Embracing innovation: Navigating compliant use of WhatsApp and other non-corporate communication channels (NCCCs) in government

The significance of data governance is not only becoming increasingly prominent within the private sector – it’s also gaining traction among national governments. The public sector realises the pivotal role that well-structured data management practices play in ensuring the secure and compliant exchange of sensitive data. This becomes particularly crucial in the context of NCCCs, which are popular in government for the same reason they are worldwide: they enable swift and convenient communication, without the logistical hassle of scheduling calls or meetings, or the complexities of lengthy email exchanges. In recent years, with the transition to remote work prompted by the pandemic, WhatsApp in particular has become significantly integrated within the UK government, with as many as 31% of officials in some departments having the app installed on their work-issued devices.

However, despite how crucial their role may be, NCCCs still present a series of concerns in terms of adherence to government record-keeping, accountability and transparency requirements, necessitating innovative solutions to support better data governance. 

Using NCCCs for government business

In July 2022, the Information Commissioner's Office presented a report of its year-long investigation, highlighting the risks posed by the government's use of private messaging systems and emphasising the possibility of information loss from the public record. The report also raised concerns regarding the confidentiality and security of data conveyed and stored on messaging apps and recommended that the government update the existing guidelines.

In response to the recommendation, the Cabinet Office revised the cross-government guidelines on the utilisation of NCCCs for disseminating official business information. This marked the first update in a decade, prompted by notable instances over the past couple of years where ministers used WhatsApp for official communications, especially in response to the coronavirus pandemic. The 2022 report on WhatsApp use in government states that “the app is now fundamental to how the UK government and politics function.” Moreover, evidence found in publicly accessible sources also implies that this practice is commonly observed throughout various sectors of the government and existed before the onset of the pandemic in 2019. 

The key goals of the updated policy that explicitly mentions various platforms, including WhatsApp, Signal, private email, SMS text-message platforms, and private messages on Facebook and LinkedIn, are articulated as follows: 

• Facilitating efficient day-to-day government discussions in a modern way;
• Reducing risks to the security of information; 
• Ensuring compliance with the principles of good government, including record-keeping, accountability, and transparency.

The guidelines that apply to all individuals in central government and arm’s length bodies set forth clear responsibilities in terms of the appropriate use of NCCCs, including recordkeeping, transparency, security, and data protection. These also align with the accountability framework obligations that public and private sector organisations are subject to under the UK GDPR.

Effectively addressing these issues requires a comprehensive and strategic approach to data governance, as well as the integration of innovative tools that streamline operations. This, however, presents a significant issue as government organisations continue to encounter legacy challenges, ranging from outdated data infrastructures to resistance to digital innovation.

Leveraging innovation to boost efficiency

Collaborative initiatives between government departments and emerging technologies like Valarian, play a crucial role in supporting ongoing efforts towards ensuring security, compliance, and accountability with regard to the use of NCCCs. By leveraging the expertise of innovators in the data protection space, government entities can deploy cutting-edge technological solutions that address their needs in the digital age. 

Valarian stands out in its commitment to securing communication tools and fostering a high-trust environment for sensitive data exchange. By seamlessly integrating into the interface of communication platforms like WhatsApp, Valarian’s software tackles another critical issue — end-user experience. Maintaining existing workflows enables users to continue leveraging NCCCs while ensuring all data is captured and preventing the deletion or concealment of material. With government communications being a potential target for attack, deploying Valarian’s software not only establishes granular access controls but also secures complete data ownership, protecting against unauthorised exposure. 

Moreover, Valarian helps alleviate concerns regarding the potential erosion of public confidence in official processes due to the reliance on NCCCs. By fortifying against sensitive information exposure and promoting transparency, stakeholders can dispel the perception of opaque or informal decision making. Ultimately, this work can serve to bolster the credibility of governmental institutions.

Building resilience in the digital era 

The dynamic regulatory and threat landscape accentuates the importance of upholding the highest standards of security and compliance in the exchange of sensitive government data. Nevertheless, current shortcomings within government systems can pose obstacles to safeguarding communication infrastructures, increasing the risk of data breaches, loss, and exposure. Particularly in the realm of NCCCs, the challenges related to record-keeping, accountability and transparency underscore the importance of integrating innovative tools to mitigate risks without compromising efficiency.

Through the implementation of solutions such as Valarian, government entities can ensure strict adherence to updated guidelines, fostering continuous visibility and enhanced governance over communication via non-corporate channels. Looking ahead, the cultivation of mutual trust and collaboration with forward-thinking businesses will help the public sector fortify defences against the multifaceted challenges of the digital era.

Grace is the co-founder of CyLon, ​​an early-stage investor focussed on security. Prior to founding CyLon, Grace spent 10 years in the UK Diplomatic Service, working on policy in Asia, Europe, and the Americas. Between 2004-6, she was an advisor to Prime Minister Tony Blair, specialising in Asia and national security. She is an Associate Fellow at Chatham House and a Council Member of ECFR.