There’s a growing recognition that today’s systems create new and sometimes nefarious ways to fall outside the boundaries of rules, regulations and laws. Compliance risk is a growing problem, particularly with emerging communication channels. A new survey conducted by unified compliance and e-discovery firm Smarsh provides some visibility into how companies are approaching this task.
The company’s fifth annual “Electronic Communications Compliance Survey Report” found that huge gaps exist in the way organizations manage electronic message compliance. These risks are magnified by the growing use of social media and other forms of unstructured communication, such as text messages, that reach beyond the four walls of the enterprise.
The good news? Respondents understand what’s needed. Overall, 72 percent said they believe message supervision is critical to identify real risk in their organization, up 13 percent from last year. Eighty-one percent stated that message supervision delivers actionable insight for the business. Sixty-four percent of respondents indicated responsibility exists for all non-compliance-related data production requests related to litigation, e-discovery and HR investigations.
The bad news? For the first time in five years, new and emerging channels were cited as a concern by less than half of the respondents. In addition, 27 percent indicated that their firms still do not have a policy in place for BYOD. Worse, firms that allow text messaging for business communications but lack a system for retention and supervision registered at 64 percent, and firms that allow business communication through personal social media accounts but lack a social media archiving or supervision solution hit 32 percent.
“The oversight of electronic communications has evolved to become far more than the cursory, check-the-box review of email that existed years ago,” noted Stephen Marsh, CEO and founder of Smarsh. “Today, with more data points and better technology at their disposal, compliance teams are more empowered to identify risky communications and then mitigate potentially damaging issues before they become serious.”
Various other studies show that the vast majority of organizations aren’t confronting compliance risks adequately. The takeaway? CIOs and others must view risk in a broader and more holistic way. It’s critical to identify potential problem points and determine how to mitigate potentially damaging issues through a combination of better awareness, better technology solutions and specialized staff that are tuned into compliance issues. Anything less is risky business.