4 pitfalls of introducing IM governance for risk and compliance

Find out how to master information governance for risk and compliance while avoiding a few of the most common pitfalls.

Information governance is a crucial step when introducing an instant messaging solution to your business, but it can be difficult to get right.  Successful IM governance requires business owners to constantly weigh the risk that information presents against the value that it provides to the user.

Sounds boring, right?  🙉  It’s an area that many people either ignore or overcomplicate. So, in this blog we're sharing four common pitfalls to avoid when introducing IM governance.

1. Assuming your IM meets the standard

The use of IM in the workplace is on the rise. In 2017 43 percent of employees were using it and the trajectory was on the up! However, businesses can’t assume that employees are using IM in the intended way or even that they're using a corporate-approved platform that meets strict data security standards.

The first stage of IM governance, then, is to ensure that the IM tool you have chosen meets your specific industry standards. For example, healthcare organizations will want to make sure that their IM tool is HIPAA compliant and that their IM provider will execute a business associate agreement

2. Being too vague about the governance of IM

When things go wrong, make sure employees don't say that they ‘didn’t understand’ their role in the governance of IM. In a worst-case scenario, an employee’s misuse of IM could land both the employee and the employer in hot water!  To mitigate this, make sure that training is a priority for your team. Employees should be clear on your organization’s rules, as well as the expectations of regulatory bodies and the wider legal framework.

3. The actual governance structure

Overcomplicated governance is not going to get employee buy-in. So keep things simple and make sure that everyone understands their role in the governance of IM.

Consider having an instant messaging policy as part of your suite of governance tools.  The more specific you can be in this policy, the better. Leave no grey areas.

At a minimum, you’ll also want to have in place a data retention policy and an acceptable use policy. The former makes it clear to employees why data needs to be kept and how it can be used, and the latter explains how employees are expected to behave within these apps.

4. Failing to review risks 

If you are not using an app that clearly outlines its security practices, you will want to make somebody in the company accountable for understanding where data lives and how long it lives there. For example, when employees share photos or sensitive documents over IM, where do they live?  Can they be deleted?  Are they accessible via unsecured links?

The key with any form of governance is to do it once and then repeat the process annually or bi-annually.  As employee use of tools and apps changes, the way they communicate and the apps they use also change. The dynamic nature of instant messaging in the workplace requires a similarly dynamic approach to making sure it is being used well!

New call-to-action


Stay in touch by signing up for our newsletter