I wrote a short piece in November about the misuse of WhatsApp in government:

https://frp-insights.passle.net/post/102hb07/instant-messaging-what-you-dont-know-can-hurt-you

I suggested that most organisations have little or no idea of the “side” conversations taking place via instant messaging Apps, though I was expecting these to predominantly be taking place on work issued mobile devices.  I was wrong on that score, as JP Morgan have just been fined $200 million for the abuse of WhatsApp by its staff on personal devices, and also for using personal email accounts for work related activity.

The SEC stated that “As technology changes, it’s even more important that registrants ensure that their communications are appropriately recorded and are not conducted outside of official channels in order to avoid market oversight” 

This is another example of the line between personal devices and work becoming increasing blurred.  There are many people who have just the one mobile phone, on which they conduct all their work and personal activity, so is it really that surprising that this happened in the first place?

Going forward companies may want to consider offering a one time “amnesty” in respect of the misuse of any communication policies.  Far better to fully understand the landscape and take preventative action now, than be staring down the barrel of a $200 million fine. This along with appropriate training and an information governance policy which considers all possible data sources, may go some way to helping other companies avoid a similar large regulatory imposed fine.