News

The ICO has urged top politicians to review WhatsApp use

The Information Commissioner’s Office (ICO) has reprimanded the Department of Health and Social Care (DHS) for its use of WhatsApp during the Covid-19 pandemic.   

The UK’s data protection watchdog has also called for a “government review into the systemic risks and areas for improvement around the use of private correspondence channels – including private email, WhatsApp and other similar messaging apps”. 

A report – Behind the screens – maintaining government transparency and data security in the age of messaging apps – details the ICO’s investigation into the use of these channels by Ministers and officials at the DHSC. The report found that:  

  • There was extensive use of private correspondence channels by Ministers and DHSC staff.
  • The practice is commonly seen across much of the rest of government and predates the pandemic.
  • The DHSC did not have appropriate organisational or technical controls in place to ensure effective security and risk management of private correspondence channels being used.
  • The use of such channels presented risks to the confidentiality, integrity and accessibility of the data exchanged.

 

The ICO has now called for a review of practices, and provided some key recommendations, to ensure improved use of private correspondence channels moving forward. 

While this review dealt with the workings of public officials, all organisations using WhatsApp and other messaging platforms for business use must make sure they are not falling foul of data protection regulations. Especially when communicating with, and sharing information about, customers.   

Even WhatsApp Business (which is designed for business use and is safer than the standard app) isn’t bullet proof. Businesses must still ensure they have customer consent, provide information about what data will be collected, and meet all the other various data protection requirements to ensure compliance. If they don’t, they could find themselves facing hefty fines and data breach compensation claims.  

Register to make a data breach claim.

Deborah Stuttard

Share
Published by
Deborah Stuttard
2 years ago

Recent Posts

Latest Data Breach Round-Up – June 2024

In our regular update, we provide a roundup of some of the data breaches and… Read More

6 months ago

Join our MOVEit/ Zellis Data Breach Action

We have launched a group action against MOVEit/Zellis. Group actions can be a powerful tool… Read More

6 months ago

One year on – the extent of the MOVEit data hack is just becoming clear

The number of organisations affected by the MoveIt Data Breach is still rising, despite the… Read More

6 months ago

Join our 23andMe Data Breach Action

We have launched a group action against 23andMe. Group actions can be a powerful tool… Read More

6 months ago

ICO and Canadian counterpart to investigate 23andMe data breach

The Information Commissioner’s Office (ICO) has launched a joint investigation into the 23andMe data breach… Read More

6 months ago

Join Our Capita Data Breach Action

We have launched a group action against Capita. Group actions can be a powerful tool… Read More

6 months ago