{"id":936,"date":"2023-03-14T14:27:42","date_gmt":"2023-03-14T18:27:42","guid":{"rendered":"https:\/\/blogs.duanemorris.com\/techlaw\/?p=936"},"modified":"2023-03-14T14:27:42","modified_gmt":"2023-03-14T18:27:42","slug":"preservation-of-ephemeral-messaging-for-business-purposes","status":"publish","type":"post","link":"https:\/\/blogs.duanemorris.com\/techlaw\/2023\/03\/14\/preservation-of-ephemeral-messaging-for-business-purposes\/","title":{"rendered":"Preservation of Ephemeral Messaging for Business Purposes"},"content":{"rendered":"<p>Ephemeral messaging is short-lived, yet the data preservation and regulatory obligations remain.<\/p>\n<p>Ephemeral messaging apps \u2013 like WhatsApp and SnapChat \u2013 are a form of digital communication available for a limited time and then deleted.\u00a0 The two key characteristics of ephemeral messaging are: (1) automated deletion of message content for both the sender and the receiver and (2) end-to-end encryption which enhances privacy by making it more difficult for hackers and others to read the encrypted data while it is in transition between devices.<\/p>\n<p>The three degrees of ephemerality in messaging apps are:<\/p>\n<ol>\n<li><span style=\"text-decoration: underline\">Pure<\/span> which involves the permanent and automated deletion of messages;<\/li>\n<li><span style=\"text-decoration: underline\">Quasi<\/span> which permits preservation of messages in certain circumstances; and<\/li>\n<li><span style=\"text-decoration: underline\">Non-ephemeral<\/span> in which messages usually remain on a source (such as a server) and may not include end-to-end encryption.<\/li>\n<\/ol>\n<p>The benefits of ephemeral messaging include:<\/p>\n<ul>\n<li><span style=\"text-decoration: underline\">Information governance<\/span>: Data storage and records preservation\/management are reduced by ephemeral messaging.<\/li>\n<li><span style=\"text-decoration: underline\">Legal compliance<\/span>: Encryption and automatic deletion of personal data help reduce exposure if a data breach occurs.<\/li>\n<li><span style=\"text-decoration: underline\">Data security<\/span>: Even if a mobile device is lost, the automatic deletion of data will likely protect against hackers.<\/li>\n<\/ul>\n<p>The legal risks of ephemeral messaging include: (1) complying with subpoenas and (2) preservation of data when litigation is \u201creasonably anticipated\u201d.<\/p>\n<p>Subpoenas often define documents and communications broadly to capture all communications, including ephemeral messaging.\u00a0 Thus, the failure to preserve documents may result in an inability to fully comply with a subpoena and\/or a criminal exposure, particularly if the subpoena was issued by the government.<\/p>\n<p>Regarding the preservation of data, legal hold policies may need to be amended to address ephemeral messaging, including when a company is dealing with government regulators.\u00a0 <em>See e.g., Federal Trade Commission v. Noland, et al.<\/em>, Case No. CV-20-00047-PHX-DWL (D. Ariz. 2021) (sanctioning defendants for installing and using ephemeral messaging after learning they were investigation targets).<\/p>\n<p>Some regulators caution against the use of ephemeral messaging.\u00a0 For example:<\/p>\n<ul>\n<li>The U.S. Securities and Exchange Commission (\u201cSEC\u201d) issued a guidance in 2018 that prohibits business use of apps which permit automatic destruction of messages.<\/li>\n<li>The U.S. Department of Justice (\u201cDOJ\u201d) updated its Evaluation of Corporate Compliance Programs in March 2023 which discusses the factors that prosecutors should consider in conducting an investigation of a corporation including the adequacy and effectiveness of the corporation\u2019s compliance program at the time of the offence as well as at the time of the charging decision.<\/li>\n<\/ul>\n<p>Accordingly, establishing adequate and effective corporate compliance programs are important, including:<\/p>\n<ol>\n<li>establishing a corporate compliance program which is monitored, updated, and works in practice, and<\/li>\n<li>reviewing the company\u2019s document-retention policies and procedures, including whether they address ephemeral messaging and mobile device data.<\/li>\n<\/ol>\n<p>In sum, although ephemeral messaging is short-lived, the consequences \u2013 of failing to comply with data preservation and regulatory obligations \u2013 may be long lasting.<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Ephemeral messaging is short-lived, yet the data preservation and regulatory obligations remain. Ephemeral messaging apps \u2013 like WhatsApp and SnapChat \u2013 are a form of digital communication available for a limited time and then deleted.\u00a0 The two key characteristics of ephemeral messaging are: (1) automated deletion of message content for both the sender and the &hellip; <\/p>\n<p class=\"link-more\"><a href=\"https:\/\/blogs.duanemorris.com\/techlaw\/2023\/03\/14\/preservation-of-ephemeral-messaging-for-business-purposes\/\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;Preservation of Ephemeral Messaging for Business Purposes&#8221;<\/span><\/a><\/p>\n","protected":false},"author":265,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5],"tags":[9,121,11,12],"ppma_author":[976],"class_list":["post-936","post","type-post","status-publish","format-standard","hentry","category-infotechtelecom","tag-e-discovery","tag-esi","tag-litigation","tag-privacy"],"authors":[{"term_id":976,"user_id":265,"is_guest":0,"slug":"srwiggins","display_name":"Sheila Raftery Wiggins","avatar_url":"https:\/\/blogs.duanemorris.com\/techlaw\/wp-content\/uploads\/sites\/17\/2021\/12\/wigginssheila-100x100.jpg","0":null,"1":"","2":"","3":"","4":"","5":"","6":"","7":"","8":""}],"_links":{"self":[{"href":"https:\/\/blogs.duanemorris.com\/techlaw\/wp-json\/wp\/v2\/posts\/936","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blogs.duanemorris.com\/techlaw\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blogs.duanemorris.com\/techlaw\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blogs.duanemorris.com\/techlaw\/wp-json\/wp\/v2\/users\/265"}],"replies":[{"embeddable":true,"href":"https:\/\/blogs.duanemorris.com\/techlaw\/wp-json\/wp\/v2\/comments?post=936"}],"version-history":[{"count":0,"href":"https:\/\/blogs.duanemorris.com\/techlaw\/wp-json\/wp\/v2\/posts\/936\/revisions"}],"wp:attachment":[{"href":"https:\/\/blogs.duanemorris.com\/techlaw\/wp-json\/wp\/v2\/media?parent=936"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blogs.duanemorris.com\/techlaw\/wp-json\/wp\/v2\/categories?post=936"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blogs.duanemorris.com\/techlaw\/wp-json\/wp\/v2\/tags?post=936"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/blogs.duanemorris.com\/techlaw\/wp-json\/wp\/v2\/ppma_author?post=936"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}