also applies to employees and any communication data that might be generated in these tools.

So, when it comes to the digital workplace, the best way to control legal risk is to select a data management tool that can efficiently capture and export all conversations and communications to/from an individual in the event of a DSAR. You also need a tool that has the ability to delete all of the user’s data from both the platform and any archives, should an employee request erasure or simply to comply with your organization’s retention policies.

How do we ensure that employees adhere to our organization’s own policies within tools like Workplace by Facebook, Microsoft Teams, Yammer and Slack?

Aside from industry or federal regulations, each organization also has a robust set of its own policies and guidelines for appropriate behavior. For example, generally employees sign a code of conduct that states they will treat fellow employees with respect and dignity. Yet, we see headline after headline of harassment or discrimination issues within the workplace.

Workplace collaboration tools offer coworkers a more casual and faster way to communicate with each other, but it also opens the door for conversations that are not necessarily appropriate in the workplace. Ease concerns of both your compliance leaders AND human resources by implementing a real-time monitoring solution that specifically looks for inappropriate behavior which could lead to psychological or legal risk.

How can we ensure compliance of groups and chats that are private, closed or secret?

Depending on what tool your organization selects for its digital workplace, administrators don’t always have out-of-the-box access to monitor the private communication areas. This can be concerning when 43% of all messages on collaboration platforms occur within private groups or one-to-one conversations. Without any insight into what your employees say in these messages, it’s hard to protect the rest of your workers and the overall company from unsafe sharing or legal violations.

Put your compliance leaders’ minds at ease by implementing a monitoring tool that provides visibility into all message and group types, including private, closed and secret.

The word monitoring may feel off-putting at first, but on a company-endorsed tool it is necessary to keep employees and your company safe. It’s a practice that has been in place for email for decades and when you’re open and transparent with your community regarding monitoring, your employees are likely to be understanding and comfortable with it.

What if an employee edits and/or deletes original content within these collaboration platforms? How do we stay compliant to industry regulations?

Many regulated industries require organizations to save and store data for a specific amount of time (e.g. HIPAA, FINRA). This includes the communication data that is generated within collaboration platforms. Not to mention, when dealing with litigation or other regulatory compliance issues, the importance of a searchable archive is unrivaled. How else would they collect evidence to try a case?

Bring a plan to your compliance team for how you are going to keep conversation data—including edits and deletions—in a searchable archive.