The popularity of encrypted messaging services like WhatsApp and WeChat is exploding worldwide. WhatsApp presently averages 1.3 billion monthly active users and WeChat 889 million. At the same time, regulatory agencies are beginning to clamp down on the use of encrypted messaging apps in industries such as healthcare and finance.
The HIPAA HITECH Privacy rule for the healthcare industry, which went into effect in 2013, mandates firms protect “all individually identifiable health information” held or transmitted by a covered entity, in any form or media, whether electronic, paper, or oral”—and unlike in the past, regulators are actually beginning to hand out fines for violations.
Things are no easier in the financial services industry. FINRA Regulatory Notice 17-18 mandates that “Every firm that communicates […] through a messaging app must first ensure that it can retain records of those communications as required by SEA Rules 17a-3 and 17a-4 and FINRA Rule 4511.”
Encrypted messaging’s bum rap. Unfortunately, it is quite difficult to capture and store messages sent through encrypted messaging apps and stay in compliance with these rules. This is particularly difficult for companies that are still relying on compliance tools that were designed for email and the pre-mobile paradigm of business communication. As a result, despite their popularity, encrypted messaging apps have been marginalized in many segments of these regulated industries.
The ability for encrypted messaging apps to sidestep regulators has begun to give these tools, particularly WhatsApp, a bad name in financial services and healthcare. Recently, reports have surfaced about how the tools can be used by employees in financial services firms to share investment information off the record and out of earshot of regulators. While this kind of information sharing is nothing new, the fines firms are now exposed to under FINRA and SEC regulations make this kind of off-the-record communication a risky proposition.
The popularity of WeChat and WhatsApp show no sign of slowing down. Even if they do, regulated industries can be assured that the next iteration of communication tools will offer just as many, if not more, compliance challenges.
Similarly, the HIPAA HITECH rule gives the twenty-year-old privacy law regulatory teeth that can expose healthcare organizations to big fines. This is leaving hospital administrators and other industry leaders understandably anxious about their employees’ digital communications behavior.
Changing the encrypted messaging story. Ironically, the same features that make regulated industries nervous about encrypted messaging apps have the potential to offer greater data security and privacy as well. Communicating with patients using encrypted messaging can help ensure chats between doctors and patients are not being digitally overheard by anyone who shouldn’t be listening. In financial services, the ability to ensure sensitive information is not being leaked is a highly valuable technology.
On top of this, the sheer popularity of WhatsApp and WeChat make it a losing proposition for industries to ignore these tools. WeChat’s user base is centered in China, and a large proportion of the Chinese population conducts most of its daily communication through the app, which offers video and voice calls in addition to messaging and sending and receiving files. Any company trying to launch an advertising campaign or a business expansion in China is at a clear disadvantage if they blackball WeChat as a legitimate messaging service. In China, the cost is similar to a company banning the use of mobile phones. WeChat shows no sign of slowing expansion to other countries as well, with the company’s eyes currently set on Europe.
Giving customers the opportunity to communicate using their chosen mode of communication is simply good customer service—and the reality is that more and more consumers are choosing encrypted messaging apps. In industries like healthcare, customer service is an important consideration, but making communication between patient and doctor easier can also improve patient care.
Bringing encrypted messaging into the fold. For industries concerned about the compliance risks of encrypted messaging, like illegal sharing of information in financial services, the knee-jerk reaction to ban these technologies is understandable. However, this approach is short-sighted. Bans will only encourage the subversive uses of these technologies, while the solution lies in bringing the positives encrypted messaging has to offer into the fold of legitimate business communication. For organizations in regulated industries, this means finding a compliance solution that can effectively capture, monitor, store, and analyze data from encrypted messaging apps.
Many organizations are not equipped to make this overhaul in compliance solutions right now, which means there are some substantial barriers to be overcome. However, this is not a problem that will get easier to deal with as time goes on. Organizations without a flexible, modern approach to compliance will only find it more difficult to adapt. The popularity of WeChat and WhatsApp show no sign of slowing down. Even if they do, regulated industries can be assured that the next iteration of communication tools will offer just as many, if not more, compliance challenges. Addressing the pressing popularity of encrypted messaging apps today rather than kicking the can down the road with bans or ignoring the issue might just separate tomorrow's leaders in communication compliance from those struggling to stay afloat.
Scott Whitney is SVP of Product Management for Actiance.