Whatsapp Conversation relating to data subject on a work related matter on a non-work phone between senior managers. Is this SAR-able and FOI-able?

Question

0

Asked: August 2, 20212021-08-02T10:54:18+01:00 2021-08-02T10:54:18+01:00In: GDPR, Privacy Management, Professional Development, Software tips and tricks

Whatsapp Conversation relating to data subject on a work related matter on a non-work phone between senior managers. Is this SAR-able and FOI-able?

0

Whatsapp Conversation relating to data subject on a work related matter on a non-work phone between senior managers. Is this SAR-able and FOI-able?

4 Answers

Leave an answer
Cancel reply

You must login to add an answer.

Liz · Answer 1 · 2021-08-25T06:15:08+01:00

Liz

View Profile

Liz Bronze contributor

2021-08-25T06:15:08+01:00Added an answer on August 25, 2021 at 6:15 am

Before reading Andreas post I clarified the situation with the ico. The response I received is:

If the whatsapp group is under the control of the organisation, then it would be covered under a subject access request. If staff within the organisation have set up a whatsapp group, but this is not under the control of the organisation, then you would not be obligated to provide the messages in response to a SAR.

0

Reply
Share
Share

Yorkie82

0 Questions

19 Answers
0 Best Answers
19 Points

View Profile
Yorkie82 Bronze contributor
2021-08-26T09:46:41+01:00Replied to answer on August 26, 2021 at 9:46 am
We had that problem a couple of months back with a SAR from a former staff member and the content of these “private” conversations had been requested by the data subject. The ICO at the time advised that if it is company-related, the company is aware of it and they can request it from their employees (contractual obligations) then you have to disclose it. (which perhaps is than consider as “under the control of the organisation”)
- 0
- Reply
- Share
  Share
  
  Share on Facebook
  
  Share on Twitter
  
  Share on LinkedIn

Andrea · Answer 2 · 2021-08-17T13:44:58+01:00

I agree with Liz. If you don’t have any reason to think that your senior managers are using WhatsApp for work related conversations you could argue that you are not the controller of any personal information in those conversations. This might be supported by your company policies on, for example confidential information?

If you think you are the controller, then unless you can point to a company policy on this, it is unlikely that you will be able to compel the senior managers to hand over their personal devices for you to search. I would document how the managers respond to any request to search their devices so you can produce this evidence if the ICO investigates.

You might also want to consider whether any information would be disclosable as part of a DSAR taking into account the third party privacy rights of your managers and therefore whether you can decline to search on the basis that it would not be reasonable or proportionate.

Liz · Answer 3 · 2021-08-13T10:02:20+01:00

Liz

View Profile

Liz Bronze contributor

2021-08-13T10:02:20+01:00Added an answer on August 13, 2021 at 10:02 am

I’ve just been asked this question too! I’m thinking that if it was a conversation on a personal phone the data isnt being processed by the organisation and therefore would not need to be provided by company. Would anyone have any thoughts on this stance please?

0

Reply
Share
Share

Liz

Yorkie82

Andrea

Liz

Smurf333

Dave_Wylie

CRodica

Atis

Ian G

Revoke.com - new third party portal for customer right requests

Instagram!!

DPO in EU and UK

DBS scenario with HR retaining excessive information for longer than ...

Parties role towards employees data for administrative purposes

Sign Up

Sign In

Forgot Password

Whatsapp Conversation relating to data subject on a work related matter on a non-work phone between senior managers. Is this SAR-able and FOI-able?

4 Answers

Leave an answerCancel reply

Leave an answer
Cancel reply