Deutsche Bank has issued a notice to employees instructing them not to delete WhatsApp messages relating to the business.
The Frankfurt-based bank earlier this year sent a memo to staff warning them that any business-related messages going through private channels mustn’t be deleted as the act could be considered a crime under US law.
It also reminded them that using messages sent from private phones for business is a violation of company policy.
Similar considerations apply to businesses in South Africa as the law is typically ‘technology agnostic’, meaning that it does not distinguish between different technologies, says Karl Blom, senior associate at legal firm Webber Wentzel.
“There are not separate confidentiality requirements for email, SMS, WhatsApp or even oral communications. For that reason, depending on the terms of the contract with an employee or contractor, an employer or principal could require an employee or contractor to retain WhatsApp messages where those contain information relating to the business of the employer.”
This includes messages that are sent during the course and scope of that person’s employment or contract, said Blom.
“It is important to note that an employer’s right to access messages sent by an employer will be determined by a number of factors, including the terms of the employment contract or whether the employer is the owner of a device from which the message was sent.
“However, even if the employee owns the device from which a message was sent, an employer may be able to argue that an employee loses some privacy protections concerning a message where that message was used to engage in matters pertaining to the employer’s business.”
POPIA and record-keeping
An employer is typically responsible for the conduct of its employee where the employees are acting within the course and scope of their employment, said Blom.
For that reason, if an employee is using WhatsApp to conduct the business of their employer, the employer must ensure that these activities are POPIA compliant, he said.
There a several provisions that may apply under POPIA, including requirements pertaining to:
- The transfer of data to third parties outside South Africa;
- The retention of personal information;
- The security of the personal information;
- The purpose for which the personal information is being used.
“If an employer is making use of WhatsApp, it must treat these messages as it treats any other technology – such as emails, VOIP, regular mail etc.”
Employers should also be mindful of any contractual confidentiality provisions that may apply to it – including those that may restrict its use of certain technologies, such as WhatsApp, he said.
“Finally, it is important to remember that WhatsApp and other messaging tools are operated by third parties, so employers should always be mindful of any regulatory requirements that may restrict how they provide data to third parties.
“For example, employers in the legal, educational, medical or insurance industry should be mindful of the specific requirements that apply in those sectors.”
Can your boss ask to look at your phone?
“In the absence of a court order or a specific contractual right, an employer typically does not have an automatic right to seize the private mobile phone of an employee – or their WhatsApp messages,” said Blom.
However, if an employer makes an allegation of misconduct by the employee, which relates to the private mobile phone of an employee and the conduct of the employee’s business, the employee may request the private mobile phone from the employee and:
- If the employee provides the private mobile phone to the employer, the employer may proceed to access the contents of the private mobile phone; or
- If the employee refuses to hand over the private handset, the employer may consider disciplinary action.
“This should always be considered on a case-by-case basis,” he said.