Using WhatsApp at work

Anna Birtwistle and Pooja Dasgupta at Farrer & Co explain how firms can prevent personal platform misuse within professional services

In the client-oriented world in which professional services firms operate, maintaining a competitive edge and raising profile now involves developing a strong online presence and following; for example, via LinkedIn or X. In addition, clients expect a level of service which not only requires instant responses by email, but has now transcended into parallel communications via instant messaging platforms, such as WhatsApp. 

Using apps like WhatsApp for work purposes, which are also used day-to-day in a personal context, creates the blurring of lines between professional and personal communications, giving rise to legal and regulatory risks, as well as potential reputational issues.

It has become all too common for damning “private” messages circulated via workplace group chats to find their way into high profile news stories; for example, the Met Police repeatedly finding the discriminatory and misogynistic contents of their officers’ WhatsApp groups plastered all over the internet, generating widespread public concern and condemnation as to systemic cultural issues across the police force. 

Blurred lines between personal and professional communications

Just as social media and  messaging platforms have fundamentally changed the way we communicate in our social lives, expectations and preferred modes of communications have changed in a professional context. It is therefore unsurprising that clients turn to apps such as WhatsApp to engage with their advisers.

On the one hand, this may have some benefits in terms of the perceived accessibility of advisers and closer professional relationships built from instantaneous and less formal communications. On the other, however, the pressure to respond quickly and the more informal nature of communications is precisely what gives rise to negligence related risks, where advisers are providing less considered advice than they would, were they to be communicating on traditional channels.

In addition, HR risks can also arise in the context of protecting the wellbeing of staff, who may find themselves contactable by clients and colleagues at all hours of the day.

Whilst WhatsApp boasts of its end-to-end encryption, the reality is that the way in which the platform is regulated is a relatively grey area for employers and any messages shared via WhatsApp for business purposes should therefore be treated with the utmost caution. Any written, video and audio communication shared via WhatsApp is capable of being recorded, stored and shared, and is often impossible to retract. Such messages can later end up being “golden bullets” in litigation and can render employers vicariously liable for actionable claims, as was seen in a 2020 Employment Tribunal ruling which held that the discriminatory and offensive contents of a group WhatsApp conversation constituted unlawful harassment 

Many firms issue work devices to their employees and partners, with a view to retaining control over the way in which those devices are used. However, in reality, it may be that clients and contacts have been introduced via personal networks and channels, and therefore communication may continue to be carried out via personal devices and accounts.

To combat the wide-ranging risks associated with use of private accounts or devices, firms should ensure that they have clear policies in place relating to IT usage and online security for all levels of seniorities, setting out the standards expected and consequences of breach. It is advisable for such policies to make clear that:

1. The firm’s electronic communication systems should be used in strong preference to any other systems

2. If using personal devices and/or private email accounts and private instant messaging applications for business purposes (although generally prohibited), permission must be sought by the firm’s IT department (or other relevant person), and devices, accounts and applications may become subject to disclosure in litigation and document preservation/search requests.

Additionally, the use of less formal channels to communicate with clients, such as text messages or WhatsApp, should be the exception and not the norm, and only undertaken where internal approval of the application being used has been sought. Furthermore, usual principles of confidentiality regarding firm/client confidential information must apply, and any such communications should always be backed up on the firm’s systems.

Regulatory implications of misuse of personal accounts

One of the key drivers for firms seeking to protect themselves in respect of potential misuse of personal accounts is to ensure that client information (and other sensitive firm information) remains confidential. 

Confidentiality is, of course, at the heart of the core regulatory duties owed by individuals in professional services. For example, SRA-regulated lawyers are required to “keep the affairs of current and former clients confidential unless disclosure is required or permitted by law or the client consents” and, more generally, “act in a way that upholds public trust and confidence in the solicitors’ profession”.

Similarly, ICAEW-regulated accountants are required “to respect the confidentiality of information acquired as a result of professional and business relationships. Confidential information must not be disclosed outside the organisation without authority, unless there is a duty or right to disclose, or disclosure is in the public interest and permitted by law”.

Notwithstanding the risks that communications via WhatsApp or similar applications pose to the upholding of such confidentiality obligations, professional services firms and regulators do not appear to have followed in the footsteps of the financial services sector in seeking to clamp down and/or prohibit communications via private messaging services altogether.

However, as it did in the case of the former DWF trainee who was prevented from being employed by another firm without the SRA’s permission over unauthorised confidential information leaks to a third party, the SRA has shown that it will not hesitate to take action, in circumstances where SRA-regulated professionals have breached their obligations of confidentiality and/or other SRA Principles, one or more of which may be breached in the event of misuse of confidential information via private messaging platforms.

Professional services firms would therefore be well advised to incorporate a general requirement into their IT usage, online security and social media policies stating that any (exceptional) use of private messaging platforms for business purposes must at all times be subject to relevant regulatory duties.

Whilst embracing the undeniable benefits of “app culture”, it is important for professional services firms and those who work for them to ensure that they are cognisant of their legal and regulatory duties when using such apps and platforms for business purposes, and the clear delineation between personal and professional use.

Anna Birtwistle is a Partner at Farrer & Co and Pooja Dasgupta is an Associate

Main image courtesy of iStockPhoto.com