Pandemic-Driven Ways of Collaborating Require New Digital Compliance Approaches

Veritas Perspectives October 20, 2021

A lot has already been said about how Covid has allowed for new digitally-enabled ways of working, some of which may become permanent as remote and hybrid working scenarios become more of the norm.

Remote workers have replaced face-to-face meetings with Slack, Zoom, Teams, instant messaging, text, and other communication channels, all while sharing data and making business-critical decisions virtually. McKinsey found that 20 percent of the workforce could work just as effectively from home as in the office. This means that CIOs and IT leaders need to plan for a post-pandemic IT environment and account for the exponential growth of these collaboration tools.

As great as these tools are, they are adding complexity to enterprises’ digital compliance efforts. As employees share mission-critical information – videos, PowerPoint slides, and Excel sheets containing sensitive customer data – IT teams are struggling to ensure that the data is backed up and recoverable, the same as other channels are.

IT teams can put strict policies into place about what information can be shared over these platforms. But everyone makes mistakes or forgets a policy sometimes. Given how vital these platforms are, we can’t completely eliminate the risks, we can only mitigate them.

Enterprises need to ensure that these different types of content that have grown during the pandemic meet legal, compliance, and business data archiving requirements and that their organization can respond quickly to legal, regulatory, and discovery requests.

Here are some best practices:

  • Know the regulations that affect your industry. Financial services must capture all conversations between broker/dealers and customers to comply with FINRA regulations, FCA policies, and to meet MiFID II regulations for companies trading in the E.U. Communications includes conversations in collaboration systems (ex. Teams, Slack, etc.) and may require the capture of both the transcript and original audio/video artifact. US Federal agencies must capture SMS text and Twitter as per guidance from the National Archives on record keeping.   Be aware of compliance requirements for preservation and discovery.
  • Take a comprehensive data protection and archiving approach that incorporates SaaS platforms. Collaboration tools like Slack and Teams offer their own built-in data recovery features. But IT teams should not solely rely on them for file restoration. Their data backup and recovery solution should be able to back up data from SaaS platforms like Microsoft 365, SharePoint, Slack, Dropbox, Google OneDrive – which many teams are using to share data. The backup and recovery approach should be robust enough so that they can recover the data from any data loss scenario, including accidental deletion, and also mitigate threats such as ransomware.
  • Know immediately when breaches happen. HIPAA, Soc 2, GDPR, and other regulations have stringent requirements for promptly reporting a data breach. Your data protection solution should be able to collect and back up direct messages and files being shared via these platforms. It should also give IT teams complete visibility into the risk profile of their data so that when a data breach happens, they can take immediate steps, including notifying authorities exactly what data was compromised and whether it contained sensitive information.
  • Use purpose-built tools to enable fast discovery and compliance review. As much as 52 percent of companies’ data is unclassified, which includes much of the data being shared on video conferencing and collaboration platforms. IT teams should have the ability to quickly search for and locate critical data for discovery purposes, and that requires tools with capabilities specifically designed for discovery. For example, Teams content should not be presented as an email. It should retain the collaboration view with
    all rich metadata that is shown natively in Teams (reactions, attachments, URL previews), and the ability to review the entire conversation – not just a single-day view. They should also have the ability to transcribe voice and video content and be able to jump to the relevant parts to accelerate review, avoiding having to watch an entire video or audio.

The use of pandemic-friendly business communication platforms shows no signs of slowing as companies want to support flexible “work-from-anywhere” policies. By taking a more centralized and automated approach to retaining, classifying, and visualizing data employees are sharing on Slack, Zoom, Teams, Skype, and other channels, enterprise IT teams can be confident they are complying with new regulations while mitigating risk.

Dave Scott
Senior Director of Product Management, Digital Compliance