Why is this important?
When you use unauthorised instant messaging applications at work, you put your company at risk. These applications are not always properly secured, which means that the information you send through them can easily fall into the wrong hands. This can lead to data leakage and other problems.
What are the risks?
Lack of control over data
When you use Messenger or WhatsApp, we don't have full control over the information we send. If there are problems, such as your account being hacked, it can be difficult to recover data or find out what happened to it.
Risk of hacking attacks
These applications can be an easy target for hackers. If someone hacks into your account, they can gain access to your company's confidential information.
Potential for data leakage
Sending sensitive documents through these communicators can lead to leakage. Personal data of customers or employees can end up in the wrong hands, which can result in serious consequences for the company.
Example from life
Recently, the Personal Data Protection Office penalised the Minister of Health for, among other things, the use of an unauthorised messenger. The Minister of Health used WhatsApp to send doctor data extracted from the system, which was not included in the risk analysis. WhatsApp is not considered to be a secure channel for public authorities to communicate, due to numerous breaches of GDPR regulations. In 2021, the owner of WhatsApp was fined €225 million by the Irish supervisory authority (DPC) for lack of transparency in the processing of personal data. WhatsApp did not clearly indicate what personal data and in what situations is shared with other apps and Meta (Facebook) entities. Again, on 12 January 2023, WhatsApp was fined €5.5 million for failing to comply with its transparency obligation.
What can we do?
- Use only authorised tools: Use only company-approved applications for business communications. These are properly secured and provide greater control over your data.
- Take care of security: If you have any doubts about the security of the tools you are using, contact your IT department or the Data Protection Officer.
- Report problems: If you suspect that a data security breach has occurred, report it to the IOD immediately.