The increasing usage of mobile devices in the government sector, the Freedom of Information Act and a wide array of regulations concerning the archiving and release of government information and documents all point to one conclusion – government agencies need to establish clear policies on proper use of text messaging within and outside their offices.
Lately, the government sector has been in the spotlight because officials use consumer-based text messaging apps to instantly communicate with each other and the general public. Used for these purposes, text messaging comes with a plethora of security, privacy and compliance concerns that can impair government organizations’ communication efforts and incur unnecessary costs.
To deal with these issues, it is necessary for government agencies to protect and preserve data sent to and from their mobile devices by establishing an accurate and detailed text messaging policy. This infographic maps out the fundamental steps in its creation and implementation.
All major laws and regulatory bodies in the US and EU and public records acts like FOIA, FISMA, FRCP, FERPA and NARA recognize content created on personal and company-issued mobile phones as a valid business record and mandate the retention of mobile communications – messages, calls and voicemail.
To address these issues, it is necessary for government agencies to protect and preserve data sent to and from their mobile devices by establishing an accurate and detailed text messaging policy. Here are the fundamental steps in its creation and implementation:
1. Identify the applicable regulatory and legal requirements
The first step towards creating an effective text messaging policy is to identify all the relevant federal, state and industry regulations that apply to your agency. After that, discuss these rules with key stakeholders (the agency’s legal counsel, human resources, compliance officers) to make sure they fully understand and implement the requirements.
2. Specify the devices that will be permitted
Have in mind that retention regulations apply not to only government-issued devices, but also to business-related texts sent from personal devices. What you need to do is determine whether the policy will prohibit the use of personal devices at work and whether government-issued devices can be used to send personal messages. You also need to define which devices and operating systems will be allowed across the organization.
3. Identify the employees authorized to use text messaging
Depending on the communication needs of your agency, the text messaging policy should also clarify if all (if not, which) employees are permitted to use SMS messaging. If the intended purpose of text messaging is to engage with the public (e.g. to send incident alerts), the policy should specify the responsible people. If texting is a peer-to-peer communication medium, the policy should make it clear what type of information can be sent via SMS. In case of BYOD, employees should be informed that they will have to enable access to their mobile devices.
4. Train employees for proper text message archiving
Lastly, the policy must set guidelines on how text messages must be documented. Employees should know that they can’t rely on screenshots or mobile carrier to properly retain their mobile communication. To ensure these common mistakes are avoided, the agency should incorporate archiving technology that will automate the process and ensure compliance.
Did you know?
- Freedom of Information Act (FOIA) is a US federal law that ensures an increased transparency in the government sector and deals with making records more accessible to the public. The definition of record varies from state to state, but generally includes various paper documents and electronically stored information including website content, email, chat logs, social media posts and mobile content – calls, voicemail and text messages. When agencies receive a records request, they must be able to provide access to the public records within a specified time frame (typically between 3 and 30 days).
- Government agencies shouldn’t assume that their service provider is archiving their data on their behalf. In Washington state, officials looking for employees’ text messages were surprised to learn from Verizon that text message content is retained for only 3-5 days after the transmission.
- Mobile phone evidence is admissible in courts. In a famous 2014 case, the Environment Protection Agency was rebuked by a federal judge when it failed to retain the text messages of its top administrator, Gina McCarthy. It was believed that she switched from email to texting to get around the law.
- 88% of employees use mobile phones for work while on personal time, and almost 50% of work-related content is now accessed on mobile devices.
- If your agency allows iPhones and other iOS devices, your users should refrain from using iMessage because these messages are very difficult to archive.
- In Arizona, the state law requires all public officials to retain records of SMS messages related to public business exchanged on personal devices. If an official deletes information that is not “of purely private or personal nature”, they may be charged with a Class 4 felony.
- In a 2016 case Stinson v. City of New York, the defendant was sanctioned because they failed to preserve the text messages sent between NYPD personnel using department-issued smartphones. The phones were within the possession, custody and control of the city and were subject to the same preservation obligations as the city’s other electronically stored information.