Nearly every organization in the world is concerned about data. More specifically, they’re concerned with how they store and share information internally and externally while maintaining security. Even with small amounts of data, this is no small task in our ever-connected world. This is one of the reasons ephemeral messaging has become so popular for both business and personal use.

Ephemeral messages are, as the name implies, temporary. In contrast with more traditional digital communication—short message service (SMS), multimedia messaging service (MMS), email, etc.—ephemeral messages only exist for a short time before they’re deleted. Snapchat, WhatsApp, and Telegram are some of the more familiar names, but new services continue to surface, and the premise remains appealing. You can communicate as needed, and you won’t have to worry about storage issues or sensitive material falling into the wrong hands. But in the world of business, it’s not quite that simple. There are recordkeeping considerations, risks associated with letting a third party handle this data, and exceptions to the idea of a truly ephemeral message.

Consequences and Recordkeeping

Sorted document files in shelf

Department of Justice (DOJ) guidelines initially suggested a ban on ephemeral messaging by drawing a hard line on records retention requirements, but they have since softened. Today, companies must decide what’s right for them. Some industries, such as finance and health, may have strict regulations regarding the distribution of information, but for others, the decision is not as clear.

Whatever the case, every organization should have a clear policy addressing the use of ephemeral messaging services to ensure all employees understand the expectations—and inherent risks—of using these services. For most people, ephemeral messaging offers a quick way to communicate. In some ways, it’s no different than other casual and untraceable work-related conversations such as those that occur while at lunch or meeting by chance in the hallway. However, this lack of record keeping is a double-edged sword.

While it saves large organizations potential data headaches, it also puts them at risk. In 2017, for example, Waymo accused Uber of stealing intellectual property and covering their tracks by using ephemeral messaging (in this case, Wickr and Telegram). The case was settled out of court but raised several questions about how either party could prove or disprove wrongdoing.

Forfeiting Control

Numbers in a white page of notebook

Companies today generate a staggering amount of data. From emails and digital files to text and multimedia messages on company devices, data storage is a growing challenging and represents inherent cybersecurity risks. Email is a common gateway for threat actors and servers holding sensitive data or intellectual property are at risk of falling victim to a cyber breach.

However, sending information through third-party apps over which you have no real control makes it impossible for you to protect sensitive material. You’re trusting messages truly are being deleted and, to take that a step further, the company is being honest about their intentions. Telegram, for example, was being honest, but a bug in the software kept media stored on user devices.

When Ephemeral Becomes Permanent

Black pen

Self-destructing messages certainly keep you from leaving a trail, but it’s not quite that simple. Though a message may be sent with the intention of impermanence, the recipient may have other ideas in mind. For example, a screen capture allows users to save a version of the text or media to their device. Though many ephemeral messaging services alert you if this occurs, the action is irreversible. Similarly, the recipient of these messages may choose to take a photo or video of their device with a secondary device, and there’s no way for you to know this is happening.

The idea of ephemeral messaging itself is unlikely to disappear anytime soon. Short of stopping its use altogether, which is impossible for any organization, it’s best to acknowledge the technology, create smart policies, and educate employees on using these services.