The Information Commissioner’s Office (ICO) has called for a government review into the potential risks and pitfalls around the use of private correspondence channels – including private email, WhatsApp and other similar messaging apps.
The review request comes following an enquiry into the messaging systems used by government throughout the pandemic.
The enquiry found that there were no real clear controls in place and the frequent use of messaging apps – such as WhatsApp – led to potentially important information regarding the government’s response to the pandemic being lost or insecurely handled.
What action has been taken?
- The ICO has issued the government with a recommendation ordering it to improve its management of FOI requests. This will ensure FOI requests are better managed, particularly if material is created or contained in personal accounts.
- The ICO is also calling for the government to set up a separate review into the use of these channels and how they can be used effectively whilst ensuring data protection and transparency requirements are met.
In terms of our customer base, particularly in the professional services industry or businesses that handle sensitive data, this is a highly relevant case study when we think about WhatsApp. The potential dangers of using WhatsApp for business purposes is clear.
While the WhatsApp app is ‘encrypted’, the fact that the messages are stored on the cloud, makes them more accessible for hackers. Alternative messaging apps such as Signal are more secure because messages are stored on the device themselves, meaning theft of the device would be the only way someone could access the messages.
We would, therefore, advise that you should not be using WhatsApp for business purposes, particularly in highly regulated sectors such as law, finance and government. The ICO are likely to take significant action against you, as an organisation if you have a breach and you are using WhatsApp or other similar messaging platforms.
If you are concerned about the security of your endpoint devices, or you want to find out more, please contact us at email@example.com or call 0333 772 9544.