Not again: a carer not only used a client’s full name in WhatsApp but also posted a picture with sensitive data.
Does this sound familiar?
Well, then you have a problem. According to current regulation, this is a data privacy violation which risks a fine of up to $20 million.
Even if there is a company policy on the “proper” use of WhatsApp, care providers struggle to prevent violations.
⚠️WhatsApp has no place in care and no company policy can protect your business from violations.
For years now, WhatsApp, which today is owned by Meta (formerly Facebook), has faced harsh criticism. Experts continuously criticise the inadequacy of data privacy regulations, opaque terms and conditions, and increasingly frequent data leaks.
Despite the growing criticism, WhatsApp is used by over 2 billion people worldwide for both private and professional purposes. This is where the issue is most concerning: using WhatsApp for work can have far-reaching implications, especially for companies handling personal information.
From losing control over data to the details of data transfer across jurisdictions - we summarize the main risks you face when using WhatsApp, and most other messengers, for work, and provide a list of alternatives that you can use instead.
Reason #1: No control over data and users
WhatsApp stores data from chats, including files and text, locally i.e. on the users' mobile phones. This means that you completely lose control over this data.
For example, when someone leaves your company, you have no way to access, save, block or delete the information on their phone. In case of an audit, this information is lost or unavailable. Whatever you exchanged via (group) chat is in the possession of the recipient(s) and you have no way of controlling whether this data has been deleted, saved or shared with unauthorized third parties.
In addition, you cannot control how many and which groups or chats are created and what information is exchanged there. You simply do not know and cannot control this - which is a huge data protection risk.
To be clear: no company policy or guideline can protect you here. Ultimately, as per the General Data Protection Regulation (GDPR), the care provider is the “data controller” and as such, responsible for complying with data protection requirements. This is no small responsibility and fines can amount to 4% of turnover or $20 million.
Reason #2: In real life, it is impossible to use WhatsApp in a way compliant with data protection regulations
Personal data is never shared via WhatsApp?
No one leaves your company on bad terms?
You do not need “control” because you trust every single employee?
The above would be nice, but experience has taught us otherwise. It is impossible to guarantee data-privacy compliance using WhatsApp.
Here are only a few, very common examples and their damaging effects:
-
A photo of a broken plate is shared. In the background, the client’s MAR is visible.
-
A carer changes her phone carrier and the old number is reassigned to someone else. Suddenly, an unknown person is in the group chat without anyone noticing, and receives everyone’s messages
-
If someone chooses not to use WhatsApp, they are cut off from others using it and miss important information that others post
Did you know?
When a post is reported to WhatsApp as inappropriate, it is passed to a third party for review - and you lose control over the content. WhatsApp explicitly states that the last 5 messages of the contact or group will be shared with WhatsApp once a post is reported!
Reason #3: Chaotic chats and lost information
One of the most common problems with messengers is that people start "chatting". This is not surprising: it is exactly what providers have optimised their messengers for. The wide-ranging implication, however, is that important information is lost in the flood of irrelevant texts, emojis, pictures and links to funny cat videos. There is so much happening at once in an unstructured chaos, that notifications are no longer taken seriously.
In addition, it is impossible to retrace or document who communicates what information to whom at what time. This is a nightmare for anyone trying to set up transparent and efficient processes, and only leads to unnecessary confusion and duplication. It becomes even more serious when proof needs to be provided during an audit.
The main learning is: use the right tool for work communication. With all the solutions there are, there is bound to be something that has been optimised to fit your specific needs.
Reason #4: Mixing work and play usually ends very badly
In addition to the regulatory issues mentioned so far, the impact of using WhatsApp for work on people's private lives cannot be disregarded. It has been shown that constant availability leads to stress and burnout, both of which directly impact your team and yourself. Staff is "always on" because there is no possibility to log off from WhatsApp. Even messages meant for someone else are posted in group chats and prompt users to click on the little red badge with “1”. Even though staff is off duty, they actually aren’t. In the long run, this can have devastating consequences on the health and morale of your team.
Another issue is that private messages and pictures can inadvertently be sent to the wrong people or even posted in work groups. In the best case, this leads to confusion and a short apology. In the worst case, it can lead to unpleasant conversations, confrontations and even termination.
For the above reasons, do not mix your personal and professional life by using WhatsApp for work.
Reason #5: Data protection regulation and Facebook, the company that owns WhatsApp
WhatsApp, which belongs to Meta (formerly Facebook), is based in the US and provides its services from there.
Accordingly, the terms of use along with stipulations on sharing data with the parent company are written from the perspective of an American corporation - and much is hidden in the fine print.
Did you know that messages that have not yet been delivered are stored on WhatsApp's servers for up to 30 days? It says so in the terms of use - without any further explanation, for example where these servers are located or what security requirements are met.
In short: it is impossible to prevent your data from ending up on a Facebook server.
Another issue that you face using WhatsApp, is that you give third parties access to all of the contacts stored in your address book. In fact, this goes even further: you explicitly agree that WhatsApp may access your contact lists and/or address book to ensure the use of the WhatsApp service. Again, it is in the fine print.
In our private lives, we may choose to accept this risk. It is a personal choice - even though we often are not informed of the implications. In business, however, we carry the responsibility not only for ourselves, but also for others. The choices we make can have far-reaching legal and financial implications, and it is important that we pay attention to the details.
Secure alternatives to WhatsApp
There are many messenger services, such as Signal, Telegram, Threema or Wire, which position themselves as alternatives to WhatsApp. Some of these have comparatively higher levels of data privacy than WhatsApp but carry their own risks. While they can be used for private communication with friends or family, they are not recommended for professional purposes.
The truth is: free services might not cost anything, but you still pay for them. The currency is data.
In reality, neither WhatsApp nor the alternatives mentioned can be used in a privacy-compliant way. Companies cannot control how terms of use nor company ownership, determining the company’s interests, change over time.
Hence the conclusion: if you want to ensure compliant communication for your company, the only way is to use software that was developed specifically for that purpose. While it may not be free, it will definitely be worth it.
Feel free to schedule a free demo with one of our experts to get to know our market-leading solution for patient-centered communication in care.