Enforcement

The Information Commissioner’s Office (‘ICO’) has called for a government review into the systemic risks and areas for improvement around the use of private correspondence channels – including private email, WhatsApp and other similar messaging apps. This comes after the announcement of an enquiry into the messaging systems used by government throughout the pandemic, earlier this year. The ICO report details a yearlong investigation, launched in 2021 by Commissioner Elizabeth Denham, into the use of these channels by Ministers and officials at the Department of Health and Social Care (‘DHSC’) during the pandemic.

The investigation found that the lack of clear controls and the rapid increase in the use of messaging apps and technologies – such as WhatsApp – had the potential to lead to important information around the government’s response to the pandemic being lost or insecurely handled.

Action Taken:

The ICO has now issued DHSC with a practice recommendation ordering the department to improve its management of FOI requests and address inconsistencies in its existing FOI guidance. This will ensure FOI requests are better managed, particularly in relation to any material created or contained in personal accounts.
A reprimand has also been issues
To make sure wider lessons are learnt, the ICO is also calling for the government to set up a separate review into the use of these channels and how the benefits of new technologies, including private messaging services, can be realised whilst ensuring data protection and transparency requirements are met.

This is a particularly important story when we think about WhatsApp. If you are a regular on our podcast or a regular newsletter reader, at Digital Law we regularly mention WhatsApp and the dangers of using this platform for business related purposes. This year alone, we have discussed multiple stories, including one from the MOD, informing service personnel to use alternative messaging apps such as Signal due to WhatsApp’s security. This is because while the app is ‘encrypted’, due to the fact that the messages are stored on the cloud, this makes it more accessible for hackers. Alternative messaging apps such as Signal are more secure because no messages are stored on the cloud, rather they are stored on the device themselves, effectively then the only way to get the messages would be to take the device itself.

Finally, for the avoidance of all doubt, this is not a new policy. You should not be using WhatsApp for business purposes. Especially considering highly regulated sectors such as law, finance and government. Highly regulated sectors, in this particular case, relating to the government, really highlights why, for a regulated sector, using unsecure platforms can be a real problem. It also highlights the stance that the ICO are likely to take if you, as an organisation, have a breach and you are using WhatsApp or other similar messaging platforms such as Telegram.

For more information as well as advice and guidance, please do not hesitate to contact us at admin@ansonevaluate.com.

Since May 2021, the Information Commissioner’s Office (‘ICO’) have issued 37 fines for a total of £3.04 million to companies for nuisance calls and messages.

These fines fall under the Privacy and Electronic Communications Regulations (‘PECR’) and not the General Data Protection Regulation (‘GDPR’). This is an important distinction when we are thinking about ICO fines, due to the fact that the ICO typically focus on PECR fines over GDPR. Looking at the amount of fines that will have had to have been given out, the figures would suggest that it is mainly mid-tier SME businesses that have been subject to these fines.

The UK government, outlined in the new Data Reform Bill proposal, have proposed an increase in fines to organisations that breach PECR, with the aim of preventing companies contacting people for marketing purposes without consent. It proposes that the ICO’s power to fine companies will increase from the current maximum of £500,000 to up to four per cent global turnover or £17.5 million, whichever is greater.

Why is this important?

If you are a business who regularly calls customers and potential customers, you may want to consider your marketing strategy and how this may be affected by the change. Similarly, this is a testament to the increased powers that the ICO will have under the proposed new legislation.

As it stands, the ICO can only penalise organisations for calls that are answered however, legislation, outlined in the Data Reform Bill, will allow them to take action over high volumes of unanswered calls. However, a key thing to mention here is the fact that these calls do need to be reported before the ICO can take action and therefore, while the fine increase is a step in the right direction, arguably it does not do enough to protect consumers.

Who we are

How we work

Get in Touch

Who we are

How we work

Get in Touch

Let’s protect your business and reputation