Financial sector feels pressure to monitor use of WhatsApp

Katie Hewson, Nic McMaster and Nelson Kiu of Stephenson Harwood LLP report on how to navigate the data protection implications of monitoring staff use of messaging applications.

This article examines the data protection law challenges of ensuring that staff members’ “off-channel communications” are properly recorded. This is a particular challenge for organisations that are subject to regulatory record-keeping obligations, such as financial services organisations (FS Organisations). However, it will be relevant to any organisation that wishes to monitor staff members’ business communications made through unauthorised channels or on personal devices (for example, to check for evidence for use in litigation).

Many FS Organisations have recently bolstered their supervisory procedures to more closely monitor the use of off-channel communications for conducting business activities. This follows a decision by the US Securities and Exchange Commission (SEC) to issue fines totalling US$1.1 billion against 15 organisations in September 2022. In issuing the fines, the SEC noted that employees’ use of messaging applications (such as WhatsApp and SMS) for work-related purposes had resulted in a failure by the FS Organisations to maintain or preserve these communications. This was because the information on these applications was not easily accessible to the FS Organisations. Similar “books and records” preservation requirements are imposed under UK regulations, with reports that the UK regulator is also looking into the use of WhatsApp at FS Organisations.

Continue Reading

UK Report subscribers, please login to access the full article


If you wish to subscribe, please see our subscription information.