Ephemeral Messaging and the Duty to Preserve A Guide for General Counsel
Ephemeral messaging apps like Signal and WhatsApp have become standard for critical business communication. For general counsel, this widespread use creates a significant legal risk: essential evidence can vanish via auto-delete features before litigation or a regulatory inquiry even begins.
How Auto-Delete Works Across Major Platforms
Not all ephemeral messaging apps behave the same way. Understanding their default settings is the first step toward managing preservation risk.
Here is how the three most common platforms handle auto-deletion:
Signal: Offers a "Disappearing Messages" feature that can be set to delete messages anywhere from 30 seconds to four weeks after they are sent or read. The timer is configurable by either party in a conversation.
WhatsApp: Provides a "Disappearing Messages" mode with options to delete content after 24 hours, 7 days, or 90 days. Unlike Signal, it maintains at least a short retention window, but that window closes fast.
Telegram: Allows self-destructing messages in "Secret Chats" that can vanish immediately after being read. Standard group chats do not auto-delete by default, but users can enable it manually.
The practical problem for legal teams is that these settings are often controlled at the individual user level. A custodian can enable auto-delete without IT oversight, and once the timer runs out, no platform-side recovery option exists. General counsel cannot assume employees understand the legal implications of these features.
Ephemeral Messaging: Activation of the Duty to Preserve
The duty to preserve evidence is not triggered solely by the commencement of litigation. It attaches the moment litigation is "reasonably anticipated," a threshold that includes government investigations, internal compliance reviews, or even a credible threat of a lawsuit.
When this trigger occurs, any auto-delete feature that could destroy relevant data must be disabled immediately. Courts have affirmed that the preservation obligation applies across all platforms employees use for business communications, rendering a litigation hold focused only on email insufficient.
The duty is typically activated by the following conditions:
Receipt of a government subpoena, civil investigative demand, or preservation letter
Notice of a threatened or filed lawsuit
The start of an internal investigation where mobile data is in scope
A regulatory examination where communications may be relevant
Once these conditions arise, general counsel must act quickly to identify custodians who use ephemeral messaging apps for business, notify them to disable auto-delete settings, document the instruction, and confirm compliance. A delay of even a few days can result in the destruction of critical evidence (spoliation).
Court Sanctions for Mismanaging Ephemeral Messaging Data
Courts have demonstrated a willingness to impose serious penalties for failures involving ephemeral messaging.
In April 2024, the FTC moved against senior Amazon executives for using Signal's auto-delete features while an antitrust investigation was active. A Washington district court ordered a Rule 30(b)(6) corporate deposition and invited further motion practice, underscoring the judicial gravity of the issue.
Similarly, in PharmacyChecker.com v. National Association of Boards of Pharmacy (S.D.N.Y., September 2025), the court sanctioned a party for failing to preserve data before a third-party platform was shut down. The ruling emphasized that "preservation duties require attorney-coordinated action once data destruction is foreseeable." This principle applies directly to ephemeral messaging: general counsel cannot afford to wait for a formal hold to be issued before taking action.
Operationalizing Ephemeral Messaging Governance
Understanding the risk is only the first step. Effective risk management requires building a repeatable, defensible governance framework for messaging before an event arises.
Practical steps include:
Audit app usage. Identify which employees use platforms (Signal, WhatsApp, Telegram) for business communications, particularly within BYOD environments.
Update litigation hold templates. Ensure standard holds explicitly name ephemeral platforms and include clear, specific instructions for disabling auto-delete features.
Train employees. Implement brief, targeted training to educate staff on the legal significance of disappearing message settings, thereby reducing the risk of unintentional spoliation.
Establish a mobile data collection process. Implement a defensible data collection methodology in advance to ensure the secure and compliant capture of relevant data from these platforms when a hold is issued.
Implementing the Right Collection Tools
Managing ephemeral messaging risk requires more than legal holds and policy updates. When custodians have used apps like WhatsApp for business communications, general counsel needs a reliable way to collect that data before it disappears or after preservation has begun.
This is where the PME platform is designed to assist. We provide targeted, remote mobile data collection specifically for legal and compliance teams handling litigation, regulatory inquiries, and internal investigations.
Our platform supports the defensible collection of data from popular chat apps such as SMS, iMessage, WhatsApp, Line, Viber, WeChat, and more, by utilizing forensically sound workflows, clear chain-of-custody documentation, and review-ready output. General counsel can streamline the process from a preservation trigger to defensible mobile evidence without the logistical challenges of device shipping, onsite technicians, or manual extraction.
Ready to build a defensible mobile data collection process? Request a demo to see how our platform supports your litigation and compliance workflows.
Frequently Asked Questions
1. Does the duty to preserve apply to personal devices employees use for business communications?
Yes. Regulatory bodies and courts have made clear that preservation obligations extend to personal and BYOD devices when business-related communications are stored on them. The platform used does not alter the legal obligation. PME supports remote, consent-based mobile data collection from personal devices without requiring device seizure or onsite access.
2. What happens if an employee accidentally allows auto-delete to run after a litigation hold is issued?
Courts evaluate intent, but accidental deletion after a hold is issued can still result in sanctions if the organization failed to take reasonable and documented steps to prevent it. This includes issuing explicit hold instructions and confirming that custodians have disabled auto-delete settings across all relevant applications. Thorough documentation of these preventative measures is critical.
3. Can WhatsApp, Signal, or Telegram data be collected in a forensically sound manner?
Yes, provided purpose-built mobile data collection tools are utilized. PME enables the defensible collection of messaging app content, including conversations, attachments, metadata, and timestamps from popular chat apps, through repeatable, auditable workflows designed to withstand legal and regulatory scrutiny.
