Share This Page

GOOGLE
https://theprivacyadvocate.com/whats-up-with-your-whatsapp-privacy/">
RSS
LinkedIn

What’s up with WhatsApp Privacy?

August 29, 2016

phone

WHAT’S UP?

WhatsApp, once the pride of privacy advocates for its end-to-end encryption has been all over the news since August 25 for its updated privacy policy. So, what’s the buzz? What has really changed for users?

  1. WhatsApp has changed its promise to not share your data with advertisers. So, now they’re sharing.
  2. As a result, you’ll receive marketing messages (your freedom to be let alone is ‘out the window’)
  3. WhatsApp will share your phone number with Facebook, but you can opt-out (even 30 days after the agreement)
  4. If you don’t opt-out, you’ll be tracked via your phone to gather the frequency of service usage
  5. Ads about products and services that you’re interested will target you on Facebook
  6. Anticipate more friend suggestions on Facebook

 

BAD NEWS

Sounds like bad news for individual users? Yes, but there are a few inherent risks that businesses should also consider. Watch this video and keep reading.

 

Now that we’ve gotten that out of the way and while privacy advocates are busy taking up your privacy grievance to the Federal Trade Commission (FTC), what have you done so far?

phone 2

INDIVIDUAL USERS

Where do you begin? How do you take control of your privacy as you use WhatsApp to enhance communications with friends and family, coworkers or even enhance the convenience of ordering food, rides, and other personal services? For individual users, if you’re waiting for more news to develop on this issue, you’ve just wasted time. The morale of the story is, users have no privacy – unless they decide to do something about it. This can be as simple as going to WhatsApp’s setting and choosing to opt-out of sharing.

BUSINESS USERS

As a business or an organization how do you help save yourself especially as you use WhatsApp to order courier service, maintain business communications such as sales, marketing & promotion, and customer support? We can’t deny it, WhatsApp has its advantages with regards to messaging similar to Facebook Messenger, Telegram, Three-man, WeChat and Line. It’s faster and efficient than email, and improves team communication and leads to higher productivity. Let’s look closely.

phone 3

 

In January 2016, Teamwire, a German internal messaging company published an interesting blog highlighting  10 disadvantages of using WhatApp for business. These list offers communication considerations especially if you’re using WhatsApp for enterprise messaging:

 

DISADVANTAGES

1. WhatsApp Does Not Provide Enterprise Data Protection  or Enterprise-grade encryption. The app accesses employees’ address books and confidential corporate data

2. WhatsApp Is a Cloud Service Based in the USA which means weak data protection laws

3. WhatsApp Mixes Private and Business Communication

4. WhatsApp Lacks Enterprise Administration

5. WhatsApp Does Not Protect Against Data Loss Prevention

6. WhatsApp Is Missing a Professional Desktop Client

7. WhatsApp Focuses on Consumer Use Cases

8. WhatsApp Does Not Support Enterprise File Sharing Solutions

9. WhatsApp Is Short of Ecosystem Integrations

10. WhatsApp Lacks Enterprise Support and Audit-Proof

Definitely read the details here for each disadvantage listed above.

Processed with VSCO with 4 preset

 

POTENTIAL DAMAGES

In April 2016, Teamwire followed up the first blog with an article highlighting the 10 potential damages that can result from using WhatApp for business (see excerpt below) as follows:

1. Compliance Violation

Several industries deal with strictly confidential and sensitive information, and data deserving protection for various reasons. Businesses in these sectors regularly have to fulfill specific compliance standards. In the USA, for example, healthcare enterprises have to meet privacy rules of HIPAA, and financial services businesses have to comply with data audit, archiving and retrieval rules of SOX. In other countries there are similar laws and legislation, which basically ban the usage of WhatsApp for business purposes, since such consumer messaging apps cannot ensure legal compliance. In case of non-compliance, an enterprise not only faces high legal costs but also fines and indemnification payments.

2. Breach of Data Protection Law

If you use WhatsApp for business purposes, you consent to US terms of use and privacy policies of the messaging app. You also consent that WhatsApp may access your data (e.g. your address book or meta data), which might contain information of business partners and customers. However, if you work for an enterprise outside the USA, you have to fulfill the data protection laws of your home country, which is often in strong conflict with WhatsApp’s terms. E.g. based on European data protection law enterprises are actually not allowed to hand over data to WhatsApp without the consent of the business partner or customer. If you don’t have this approval, your enterprise can get easily sued.

Processed with VSCO with a9 preset

 

3. Full Liability with No Chance for Exclusion 

Things get more problematic, because WhatsApp states in their terms that the app may be used for personal use only. So based on the current terms a business use of WhatsApp is actually forbidden. Thus, in addition to the licensing issue (see below), your enterprise will be completely liable. If something negative or unforeseen happens with the data of business partners and customers, and they suffer any damage, they can claim full compensation from your enterprise.

4. Theft of Corporate Data

If WhatsApp is applied for business purposes, in the app there will be a mix of private and enterprise chats. While this is far from optimal from a productivity point of view, this is as well critical from a security point of view. The mix of private and business communication enables plain security breaches and direct theft of corporate data. Users can simply copy and paste or forward sensitive corporate data to people from outside the organization, without your enterprise noticing. The usage of WhatsApp makes it impossible to protect any confidential business information and intellectual property.

5. Loss of Corporate Data

WhatsApp does not provide a mobile application management or security layer to prevent data loss. So if a mobile device gets lost or stolen, your enterprise cannot remotely delete or remove the confidential business data in WhatsApp from the device. Only if you have an additional mobile device management or enterprise mobility management solution installed on the device, this can offer a way to completely wipe all data and apps remotely. Besides the access to a WhatsApp account of an employee cannot be blocked by an IT administrator.

 

phone 4

 

6. Productivity Loss

WhatsApp is not available cross-platform and lacks tablet apps as well as professional desktop clients for e.g. Windows, Mac and Linux. The desktop apps of Whatsapp are only “companions” of the smartphone apps, require a constant internet connection to your smartphone to work and have security risks for enterprises. Without tablet apps and professional desktop clients many workers loose productivity, business processes are not enabled and team collaboration cannot reach its full potential. A lot of work is done on laptops, tablets and desktop PCs, and an enterprise requires a messaging app that makes all business use cases possible, improves team communication and accelerates workflows on these devices as well. As noted above WhatsApp applied for business mixes private and enterprise content. That means you will have an unstructured combination of private and business chats and all related information within WhatsApp.

7. Inefficient Workflows

WhatsApp does not integrate or connect to the enterprise IT ecosystem. To start with, WhatsApp does not support enterprise file sharing solutions, which is a very broad business use case. In addition, an enterprise requires other business critical integrations into systems like ERP, CRM, accounting, HR, manufacturing, logistics and many more, which WhatsApp does not provide. This means that e.g. you cannot easily exchange corporate documents with colleagues and teams, you cannot directly distribute reports out of your CRM, you cannot automatically share analysis from your business intelligence software, you cannot get real-time information from your project management software on progress and next steps, you cannot receive instant updates from your ERP on required decisions and approvals, and so on.

8. Interruptions of Operations

Generally WhatsApp is a reliable consumer messaging app, and there aren’t many downtimes. Still, in the business world if a user has a problem or if things don’t work as they should, these interruptions can cause workflows to be delayed or completely fail. Therefore businesses require enterprise support for a messaging app, which WhatsApp does not offer. If WhatsApp is used for mission-critical processes, the potential damage can be significant and can bring about higher operative costs and even fines from customers and partners.

A photo by Jonathan Velasquez. unsplash.com/photos/4mta-DkJUAg

 

9. Technical Damages

It is technically possible to use WhatsApp to distribute a virus or other vicious malware. As a result a mobile device might stop working properly, the IT infrastructure of a business can be damaged, the security of a user can get compromised, or confidential enterprise and customer data might be stolen. While these kind of incidents are more likely to happen on operating systems with security weaknesses, the consequent damages can be very substantial and should not be underestimated.

10. License Violation

As noted above already, WhatsApp’s terms clearly state that WhatsApp may be used for personal use only. Accordingly, if your enterprise applies WhatsApp for business purposes, this is actually a contract breach. Potential license and copyright damages could lead to considerable fines for your enterprise according to civil law. The license violation might also be a compliance issue for the management of your enterprise, if control mechanisms were not properly implemented or adhered to. This can be an offense as well and cause additional penalties.

Overall, it should be clear that the potential damages by far outweigh the potential benefits of using WhatsApp for business purposes. The usage of WhatsApp and similar consumer messaging apps in an enterprise environment cannot be recommended at all.

You’re done reading this post. Give it some thought. Thanks for stopping by.

Plan to join me in Dallas! View the full schedule for #ISSAConf at www.issa.org/issaconf

Let THE PRIVACY ADVOCATE help you with your data privacy strategies, management, training, compliance needs, and more.  Worry about other things!

*All blog photos courtesy Unsplash*

Leave a Reply

Your email address will not be published. Required fields are marked *

Share This Page

GOOGLE
https://theprivacyadvocate.com/whats-up-with-your-whatsapp-privacy/">
RSS
LinkedIn
Social media & sharing icons powered by UltimatelySocial