Instant Messaging Rules: A Business Guide to Managing Policies, Security, and Legal Issues for Safe IM Communication

1. Regulators are concerned about consumer privacy, and you should be too. Incorporate IM rules and policies into your organization’s information security program to protect nonpublic customer data.

2. Educate employees about IM-related regulations. Train employees to adhere to the organization’s written IM policy, including regulatory guidelines and retention rules. Your employees may be tech-savvy IM users, but that doesn’t necessarily mean they are up to date on the rules and regulations of your industry or firm. The best advice: train, train, train . . . then train some more.

3. Don’t wait for IM-related disaster to strike. Take action now with a comprehensive program that combines the three Es of IM risk management:

   • Establish written IM policy that addresses regulatory requirements.

   • Educate all employees about your firm’s IM rules and your industry’s retention requirements.

   • Enforce your rules, regulations, and policies with a combination of technology tools and disciplinary action. ^[8]

^[8]Nancy Flynn and Randolph Kahn, Esq., E-Mail Rules, New York, AMACOM, 2003.