Your 10-second Takeaway
- WhatsApp gives you major compliance and risk issues
- WhatsApp doesn’t scale effectively beyond 100 users
- WhatsApp was never designed as an enterprise tool
- WhatsApp has inspired better business-grade solutions
- WhatsApp might be free – but could cost you dear
One of the common workplace trends over the past few years has been the rise of ‘shadow IT’, the tendency for staff to turn to consumer technology and apps to fill a perceived gap in a company’s formal IT provision. There are staff in plenty of sectors relying on things like WhatsApp to help them with operational and communication requirements in lieu of a
business-grade solution, as a recent Google study highlighted:
“Fifty-three percent of frontline workers use messaging apps such as WhatsApp and Facebook Messenger up to six times a day for work-related reasons, but 68% of them said they’d stop if given approved internal communication tools.”
Most organisations are probably aware of the inherent problem here – that WhatsApp falls well short of a GDPR compliant standard. But when it is regularly legitimised by its everyday use by so many, even our own government ministers, you can well understand why they turn a blind eye.
Sadly, ‘But Boris, Rishi and Sajid use it’ is not a sufficient defence when an increasingly muscular ICO comes calling. And if you need to explain your immediate sanctioning the use of WhatsApp and its ilk either up or downstream, here are the three things you need to know.
Key point No 1: We’ve already mentioned it and it’s the biggest no-no – WhatsApp really fails the compliance test.
From a data protection compliance perspective, it's very difficult to demonstrate compliance with the GDPR principles when a corporate permits (actively or tacitly) use of B2C messaging groups by its staff. And remember it’s not just a personal data issue here – sensitive corporate data can often be shared on messaging groups (e.g. sales and financial data, disputes etc.), so there is a real risk of a loss of control of valuable data i.e. it walks out of the organisation when the staff member leaves as the information is on their personal device or linked to their personal account (even if a device is returned with the local memory cleared, the information is often backed-up in to a personal cloud drive, depending on the settings).
The app itself also suffers from a terrible disconnect – the strong user optics of amazing ease of use and powerful encryption and the shocking reality of regular hacking, predatory scammers and malware vulnerability.
Key point No 2: User management – or lack of.
Related to point #1 as there are clear security implications in anybody being able to be added to a messaging group or remain on a messaging group – so corporate/personal data may be inadvertently shared with leavers/competitors! Ditto if a group member changes their phone number and they aren’t removed from a chat, and the new owner of that number continues to get all the messages.
And then there’s the rather more fundamental issue of WhatsApp groups being limited to 100 people – so not exactly the scalable, easy to manage solution most enterprises need for their internal comms.
Which brings us onto...
Key point No 3 : It’s just not very good as a proper comms tool.
But why should it be, when it was never designed to for that purpose? Where’s the command and control structure, the analytics, the audit trail? Why have people got silly names and avatars? How many groups am I actually in and where was it that I read that really important instruction….hang on, let me search through my ten groups to find it…
Besides, work is work, play is play. No-one wants to be whatsapping their friends only to have a work notification intrude. There’s enough blurring of the lines already between the professional and the privaye, and as for that picture down the pub that you inadvertently sent to a work group…
But, but, but….for all the compelling arguments against WhatsApp – and we’re not alone in making them, there’s a big lobby telling organisations to wake up and smell the compliance coffee – for all of the warnings, companies still give it tacit acceptance by doing nothing. Maybe they’re comfortable with what they can’t see, they can’t worry about….or that because it’s outside the corporate firewall, anything that goes on they believe is deniable. That is a very dangerous road to go down given the ‘trial by social media’ pile-ons that can affect any brand if they’re deemed to have taken a misstep or fallen short of their moral, if not formal/legal obligations…
Our own Engage employee app has internal comms at its heart. Our inspiration, ironically, was every social media platform – Facebook, Instagram, Snapchat, and yes WhatsApp – because let’s face it, they are quite brilliant: fun and easy to use and everyone just gets ‘it’. All we did was to build something that took the very best of social media and put it into a business-grade wrapper. In their private lives, people connect, communicate and engage naturally every day through these public channels…why shouldn’t they do the same at work given the appropriate tools?
If we refer back to that Google stat, nearly three quarters of workers would happily do this. But that would mean companies spending to replace a convenient solution that is free. Free yes, but at what cost?