The short answer to this question is: yes. WhatsApp Chats are considered part of business records and as such should be preserved. Depending on the industry you work in and your state/country, different laws may apply, but it’s highly advisable to archive your WhatsApp chats. We explore the specificities in the text below.
WhatsApp has been widely embraced by businesses and staff across industries and globe. It’s an affordable communication channel, loved by frontline employees who find the app’s appeal in its ease of use. While WhatsApp, similar to other instant messaging tools, does help employees talk to each other and with customers and exchange information fast, it brings a number of privacy and data management issues.
So today, we look at Whatsapp archiving, why it’s important to archive WhatsApp communication in a business setting in order to stay compliant, as well as how to prepare for ediscovery cases that involve enterprise instant messaging tools. Let’s get going.
WhatsApp for Business Communication
The story of WhatsApp began in 2009, when two ex-Yahoo employees failed to get a job at Facebook and decided to develop a simple messaging app instead.
Ten years later, WhatsApp is the number one instant messaging and free call app in the world with over 2 billion monthly users (as of February 2021), outranking Facebook Messenger at 1.3 billion and WeChat at 1.2 billion users (source: Statista). Like Facebook Messenger, WhatsApp was not originally intended for business use and started as a free alternative to SMS for private users.
Today, WhatsApp has grown to include a business app which lets small businesses interact with customers by automating, sorting and responding to messages.
Medium-sized businesses and enterprises can make use of WhatsApp Business API to connect with customers quickly and securely. Today, the app handles 65 billion messages and 60 million calls daily and is used by 3 million organizations.
Enterprise Instant Messaging Archiving
Mobile has become a valuable business tool that we use to access work-related content, communicate with customers and exchange important business updates. We often use mobile devices to send a quick text to colleagues and business partners on IM platforms such as WhatsApp. This makes such messages business records and brings IM into the compliance arena.
As business regulations expanded and regulators became more comprehensive in their requests for documentation, chat apps have become important aspects of compliance.
New business trends like BYOD and CYOD have additionally complicated the mobile-for-business picture, but regulators don’t seem to care. In recent years, courts have been addressing the discoverability of chat apps and have maintained that such messages are subject to the same discovery standards as email.
For this reason, it’s in your best interest to capture communication from WhatsApp business app, especially when your organization uses it to engage with prospects and customers or if you use it internally.
FINRA explicitly states that “every firm that intends to communicate, or permit its associated persons to communicate… through a text messaging app or chat service must first ensure that it can retain records of those communications” as required by SEA Rules 17a-3 and 17a-4 and FINRA Rule 4511.
WhatsApp Archive for Compliance
If you’re wondering what brings WhatsApp and compliance together, the answer lies in the term “business records”.
The laws that mandate the retention of business records rarely address instant messaging platforms specifically, but the definition of a business record includes many communication channels that aren’t email.
In fact, all messages that are work-related and are exchanged and stored on company-issued and personal devices are considered business records.
So what’s the situation like with business communication exchanged via WhatsApp?
Well, the downside of using WhatsApp for business is that it lacks internal backup capabilities and the proper archiving options necessary from a compliance standpoint.
In addition to WhatsApp Business, many people use their personal WhatsApp accounts to quickly exchange information with coworkers. This helps the workflow, but it’s key that each staff member and the organization overall have a good understanding of potential dangers that lurk here.
As we’ve mentioned earlier—every piece of work-related information exchanged via WhatsApp, whether it was forwarded via a private or business channel, is considered a piece of official business records.
If you’re a decision maker and your job is to create a company-wide policy on communication tools, you should clearly communicate the dangers of using personal WhatsApp channels for business communication.
|Related: Grab The Most Comprehensive Free Workplace Communication Guide|
For instance, let’s say two of your employees chat outside working hours and mention an account your company is working with via their private WhatsApp accounts. In case a client files an ediscovery request, you would need to include this chat as part of the ediscovery file. This chat would also be subject to data retention laws. If you’re working in finance, then under FINRA regulations, you’d be required to preserve this chat for seven years.
So herein lies the problem: if employees do use personal WhatsApp accounts to chat about business, you are faced with countless communication channels that you are required to track, capture, and archive. And to do this, you need to have a solid archiving tool. Unless you archive and retain all business information properly, you could be facing fines for non-compliance.
Photo by Rachit Tank on Unsplash
Archiving Regulations and WhatsApp Compliance in the UK and US
In Europe, MiFID requires the recording of any electronic communications including “email, SMS, business to business devices, chat, instant messaging and mobile device applications.”
In addition, the FCA (Financial Conduct Authority) has sent a strong signal to companies in the UK financial industry that it intends to closely monitor WhatsApp usage for business purposes. In 2019, it held a first of its kind court hearing involving a former employee of VTB Capital in London, who was charged with allegedly obstructing FCA investigation by deleting relevant WhatsApp messages. While a final decision is still pending, similar cases in the past involved imprisonment, fines, and corruption charges.
Meanwhile, in the US, FDA, FTC, HIPAA, SEC and others all have rules around the use and preservation of social media and retention of mobile communications. In a recent survey, 30% of physicians admitted that they have exchanged protected healthcare information via texting apps, WhatsApp included. Without an archiving solution that can capture those messages, this constitutes a HIPAA violation.
Such regulations mandate that organizations, especially those in regulated industries, need to retain and be able to produce business records exchanged via chat apps and instant messaging tools.
While messaging platforms like Slack, Skype, Telegram, Viber and WhatsApp can definitely help with productivity and immediacy (when compared to email, especially in the age of a global pandemic) there are many layers to potential WhatsApp misuse. Here are a few examples:
- If your organization uses email and Slack as official communication channels, the employees could be using WhatsApp to gossip and spread rumors about their colleagues and superiors. Unless you capture WhatsApp content, you’ll be in the dark about this and your HR could not respond adequately.
- A male employee could be sending inappropriate messages, pictures and videos to a female colleague. Unless she brought that up, your HR team wouldn’t know about harassment taking place in the office. If the original messages were deleted, the female employee’s evidence, typically screenshots, might not even stand in court, since images are editable, the metadata is lacking, and message authenticity is difficult to prove. Unless WhatsApp records are captured and archived, your organization could be sued by the woman, with little to no evidence on your part.
- WhatsApp and other gray-zone communication channels could be used by malicious insiders to plan and execute theft of assets or IP, as well as other forms of criminal behaviour. Only by having appropriate policies and contractual obligations regarding instant messaging apps can your organization be certain that these types of behavior aren’t flying under the radar. A monitoring tech solution would help you ensure that the rules are observed.
- According to HR Magazine, being excluded from WhatsApp groups (including unofficial ones) could result in claims of discrimination under the Equality Act, while business-related conversations on instant messaging platforms after business hours and at weekends could also lead to claims of breach of working time regulations.
To sum it all up, WhatsApp conversations are considered business records, have the necessary evidentiary quality and have already been used in employee-related disputes around the world.
This sparked the need for technology that could allow companies to archive instant messages in the same compliant way they already archive email.
Instant Messaging in Ediscovery
Two thirds of organizations in the US currently use instant messaging platforms and mobile to communicate at work and about work. Content exchanged on WhatsApp can easily turn into a liability and cost your company millions of dollars if not managed and archived properly. It can spark investigation by regulatory bodies, attract auditors and be used as evidence in discovery.
In the UK, employers are increasingly looking to manage WhatsApp use in order to minimize the potential of it leading to confidentiality breaches and data protection failures in accordance with the Data Protection Act (2018), as well as harassment claims under Equality Act (2010).
Archiving WhatsApp communication and similar instant messages allows organizations to have worry-free workplace messaging in a way that boosts employee productivity and collaboration but also addresses compliance and ediscovery requirements and reduces risk. When captured, the content exchanged on WhatsApp undergoes the same process as email – it is indexed, made searchable and then it gets stored safely until the retention period mandated by relevant regulations expires.
In order for WhatsApp evidence to be admissible in court, it is critical for it to contain metadata such as the date/time of the message and contact information of the sender and recipient such as the phone number or the email address. Without a dedicated WhatsApp archiving solution, both the metadata and content of the message can be altered, which is why printing or taking screenshots isn’t enough for a proper instant message archiving strategy.
Enterprise WhatsApp Archiving: How it Works
Good news is that there are third-party solutions designed to solve WhatsApp compliance issues for organizations operating in regulated industries, but also for smaller businesses that value security and proper record-keeping.
If your employees use WhatsApp for business communication and if your organization allows corporate and BYOD mobile devices, this is a perfect way to ensure compliance and have oversight of what’s communicated on this channel.
So how does WhatsApp archiving work in a business setting?
Essentially, employees continue to use WhatsApp from the web interface or the mobile app normally. Meanwhile, WhatsApp archiver captures all chats (group and individual), text messages, multimedia, files and deletions.
It then indexes them and houses them in the company archive separately or together with email, social media content and everything else you are already archiving.
When searching through your archive, you will be able to search and filter messages based on various criteria such as employee name, email, mobile number, message type etc. Retention works on both iOS and Android devices, as well as the desktop app and captures messages with metadata and operates automatically.
What are the benefits of automating the WhatsApp archiving process? First and foremost, end-users don’t have to be involved in the process, which will greatly reduce the risk of error and boost business productivity.
Jatheon’s WhatsApp archiving software is a cloud-based platform which allows organizations to capture all WhatsApp chats, even the deleted messages, in real time. It also lets relevant departments (legal, IT, compliance) access, search, manage and produce these records for multiple use cases – as a simple reminder, HR investigations, productivity tracking, and as part of various compliance obligations.
If you want to see how you can archive WhatsApp chats using our comprehensive and customizable cloud platform, contact us or schedule a personal demo.