Navigating the digital workplace

This article walks you through the digital workplace, the ecosystem of IT and web-based channels and applications used in the modern-day organisation.

We explore how, as an in-house lawyer, you can add value to the different elements that make up your organisation’s digital workplace.

In-house lawyers must help senior management and employees ensure their use of the digital workplace is legal, compliant and safe and that issues are dealt with as quickly as possible.

By providing clarity to employees, supporting senior management and satisfying external client demands, you’ll reduce risk and add real value for your organisation. It will also help you to understand how the systems work in the event of a data breach, a compliance investigation (e.g. ABC compliance) or litigation requiring e-discovery or a "dawn raid" by a regulator - in which event knowing these things becomes very (and urgently) important!

What is the digital workplace?

An organisation’s network of digital channels, platforms and tools can be bewildering, complex and fast moving.

IT ecosystems usually involve multiple applications owned by people across different departments, divisions and locations. Some of these applications may integrate with others, while others are stand-alone tools for specific tasks or business units. Some may reside in the cloud, while others are on-premises.

They’re all likely to be accessed by a combination of PCs, laptops, Macs and mobile devices, both corporate and employee owned.

These devices are often backed up with intended (and unintended) copies in multiple locations within the company's physically owned infrastructure and within the systems of subcontractors, outsourcers and cloud services providers such as Salesforce.com and Google analytics. This becomes really important to understand if you are sued, dawn raided, involved in a compliance investigation or have a suspected data breach.

Additionally, some employees, and even teams, may use tools not officially sanctioned by the IT department. For example, many people use their own Dropbox accounts to share files among themselves independently of their organisation’s file sharing policies and systems. The consumer (and popular) version of WhatsApp is also frequently used for work-related messaging, even though is not suitable from a risk and compliance perspective. 
Many vendors and consultancies refer to this ecosystem as the “digital workplace” as it’s essential to many practices, including:

  • Internal communications
  • Team collaboration
  • Project management
  • Knowledge management
  • HR related processes
  • Management reporting
  • Client service delivery
  • External communications

The term digital workplace suggests a holistic view of how employees experience multiple IT channels. It implies coordination between distinct and disparate software applications and services. Increasingly the term “digital employee experience” has also been used.

Thinking about the digital workplace as a whole helps software designers and IT functions introduce consistency into the look and feel of different systems and the way people access them. Using the same log in credentials, known as a single sign-on, is one example of this approach. Holistic thinking also helps organisations plan their IT strategically and efficiently.

What does this mean for in-house lawyers?

As an in-house lawyer, you can use the concept of the digital workplace to think about risks, knowledge gaps and opportunities to add value. For example, can you provide guidance and risk-related processes across your organisation’s entire digital workplace, or just a handful of individual applications?

You will, at the very least, need to know about:

  • Acceptable terms of use for employees and other related policies.
  • Privacy of employee data.
  • Privacy and duty of care over client data.
  • Territories where data servers are held, and how these affect data privacy and protection and GDPR compliance.
  • Accessibility.
  • Copyright of material published on the organisation’s channels.
  • Retention policies and e-discovery processes.
  • Any obligations and processes which may affect agreements with workers’ organisations (this is particularly pertinent to German Works Councils).
  • Sector or market-specific regulatory or compliance issues.
  • Processes that drive compliance, including educating employees.
  • IP compliance of software that you operate commission or adapt (including licence terms and fee payments).
  • How to navigate/search the systems for compliance and/or disclosure purposes.
  • Specific wording on sensitive content, such as HR procedures.
  • Emerging risks, in particular multiple aspects of artificial intelligence (AI) and generative AI.

Adding value

You have a role to play in making sure people use your organisation’s digital workplace in a legal, compliant and safe way. You also need to ensure that if any issues do arise, you can deal with them quickly, without causing disruption to normal business operations.

Most in-house legal teams are more involved in drafting guidance than advising on specific incidents in the digital workplace. However, this can be seen as more than just a risk management process. Add value by reducing senior management’s worries about the perils of the digital workplace and give employees clear guidance about appropriate use of different channels.

This latter point is increasingly important as, generally, digital channels have moved from a consumption, or broadcast, model to a participative one. More and more employees can now post content, add comments or share files than ever before, without restriction or prior approval.

Focus on user education and training to minimise risk and drive compliance. Employees want clear guidance written in plain language. Avoid unnecessarily long, complex or legalese-laden messages. They’ll never be read.

Senior management often spend far more time worrying about potential incidents in the digital workplace than the frequency of their actual occurrence warrants. For example, the most common issue on intranets and internal social networks is unintentional breach of copyright law. However, we've never known a senior manager lose sleep over copyright.

Business-to-business organisations that handle sensitive client data are often contractually obliged to have certain processes in place across their internal digital workplace. Clients insist on these to assure themselves that their suppliers meet certain standards in care with their data. So, where a large financial services firm seeks guarantees from a smaller professional services firm, such as an accountancy practice, the in-house lawyers for both parties play a pivotal role.

It is good practice to have a good and regular relationship with the people who run the IT in your business and fully to understand how the systems that your team uses operate and where they are - it would be embarrassing to be caught out by an issue relating to your contract management system for example!

AI is also currently being worked into multiple tools across the digital workplace, particularly with the introduction of Copilot into Microsoft tools. There are multiple areas of risk – from data privacy risks to bias to unethical use. In-house legal teams have a central role to play in assessing the risks, establishing guidelines and helping establish the safe and proper use of AI. 

A walk through the digital workplace

The internal ecosystem of digital channels differs from organisation to organisation and there’s often overlap between the capabilities of different channels. For example, one company's intranet might have a complete social networking capability, while in others, it won't be appropriate.

Below are the most common channels we think you’ll come across. This list is not exhaustive, so we’ve focussed on those most employees have direct access or exposure to.

Intranet publishing

Most organisations use intranets to publish news and content. Internal communications teams and HR departments are usually the main publishers on intranets. However, employees can usually rate content, leave comments and, possibly, publish articles themselves.

Employee directory

An employee directory is a central listing of an organisation’s employees and, sometimes, contractors. It should contain an individual profile for every employee, complete with contact information, job data, a photograph and relevant job experience. The directory is normally integrated with the intranet or internal social network. Profile capability is embedded in many applications, so some organisations end up with more than one directory.

Social and community platform

An enterprise social network typically allows employees to follow each other, post wikis, blogs, open discussion forums and community spaces and view updates in a feed or activity stream. People generally use these platforms for informal and open interaction rather than project or client-specific work. A social and community platform may also be part of the intranet.

A common risk is for people - especially in larger companies - to muddle intranet and internet and to post material that should stay internal to the company in external contexts - which is why strict controls on who can use the company's twitter feed (etc.) and how they can use it are recommended.

Unified communications – video conferencing and messaging

The use of platforms like Microsoft Teams and Zoom skyrocketed during the pandemic. These tools take on multiple forms of communication including video conferencing and instant messaging  / chat.

Team sites, project workspaces and team collaboration

Project and team-specific workspaces are generally private, closed forums where team members post updates, allocate tasks and share files. Examples include Microsoft Teams, Slack and SharePoint. Organisations often use these applications with external service providers. Increasingly these kinds of tools have also taken on other unified communications capabilities such as video conferencing.  

Document management system (DMS)

In practice an organisation might have more than one system to manage and share documents. These could include SharePoint which is a more generic document sharing solution, and then potentially a specialist DMS to keep a proper record of documents with audit trails etc. Businesses within regulated industries are more likely to have a specialist DMS for compliance purposes. 

HR management systems (HRMS)

HR management systems are the system of record for HR data. They allow employees to update their details, book annual leave, view payslips, choose benefit options, and  complete other self-service tasks. They may form part of an integrated HR portal, have some integration with the intranet or be a series of disconnected applications. Some HR systems like Workday have many different additional modules covering areas like recruitment and learning. 

Learning management system (LMS)

A learning management system will cover training opportunities via a course catalogue and can usually also deliver e-learning, often using off-the-shelf course in the SCORM format. An LMS will also have reporting on it and could cover both mandatory and non-mandatory training. 

Internal video channels

Some organisations have an internal YouTube platform for publishing and sharing videos.

Digital signage

Digital signage (internal video screens for messaging), usually managed by the internal communications team, is increasingly common in the workplace.

Email

The dominant digital channel, email delivers everything from internal communications to file sharing.

Function specific and other core systems

As well as communication and collaboration channels, there are platforms designed for customer relationship management, financial management, practice management, time recording and much more. Many organisations also use data warehousing facilities complete with reporting suites.

Systems like Salesforce.com and finance and procurement management tools such as, Xero, SAP and Ariba may also hold a surprising amount of commercially sensitive, confidential and personal data in multiple locations, usable in many ways and accessible by many people.

A particularly important example of this (because of the sensitivity of the content) is the systems that you use to compile and communicate Board Packs (e.g. Board Vantage and other similar products).

This is also likely to be true of the systems that are used by your company to take and make payments (particularly if you have a large consumer and/or small & medium business customer and/or supplier base) and to make payroll payments.

Many businesses will also have specific software for running websites such as Sitecore or Gather Content and may also have web-based platforms to support online sales platforms and/or manufacturing/ production and/or staff time recording etc.

Employee apps

Your organisation may make mobile apps available to employees on both corporate and employee-owned devices. They may be custom-built or generic ‘off the shelf’ applications. There may even be a corporate app store where the apps are downloadable from.

Client extranets
Though not strictly internal, these channels often have a similar set-up to internal channels and use the same technology as that found in internal collaboration tools.

Under the radar applications (Shadow IT)

Shadow IT, the use of non-approved applications by individuals and teams for work purposes is a big issue for some organisations. This arises when official systems have gaps and limitations, while easily available alternatives provide convenience, extra features and a superior user experience. In many cases, these offerings are designed for consumers, so don’t have the enterprise features a security conscious organisation with data protection obligations needs. As a result, they risk breaching security, data privacy and safeguarding guidelines.

Conclusion

Take time to really understand your organisation’s digital workplace and think holistically about it as a strategic asset with its own risks. Knowing all the different channels helps to spot specific issues and extend common guidance and polices across a wider scope. It also helps to communicate best practice and safe usage to employees and management in a way that has real impact. Do this concisely, using plain language and simple messaging. And, as the digital workplace is evolving rapidly, stay on top of developments.