Most US employees are not aware that their employer has policies covering security, use of social media, and for the use of BYOD devices.
More than half of the 1013 office-based employees of the company surveyed by e-discovery firm kCura in December 2016 and January 2017 said their companies did not have written policies on data retention or personal use of work devices. If the companies did have such policies, the employees were not aware of them.
kCura found that:
- 70% of employees use their email inbox as a filing system – a barrier to implementing a data retention policy without disrupting business
- 63% of employees say their companies don’t have written policies on data retention or personal use of work devices, or if they do, they aren’t aware of them.
- 55% of employees believe there is no harm to their company if they use a work device for personal communications
- 98% of employees say their privacy is important to them, but 60% have done at least one thing to compromise that privacy while at work
- Employees use work devices for conversations with their physicians (32%), financial advisors (28%), and personal lawyers (18%), compromising privacy and legal privilege
{loadposition ray}
The employee communication habits revealed by the study could put organizations at risk for increased data retention and discovery costs in today's increasingly litigious business environment, according to David Horrigan, e-discovery counsel at kCura and former data privacy analyst.
That's because laws, regulations, and rules, including the Federal Rules of Civil Procedure, which govern civil proceedings in U.S. district courts, have generally treated all data within the enterprise as potentially discoverable.
"With so much data to organize, risk and costs can - and do - get out of control very quickly. Complete bans on the personal use of work devices would be difficult - if not impossible - to implement and could be harmful to employee morale. However, companies do need to implement reasonable policies to mitigate risk,” Horrigan said.
"Workers today are more conscious about problematic habits such as printing unnecessary documents, but they don't think twice about sending an unnecessary email, IM, or Slack chat. The truth is, these digital communications leave footprints, too. When corporations don't take the steps to govern their information – or at least have consistent, repeatable processes for handling large volumes of data – they could face an array of legal headaches, IT frustrations, and high costs,” he added.
Companies can write copious policies, submit them to auditors to sign off on governance and then file them. But without strong adoption and compliance the next step is to see their name in WikiLeaks…
