Digital Dangers: Why You Need a Plan for Handling Sensitive Workplace Conversations

Who loves a call from the boss? Most Millennials don't. And it's a hard no from the elders in Gen Z. Ask any colleague under 35 right now and they'll probably tell you that they dread seeing their phone light up with a work number after hours or at unexpected times.

To make up for this allergy to old-school phone conversations, digital natives will freely and quickly text, email, or message you via a platform like Slack. It may seem easier, but in the worlds of business, government, and even nonprofits, sharing information in such ways can land you in a heap of trouble.

Take, for example, this week's revelation that top government officials used a commercial messaging app to discuss plans for a military strike in Yemen. The Cabinet-level gaffe is a public and very high-stakes example of what can go wrong when chats get sloppy, and a stark reminder that communications plans and protocol are in place for a reason.

But your average C-suite leader isn't handling top secret military plans, and most companies or organizations don't have a Sensitive Compartmented Information Facility (SCIF) – essentially a room for highly secure conversations to take place. So, what are the basic rules of the road for executives who want to ensure that information is handled properly to mitigate reputational risk, legal quagmires, a hit to revenue – or all three?

Here are four tips for handling sensitive workplace conversations:

1 - Conduct team-wide trainings.

Are you certain that the digital natives on your team know that they shouldn't use Slack to discuss sensitive matters, such as a colleague's termination or an embargoed product launch? If you haven't made it perfectly clear through team trainings and your company handbook, then the answer is no. Trainings are great for reminding every individual that what they put out on digital channels can be screengrabbed, shared out of context, stored in the cloud forever, or used as an exhibit in future legal matters.

2 - Consider and enforce your documents policy.

Do you have a document deletion and retention policy? If so, review the contents. If not, create one and share it with your entire team for acknowledgement and signature. A document deletion policy outlines how and when information including documents and records are stored, preserved, or destroyed, ensuring compliance with legal and regulatory requirements, and protecting data privacy and security. Requiring your team to sign the documents policy is a formal follow-up to their training; it officially reiterates how using apps for communicating need-to-know information or sharing sensitive material can open up organizations to wild and unnecessary risk. Non-compliance can and should be documented by HR.

3 - Set up a bat phone in advance.

If a situation erupts that requires rapid response, you should have your crisis playbook in hand AND have a secure communications plan already established. This comms plan identifies who will be on the core response team – HR, legal, ops, communications, for example. Leaders should take the time to set up an encrypted messaging service for the group with the numbers of those to be included already pre-loaded, vetted and tested. (Yes, you could use Signal for this if you take extreme care to set it up and also counsel participants on what they can and can't share in these circumstances because users can screenshot Signal chats!)

4 - Consult with your comms consigliere early and often.

Things happen. Developments sometimes come in fast and hot. Which is why it's important to keep your most senior comms counselor looped in every day. They can and should help you spot areas of concern well before they escalate and transform into an urgent situation. If you're knee-deep in a crisis and suddenly remember to alert your CCO, it's probably too late for them to mitigate all of your risk. At that point, you're in damage-control mode.