The UK's data protection watchdog the ICO has launched an investigation into the alleged use by ministers of private email accounts and WhatsApp to conduct government business, saying it will try to establish "if private correspondence channels have been used, and if their use led to breaches of freedom of information or data protection law."
Many in Whitehall -- where WhatsApp reigns as a source of political gossip and deal-making -- may raise eyebrows at the belated move, given the ubiquity of such informal channels, but Information Commissioner Elizabeth Denham, whose term ends October 2021, sounded convincingly sharp in a July 6 blog, noting that the ICO "has a range of powers following the completion of an investigation... up to the option of criminal prosecution of individuals where information has been deliberately destroyed, altered, or concealed after it has been requested under the Freedom of Information Act".
The investigation comes as allegations fly that senior officials within the Department for Health and Social Care – including former health secretary Matt Hancock -- used private emails to discuss sensitive government business.
See also - One to watch #5: Element. We spoke to the encrypted messenger & Matrix host.
Denham said she has "served information notices on the department and others to preserve evidence relevant to my inquiry", adding that "the practice of using private communications channels to conduct parliamentary and government business is not a new issue for my office. The ICO, successive governments and The National Archives have previously emphasised the important principle of transparency around government decision making, and the courts have also ruled on several specific information requests that touched on this area. We will continue to remind public authorities of the importance of good records management, and supporting them to get this right."
The government could do worse than turn an eye to the financial services sector. JPMorgan in April 2020 punished more than a dozen traders for using WhatsApp at work, firing one and cutting bonus payments for the rest. As Bloomberg noted at the time: "Messages on the WhatsApp service are encrypted from start to finish, and can’t easily be monitored by Wall Street firms’ compliance departments, a problem for companies that need to make sure their employees aren’t engaging in illegal activity such as fraud or insider trading."
Regulators could also look to the sector for less blunt solutions than firing miscreants: there's no shortage of companies out there like Symphony Communication Services, which provides encrypted chat-based collaboration tools to financial services market clients, including ones which can layer on top of WhatsApp to make the popular application compliant with market regulations -- and quite probably the ICO's requirements too...