WhatsApp is an incredibly convenient tool for any business that needs to quickly and easily exchange information. It allows team members to communicate among themselves in real time, while reducing unnecessary steps. It helps businesses talk to customers and offer services right off the bat.
And its popularity has been going up. Currently in use by 3 million organizations and 2 billion people, WhatsApp is steadily pervading the workplace. A study by CSS Insights showed that WhatsApp has surpassed apps such as Slack and Microsoft Teams in popularity. Ironically, the latter two were built precisely for the purpose of workplace communication.
However, these findings shouldn’t come as a complete surprise. Already comfortable with using WhatsApp for their personal conversations, people have simply started bringing the app into their business lives. And by doing so, they have taken the conversation with their peers and customers there as well.
And it is precisely in this move, from personal to business, that companies often tend to overlook the implications of using WhatsApp for business.
The biggest issue here is a lack of awareness. As a result, companies lack clear rules and procedures that regulate how WhatsApp should be used in a business setting. This way, companies can fall into a trap of non-compliance with a number of laws that govern this field. And this can result in hefty fines and lawsuits.
Wherein Lies the Problem: Understanding WhatsApp Regulatory Landscape
The point is that all business-related communication that goes through WhatsApp is considered official business records. This means that any text or voice message, video, or image shared through WhatsApp, concerning some aspect of your business, is a business record.
For example, if you ask your coworker about a deal with a client, that information is as an official business record. Or if you talk to an existing customer about upgrading their current plan, again, that’s an official business record.
Thus, it needs to be preserved in line with different laws. The period for which you need to preserve these records will vary across industries. Overall, you need to make sure that you don’t lose any message exchanged via instant messaging tools, WhatsApp included.
So, here is a rundown of main laws that regulate how official business records need to be treated.
FINRA is a body within the US Securities and Exchange Commission that ensures brokers and dealers work in compliance with regulations.
For example, if your company wants to introduce a new communication channel, it needs to ensure it has tools and means to retain those records.
Basically, this means that you need to make sure that your WhatsApp archive can safely store and preserve information exchanged from your employees WhatsApp accounts that concerns any aspect of your business before you opt for using WhatsApp in the workplace.
HIPAA is a key piece of legislation that governs patient healthcare information and how companies can use them.
Under HIPAA, healthcare institutions must not disclose confidential patient information without prior consent, unless in some prescribed cases. Yet, a survey by Spyglass Consulting Group found that 30% of physicians have shared patient protected information via WhatsApp with fellow physicians, which classifies as a serious violation. It not only leads to non-compliance, but it exposes the healthcare organization to data breaches, fines and reputational damage.
MiFID and FCA
Meanwhile, in Europe, companies need to follow similar rules. Under the European Directive 2014/65/EU, companies need to preserve any client-related communication in electronic form and present those records in case of supervisory control.
How Can Teams Ensure WhatsApp Business Compliance?
So, it’s clear that the regulatory landscape is pretty complex when it comes to using WhatsApp for workplace communication.
There are numerous laws that you need need to follow. Plus, your business needs to prove that it’s capable of ensuring your WhatsApp archive is intact for as long as required. So, here’s what can help ensure full compliance.
Understand regulatory requirements
The first step towards safe and compliant use of WhatsApp is to understand the laws you need to follow.
This means noting down things such as:
- all the retention periods you need to follow,
- the types and formats of business records,
- what’s considered a business record in your industry,
- what tools employees can use for workplace communication.
Usually, this falls within the remit of your compliance or legal team. But if you’re a small company or might not have all processes well-established, assign this responsibility to someone on the team.
Raise awareness among team members
While instant messaging apps are convenient for team communication, they entail a number of pitfalls for the entire company.
Often, team members are not aware of their responsibilities. They are also unaware of what information can be safely exchanged via WhatsApp. Small pieces of information can become crucial in a legal proceeding or eDiscovery requests. And thus it’s important that everyone on the team knows their responsibilities.
There are many ways in which you can spread the knowledge. It’s best to work together with the team to shape communications policies. This helps secure the buy-in more easily. Facilitate workshops or group discussions on common uses and practices. Check how often and in which ways your employees use WhatsApp.
Ensure proper technical support
As you’ve seen in the parts on FINRA, you should have technology to preserve all this information. So, before your teams use WhatsApp for business discussions, check whether you can preserve it.
Bear in mind the volume of information shared, as well as the format (video, voice, text). Ensure your tech team can preserve all these bits of information securely so that they are easily accessible. Again, preparing now for compliance can go a long way in ensuring you avoid fines and damaged reputation.