• 0800 0862018
  • This email address is being protected from spambots. You need JavaScript enabled to view it.
  • Mon - Fri 8:00 - 17:00

Best Practice Update

    You are here:  
  1. Home
  2. Best Practice Update
  3. Using WhatsApp in Schools
Using WhatsApp in Schools
Best Practice Updates

Using WhatsApp in Schools

This article is about the use of WhatsApp as a communication tool in schools and recent vulnerabilities. It discusses school staff using WhatsApp as a communication method for school business.

We are sometimes asked by staff whether it is OK for staff to be in a WhatsApp group for important school messages. Staff often wish to use it because it is an easy way to communicate and a platform that a lot of people are familiar with.  It is also free. There are issues around this:

  • Non staff members can easily be added
  • All personal mobile numbers can be seen by everyone in the group
  • Someone needs to take responsibility for removing staff from the group that have left school
  • There is no user access control
  • Use of personal devices for school business

The ICO called for a review into the use of private email and messaging apps within government as there is a lack of controls: https://ico.org.uk/about-the-ico/media-centre/news-and-blogs/2022/07/behind-the-screens-ico-calls-for-review-into-use-of-private-email-and-messaging-apps-within-government/

WhatsApp says is should not be used for business; it is against their terms and conditions. Although WhatsApp have a business app, this is for businesses to link with their customers (ie the public), not designed for private chat within an organisation: https://support.safeguardinginschools.co.uk/article/36-why-schools-shouldnt-use-whatsapp

This article highlights the lack of user management that can create security issues: https://www.beekeeper.io/blog/why-you-shouldnt-use-whatsapp-for-business-communication/

WhatsApp has previously been fined for data breaches: https://www.fieldfisher.com/en/insights/privacy-notices-post-whatsapp

More recently there has been a warning from Action Fraud about a takeover scam of Whatsapp accounts : https://www.actionfraud.police.uk/alert/warning-issued-to-whatsapp-users-over-account-takeover-scam

Our advice would be to always try to minimise any risk, so consider the following:

  • Systems owned by an organisation would have the relevant security measures in place to protect against hackers and cyber attacks. See our best practice area: Information & Cyber Security.
  • An organisation would have the appropriate user controls measures in place for accessing the data appropriate to a person's role in the organisation. See our Info/Cyber Security Checklist.
  • An organisation would have a backup of any data.
  • An organisation is required to have access to all data in the event of a Subject Access Request. This is much simpler when all business communication is either in the organisation's cloud or devices.  See our best practice area: Subject Access Requests.
  • Organisational systems are monitored and so any inappropriate use can be checked and controlled.
  • WhatsApp may not be the best tool for more formal communication of for conveying official school policies or announcements and could lead to confusion or miscommunication.
  • There is a risk of an individual's private information or confidential data being on everyone's personal device that are in the group - an organisation has control over it's own devices.

Internet Matters offers a WhatsApp social media guide.

Information about whether WhatsApp is safe for children is covered by the NSPCC: Is WhatsApp safe for my child?

If you have been a victim of fraud or cyber crime, report it to Action Fraud or 0300 123 2040, and possibly your DPO, depending on the cyber crime.

 

 

©2024 Data Protection Education Ltd.

Search

  • News