?Ever heard this phrase: “Nobody would be stupid enough to put that in an e-mail”?
The phrase should sound familiar. And we all know why we say it —because our work e-mails are reviewable by our employer, producible to the government and reportable on the front page of the local newspaper. At least, they are if you write something extraordinary.
Many employees’ computers’ friendly log-in screen reminds them of that every morning: “By using this network, you have no expectation of privacy and consent to monitoring of all your activities on this device or related resources … . ” Who needs spy balloons?
Work e-mail is typically closely monitored and preserved. Things can get trickier for companies when work is done through texts, social media and messaging apps. They get trickier yet when work is done on apps whose appeal is, variously, privacy, encryption and the ephemeral—messages designed to go poof.
Another level of difficulty altogether comes with employee communications in the metaverse. As companies cross this new digital frontier, they need to understand how their employees communicate in the metaverse and what is, can be, and should be preserved.
Why Preserve Anything Anyway?
Companies need to preserve their employees’ work-based communications for many practical and legal reasons. The most obvious reason is purely managerial. Companies and their employees need to know what they’ve said and done, so they know what to say and do next.
Another reason is for investigation. Electronic communications often create a road map of what people did, said, agreed to, disagreed with, read, had knowledge of, helped and worked on; and unfortunately, sometimes, who they bribed, harassed, defrauded, lied to or otherwise involved in a cluster of regrettable behavior.
Another reason to preserve communications is to comply with laws and follow government guidance. For instance, the Securities and Exchange Commission (SEC) requires financial advisers to keep “[o]riginals of all written communications received” and “copies of all written communications sent” regarding various kinds of trading and recommendations. The SEC has interpreted that to include “text/SMS messaging, instant messaging, personal e-mail, and personal or private messaging.” And that includes company devices, private devices and third-party apps.
The U.S. Department of Justice has likewise issued guidance on the topic. When prosecutors evaluate a corporation’s compliance program, they “should consider whether the corporation has implemented effective policies and procedures governing the use of personal devices and third-party messaging platforms to ensure that business-related electronic data and communications are preserved”—the reason being, of course, that a company serious about compliance should be a company serious about knowing what its employees are doing.
What Exactly Is the Metaverse?
The stereotype of the metaverse is “Ready Player One,” a movie about a wonderland accessed through goggles, gloves and other futuristic tech.
In reality, the metaverse is a blanket term for a wide array of emerging technologies. It includes augmented-reality technology, where digital information is overlaid on the real world. Pokémon GO is one example, where players’ phones display virtual beasties hiding in real places. The metaverse includes online platforms like Roblox, Fortnite and Second Life, in which users variously hang out, explore, shop, go to concerts and—all in good fun—blow each other up. The metaverse also includes blockchain-powered virtual geographies like the Sandbox and Decentraland.
A company may have one set of policies, procedures and technical solutions for preserving employee e-mails, and a different set for preserving texts or app-based communications. The compliance approach may differ because the technology differs.
The same goes for metaverse communications. Companies need to understand the particular metaverse technologies their employees use. A company might use one platform for a virtual-reality workspace for employee meetings. The company might use an entirely different platform for a customer-facing virtual store. The underlying principle is the same: preserve business-related communications. The “what” and the “how” may differ, however.
The What and How of Preservation
Let’s start with the what. Twenty minutes in the metaverse generates two million data points, albeit nonverbal. Of course, employee communications are not nearly so many. But they can come in a variety of forms in the metaverse. Employees can talk on metaverse platforms just as they can over the phone, on Zoom or any other technology. So, an initial query is whether and when to capture those oral communications.
Many metaverse platforms also offer various means of written communications. There too, companies need to consider whether and when those need to be captured.
That leads to the how. Depending on the platform used, employee communications may be more or less susceptible to preservation:
- Technological limitations. Preservation may be subject to technological capabilities—some communications may be easy to maintain while others are, by design or by lack of capability, not maintained at all.
- Device issues. A metaverse platform might be accessible across different devices, like phones, computers and headsets, and on both company and private devices. Depending on the device used and its ownership, employee metaverse communications may be more or less easy to preserve.
- Contractual and legal issues. A platform may have terms of service or other contractual requirements governing its ability to record, preserve or produce communications of its users. Likewise, depending on where that data is made and stored, the platform may have constraints based on a country’s or a U.S. state’s privacy laws. And the application of those contractual and legal requirements may differ depending on the capacity in which a user uses the service, whether as an employee or in the worker’s private capacity.
All these issues warrant careful consideration from companies. They’ll need policies and practices that can evolve as quickly as the metaverse itself.
Tim Taylor is an attorney with Holland & Knight in Tysons, Va.
