A short answer to this question is: yes. WhatsApp Chats are considered part of business records and as such should be preserved. Depending on the industry you work in and your state/country, different laws may apply, but it’s highly advisable to archive your WhatsApp chats. We explore the specificities in the text below.
WhatsApp has been widely embraced by businesses and staff across industries and globe. It’s an affordable communication channel, loved by frontline employees who find the app’s appeal in its ease of use. While WhatsApp, similar to other instant messaging tools, does help employees talk to each other and with customers and exchange information fast, it brings a number of privacy and data management issues.
So today, we look at enterprise Whatsapp archiving, why it’s important to archive WhatsApp communication in a business setting in order to stay compliant, as well as how to prepare for eDiscovery cases that involve enterprise instant messaging tools. Let’s get going.
WhatsApp for Business Communication
The story of WhatsApp began in 2009, when two ex-Yahoo employees failed to get a job at Facebook and decided to develop a simple messaging app instead.
Ten years later, WhatsApp is the number one instant messaging and free call app in the world with over 2 billion users (as of February 2020). Like Facebook Messenger, WhatsApp was not originally intended for business use and started as a free alternative to SMS for private users.
Today, WhatsApp has grown to include a business app which lets small businesses interact with customers by automating, sorting and responding to messages.
Medium-sized businesses and enterprises can make use of WhatsApp Business API to connect with customers quickly and securely. Today, the app handles 65 billion messages and 60 million calls daily and is used by 3 million organizations.
Enterprise Instant Messaging Archiving
Mobile has become a valuable business tool that we use to access work-related content, communicate with customers and exchange important business updates. We often use mobile devices to send a quick text to colleagues and business partners on IM platforms such as WhatsApp. This makes such messages business records and brings IM into the compliance arena. As business regulations expanded and regulators became more comprehensive in their requests for documentation, chat apps have become important aspects of compliance.
New business trends like BYOD and CYOD have additionally complicated the mobile-for-business picture, but regulators don’t seem to care. In recent years, courts have been addressing the discoverability of chat apps and have maintained that such messages are subject to the same discovery standards as email.
For this reason, it’s in your best interest to retain the content from WhatsApp if your organization uses it to engage with prospects and customers or if you use it internally.
FINRA explicitly states that “every firm that intends to communicate, or permit its associated persons to communicate… through a text messaging app or chat service must first ensure that it can retain records of those communications”.
WhatsApp Archiving for Compliance
If you’re wondering what brings WhatsApp and compliance together, the answer lies in the term “business records”.
The laws that mandate the retention of business records rarely address instant messaging platforms specifically, but the definition of a business record includes many communication channels that aren’t email.
In fact, all messages that are work-related and are exchanged and stored on company-issued and personal devices are considered business records.
So what’s the situation like with WhatsApp?
Well, the downside of using WhatsApp for business is that it lacks internal backup capabilities and the proper archiving options necessary from a compliance standpoint.
In addition to WhatsApp Business, many people use their personal WhatsApp accounts to quickly exchange information with coworkers. This helps the workflow, but it’s key that each staff member and the organization overall have a good understanding of potential dangers that lurk here.
As we’ve mentioned earlier—every piece of information exchanged via WhatsApp, whether it was forwarded via a private or business channel, is considered a piece of official business records.
If you’re a decision maker and your job is to create a company-wide policy on communication tools, you should clearly communicate the dangers of using personal WhatsApp channels for business communication.
For instance, let’s say two of your employees chat outside working hours and mention an account your company is working with via their private WhatsApp accounts. In case a client files an eDiscovery request, you would need to include this chat as part of the eDiscovery file. This chat would also be subject to data retention laws. If you’re working in finance, then under FINRA regulations, you’d be required to preserve this chat for seven years.
So herein lies the problem: if employees do use personal WhatsApp accounts to chat about business, you are faced with countless communication channels that you are required to track, capture, and archive. And to do this, you need to have a good archiving tool. Unless you archive and retain all business information properly, you could be facing fines for non-compliance.
Archiving Regulations, WhatsApp and Compliance
In Europe, MiFID requires the recording of any electronic communications including “email, SMS, business to business devices, chat, instant messaging and mobile device applications.”
In addition, the FCA (Financial Conduct Authority) has sent a strong signal to companies in the UK financial industry that it intends to closely monitor WhatsApp usage for business purposes. In 2019, it held a first of its kind court hearing involving a former employee of VTB Capital in London, who was charged with allegedly obstructing FCA investigation by deleting relevant WhatsApp messages. While a final decision is still pending, similar cases in the past involved imprisonment, fines, and corruption charges.
Meanwhile, in the US, FDA, FTC, HIPAA, SEC and others all have rules around the use of social media and mobile communications. In a recent survey, 30% of physicians admitted that they have exchanged protected healthcare information via texting apps, WhatsApp included. Without an archiving solution that can capture those messages, this constitutes a HIPAA violation.
Such regulations mandate that organizations, especially those in regulated industries, need to retain and be able to produce business records exchanged via chat apps.
This sparked the need for technology that could allow companies to archive instant messages in the same compliant way they already archive email.
Instant Messaging in eDiscovery
Two thirds of organizations in the US currently use instant messaging platforms and mobile to communicate at work and about work. Content exchanged on WhatsApp can easily turn into a liability and cost your company millions of dollars if not managed and archived properly. It can spark investigation by regulatory bodies, attract auditors and be used as evidence in discovery.
Archiving instant messages allows organizations to have worry-free workplace messaging in a way that boosts employee productivity and collaboration but also addresses compliance and eDiscovery requirements and reduces risk. When captured, the content exchanged on WhatsApp undergoes the same process as email – it is indexed, made searchable and then it gets stored safely until the retention period mandated by relevant regulations expires.
In order for WhatsApp evidence to be admissible in court, it is critical for it to contain metadata such as the date/time of the message and contact information of the sender and recipient such as the phone number or the email address. Without a dedicated archiving solution, both the metadata and content of the message can be altered, which is why printing or taking screenshots isn’t enough for a proper instant message archiving strategy.
Enterprise WhatsApp Archiving: How it Works
Good news is that there are third-party solutions designed to solve WhatsApp compliance issues for organizations operating in regulated industries, but also for smaller businesses that value security and proper record-keeping.
If your employees use WhatsApp for business communication and if your organization allows corporate and BYOD mobile devices, this is a perfect way to ensure compliance and have oversight of what’s communicated on this channel.
So how does WhatsApp archiving work in a business setting?
Essentially, employees continue to use WhatsApp from the web interface or the mobile app normally, while the solution captures all chats (group and individual), text messages, multimedia, files and deletions.
It then indexes them and houses them in the company archive together with email, social media content and everything else you are already archiving.
When searching through your archive, you will be able to search and filter messages based on various criteria such as employee name, email, mobile number, message type etc. Retention works on both iOS and Android devices, captures messages with metadata and operates automatically.
What are the benefits of automating the WhatsApp archiving process? First and foremost, end-users don’t have to be involved in the process, which will greatly reduce the risk of error and boost business productivity.
Having a unified archive with all your content (email, social media, WhatsApp) will allow your administrators and compliance officers to search through multiple formats from a single platform and save time and effort.
In case you’re looking for more information on social media archiving, check out these resources:
Want to see how Jatheon can help you archive WhatsApp communication in your organization? Schedule a personal demo or or learn more about Jatheon’s WhatsApp archive feature set.