The Need for Periodic Information Policy Review
most company policies, information related policies and procedures are not static company artifacts. Rather, any company directives should be considered “living,” that should reflect the current business operations, processes, and technologies in use. That means that they may need to be augmented, updated, or changed from time to time. If you are not convinced, the recent action by the Justice Department may be the needed motivation.
On September 15, 2022, the US Department of Justice issued a memorandum, the subject of which was “Further Revisions to Corporate Criminal Enforcement Policies Following Discussions With Corporate Crime Advisory Group.“ That memorandum from the Justice Department seeks to help corporations take actions to better their corporate compliance. Of particular note, as it relates to information and records management, the Justice Department issued a statement dealing with company employees “use of personal devices and third-party applications.” The Justice Department makes clear that given the ubiquitous use of personal smart phones, tablets, laptops, and other devices that create significant corporate compliance risk, that corporations “should have effective policies governing the use of personal devices and third-party messaging platforms for corporate communications, should provide clear training to employees about such policies, and should enforce such policies when violations are identified.”