Employees left to their own devices: the risks of communication platforms
Chat tools and apps offer convenient and informal ways to network, communicate, share ideas, and connect with colleagues, clients and service providers. However, leaving employees to their own devices (literally) without sufficient consideration and regulation may pose bigger problems for employers than they may realise.
In recent years, there has been a proliferation of global platforms for business and personal communication. Instant messaging platforms like WhatsApp, WeChat, Telegram and Slack have largely supplemented and even replaced the use of emails and other traditional communication channels in some workplaces, especially in the ever-evolving “remote working world”.
We discuss the key considerations for employers in deciding which platforms to approve for business use, on what basis, and the risks that may arise from failing to do so.
Employers should carefully consider which platforms their employees may use to communicate for work purposes. This exercise will be a business-specific one, and informed by a variety of factors, including:
- client preferences;
- the alignment of the platform with the company’s values
- the services and features offered;
- the extent to which the platform/s facilitate the employer’s ability to comply with its legal obligations and conduct its business optimally; and
- the extent to which a platform is accessible by multiple devices using the same account.
Businesses are required by legislation to retain documents for different time periods. For example, the Companies Act, 2008 requires companies to retain company records and information for a minimum of seven years. In terms of the Financial Intelligence Act, 2001 (“FICA”) read with the Companies Act, 2008, companies have a duty to keep FICA records for at least seven years. This duty is far-reaching.
Importantly, these record-keeping obligations remain in place, irrespective of the platforms on which employees are communicating for business purposes.
However, when deciding which platforms are acceptable for employees to use for business purposes, it is important that employers consider the extent to which the platforms used may hinder or facilitate their record retention capabilities. Inadequate record-keeping may expose businesses to undue risks such as statutory or criminal offences and/or hefty fines.
For example, in this context, it will be important to stipulate to what extent employees may delete communications (for example, on WhatsApp), and whether there are positive obligations on employees to store or transfer certain communications to centralised servers for record-keeping purposes.
This issue is of global significance. Recently, Deutsche Bank AG warned its employees not to delete business WhatsApp messages from their personal phones as this could be a crime under US law and would violate the company’s policy.
Similarly, HSBC is currently being investigated by U.S. regulators over the alleged misuse of WhatsApp for business communications. JP Morgan was also fined USD200-million by US regulators late last year after they found that staff had discussed work-related matters on personal devices, and none of these records were preserved by the firm as required by law.
It will be prudent for South African employers to draw lessons from abroad and ensure that employee communications occur on approved platforms, which can easily be stored for regulatory scrutiny before it is too late.
In addition, when considering which and how platforms should be used by employees, employers’ privacy and data protection policies (and implementation thereof) will need to be legally compliant and cater for communication via approved platforms.
Ultimately, employers must have access to and monitor key business communications reliably, without violating employees’ privacy, especially where there is a mixture of work and non-work related communications. A privacy impact assessment may need to be undertaken, privacy safeguards implemented and the scope of potential monitoring carefully circumscribed within the bounds of the law.
Employers also need to be clear about what employees are permitted and not permitted to do when using ‘approved’ communication platforms for work-purposes. Training employees on the use and necessity of password protection in relation to sensitive and confidential documents or information, coupled with comprehensive and detailed company policies, will be essential to ensure that confidential documents and/or company data are not compromised.
Intellectual property and liability
Other questions which arise in this context pertain to the rights to use data and the ownership of intellectual property on certain platforms. Would a business-related message belong to the company or the employee who sent it? Does it matter if the communication occurred via a business or a personal account? These are issues that would need to be carefully detailed in the company policy and legal advice taken.
Liability for possible intellectual property infringement, creation/distribution of inappropriate material and harassment on (approved) platforms would need to be factored into company policies and considered carefully by employers.
With the above in mind, employers should devise workplace policies setting out the platforms approved for business use as well as guidelines for what is acceptable when communicating on these platforms. Employers are encouraged to obtain legal advice from their trusted legal practitioner of choice, to strike the delicate balance between obtaining the benefits of modern messaging platforms whilst complying with their legal obligations and minimising undue risks.
HOD | Employment
Employment | Candidate Legal Practitioner