The Information Commissioner’s Office (ICO) has recently released a report following an investigation into the use of private messaging channels by the Department of Health and Social Care during the pandemic which resulted in a formal reprimand being issued to the UK Government department. The ICO called successfully for the COVID-19 Inquiry to also take into account how the government (and possibly by extension, Local Authorities) recorded information during the pandemic.
The investigation concluded that multiple non-departmental channels such as WhatsApp, Hotmail and Gmail were used by staff and Ministers during the pandemic, some of which included Special Category Data, constituting an unnecessary risk.
Some of the areas of concern when we use unofficial channels for work communication include:
The risk of confidential and/or personal data being released into the public domain
Data not deleted from services outside of our corporate network and control
Communications and information not being available to satisfy internal requirements, Subject Access and Freedom of Information Requests
Sometimes we may find that we need to use personal messaging services in relation to our work; the ICO recognises this and has previously made guidance available to public sector organisations with reference to information management. Key to this is a need to regularly copy information to corporate systems, and ensure deletion from the third party system.
Your organisation is likely to have some form of guidance relating to use of private means to conduct business, and this may be supplemented by or included in a “Bring Your Own Device” policy – your FOI or Data Protection Teams will be able to advise you.
Leadership Team Member