Back to All Posts
How to create instant messaging company policy

How To Create A Clear Company Instant Messaging Policy


Company instant messaging has taken over business communications at a formidable speed. This has left many companies scrambling to create a robust instant messaging policy. While you absolutely must have one, it doesn’t need to be as complicated as you may think.

For starters, you likely already have a policy in place that covers the appropriate use of emails. The biggest difference between messaging apps and email is that you can monitor emails and retain the data. So, you just need to update your policy to ensure it covers this new technology.

Keep Your Policy on Messengers Simple

The company policy for messaging apps needs to provide appropriate levels of data protection. But this doesn’t have to be created from scratch. You can build upon current policies that cover privacy, electronic communication or social media.

Your policy likely covers WeChat, WhatsApp, and other communication apps by implication already. But by explicitly mentioning them you make your case clearer. However, name the apps as examples rather than leaving a loophole for a type of messenger not yet created.

Communication Compliance Options

The problem with many instant messaging apps is that they do not retain data. Not maintaining a record of messages or files sent or received puts your company in breach of the compliance laws of most countries.

When writing up your companies instant messaging policy you will have three options:

  1. A complete ban of any form of unmonitored instant messaging
  2. Restricting messaging apps and specifying which can be used
  3. Implementing software solutions that work with instant messaging platforms to allow monitoring and data retention (e.g. LeapXpert Federated Messaging Orchestration Platform).

Options For Company Instant Messaging Rules

The different levels of security, confidentially and type of data worked with means that each company needs to have very different policies in place to work with different business messengers.

Banning All Messaging Apps

The most extreme option is the banning of all messaging apps, including WhatsApp, WeChat or Telegram and others, from the workplace. This is a model followed by Deutsche Bank and is a commonplace policy among German companies.

If your client base does not use instant messaging then this may indeed be the easiest and most effective option. Unfortunately for most businesses, customers use these communication tools. And your clients want to be able to use IMs to communicate with you.

Norfolk and Suffolk police provide a clear policy which allows internal IM use. However, they have restricted most forms of non-work messaging within work. This approach, while restrictive, does encourage greater professionalism and increases awareness of security issues of messaging apps.

Implementing a complete ban can be difficult. Particularly if you are a large enterprise and employ millennials. Only the most draconian of workplaces will attempt to restrict employees use of personal messaging apps during breaks. However, you can ensure that your communication policy has a clear code of conduct for using personal messaging apps during office hours.

Restricting Instant Messaging Apps

Here you have two options. You can either specify exactly which IMs you will allow to be used for work-related communication. Or you can implement a policy that means you have the right to monitor personal communication for business-related conversations.

You need to ensure that you have clear policies that provide the expected standard and highlight any disciplinary action that a breach will incur. For example, Landstar Title Agency has rules that clearly assert its right to all messenger records created on its systems.

The company can access or disclose all such messages at any time, and they are archived for at least 180 days, securing its data trail. To protect stakeholder privacy, no confidential information can be shared through these systems without approval.

Third Option: Implementing Compliant Software Solutions

If you have access to the right technology, then you might focus on segregating data. A combination of rules and software can keep work and private communications separate on a single device.

Moving all work-related instant messaging to a Federated Messaging Orchestration Platform (FMOP) is one of the easiest solutions that give you the best of all worlds. This means that clients can communicate using their preferred messaging app. While your staff can respond using a fully monitored system that meets your legal responsibilities.

Who Owns The Data?

The policy should cover all technology owned by the company or used in the workplace. This includes company hardware and software, as well as personal equipment being used in a work context. Private equipment used in work time, on work facilities, or for work issues is fair game for business rules.

Ensure that you have clauses in your policy that cover:

What is said in chat rooms and channels where more than one employee is a member.

WhatsApp might be used for arranging interoffice meeting times but using it to rate the attractiveness of the new temp should reference your HR policy and be cause for disciplinary action.

What data employees must divulge?

If your staff use systems on their private devices to have personal conversations as well as business conversations, do they need to share the communication if requested?

What is monitored? What isn’t monitored?

You need to be clear about your expectations. Slack or Microsoft Teams are helpful to coordinate work matters, particularly with remote workers. Do you want to ensure that all communication is able to be monitored and retained? Your easiest option will likely need to use the LeapXpert FMOP and direct staff to use all business-related instant messaging communications through this.

Being clear in your expectations allows you to assert your rights, and the employees to protect their privacy.

Finding the Right Solution for You

When it comes to messengers, business communication solutions vary. What’s appropriate for you will depend upon your business model, your technology, and the data you’re handling.

You have different and unique issues to consider. However, you should consider any solutions others in your field and far outside, are using. In addition, look at making use of platform such as that provided by LeapXpert. Establishing a clear policy around B2C communication is the first step. But ensuring any communications sent using messengers are kept safe, secure, and under your ownership required using the right tools.

Back to All Posts

Eager to learn more?

We use cookies on this site to enhance your experience.