The various risks to the employer are increasingly recognised, but most employers are still not addressing those risks in an organised and systematic way.
While in theory, a simple ban might appear to be the solution, practical experience shows that the platform is one used almost interchangeably between work and social situations.
The first issue is around privacy. Much is made of the end-to-end encryption and the comfort that this is perceived to give to users. However, it is also very easy for messages to be copied, forwarded and edited without the original composer being aware of that fact. This means that material – whether sensitive, confidential or potentially just plainly offensive – can circulate very easily, without any thought having been given; high-profile cases involving both the police and NHS are notorious examples.
For many individuals, while they consider their own confidentiality something that they want to guard, there is a sense that what has already been shared or ‘put out there’ is fair game and can be re-circulated without any consent being needed.
It is easy to see how sharing material in what might be considered a closed group goes viral in a matter of minutes. That can lead to obvious risks in terms of bullying, harassment, discrimination or worse. The increasing prevalence of blackmail based around interactions on WhatsApp is disturbing, and in the context of the workplace, the unguarded sharing of commercially sensitive or confidential information can lead to considerable distress and upset, quite apart from any financial ramifications, for both the employee and their employer.
But if an outright ban by employers is unrealistic, what can be done?
There is no silver bullet. Education, clear policies, awareness raising and refresher training are all key components.
Just as organisations increasingly highlight the risk of data breaches through simulated phishing and encouraging employees to ask themselves questions before clicking on links or disclosing information, a similar awareness-raising approach may help.
The basic key questions are: whose data am I sharing, and am I expressing an opinion that could easily be misunderstood or taken out of context? If the data is about someone else, can I be sure that they would agree to my sharing it without controlling its onward distribution?
Employees (and workers and volunteers) should be reminded that the content of WhatsApp chats can and are routinely used in both civil and criminal cases.
While the mishandling of sensitive personal, client or business data will give rise to liability under UK GDPR, the fact that WhatsApp messages are not stored on an employer’s servers poses an increased risk around data management and record-keeping generally.
Should an employer seek to police or monitor group chats?
This is a developing area. There is an emerging approach which sees employers setting up official WhatsApp groups for particular teams, and then setting out appropriate usage policies. Such policies will deal with the issues around content, sensitive data and not harassing others.
They sometimes also include an explicit process of involvement by line managers, acting as moderators or gatekeepers. While that may smack of Big Brother, the problem can equally lie in employees setting up parallel private groups, from which certain colleagues are excluded and/or where the ‘real chat’ takes place.
For more information about any of the issues covered in this update, or if you are an employer and need further advice then please contact Rustom Tata, Partner in Employment by email or call on 0333 231 580.
This article was first published on HR Magazine’s website.
