Move beyond WhatsApp - Better Ways to Manage Team Communications.
The new Right to Disconnect laws started me thinking about how WhatsApp fits into it as I’ve known several small business owners that use it as a means of communicating with their team. Even with its pitfalls, it’s become very common for small businesses in Australia. On the face of it, WhatsApp appears to be a convenient way to communicate with your team but there are significant operational and legal risks involved.
Many small business owners use WhatsApp like they might a staff whiteboard or communication book where they put on task lists for the team to complete when they’re next at work or they share issues that need to be tackled. They could also share training modules, product and marketing campaign information and also cover housekeeping matters like, “If you use up all the milk, please add it to the shopping list.”
Is it handy? Yes. Is it risky? Absolutely!
I never chose to use WhatsApp for business myself. My opinion was that, if I wanted to communicate with my team I should do it during work hours but, more importantly, I wanted more control over the communication chain than WhatsApp could offer and I’m a big believer in keeping records to cover my business backside!
UNDERSTANDING THE RISKS OF USING WHATSAPP
So, let’s take a look at the risks of using WhatsApp as a main communication tool for your team. Remember, it wasn’t designed for business use and in fact, the inbuilt features that make it so convenient for personal use are precisely what make it a significant legal and operational risk for you as a small business owner.
Employee Misconduct and Employer Liability
This is a significant risk for employers as they can be held vicariously liable for the behaviour of its employees on WhatsApp, or any platform in fact.
If bullying, harassment or other inappropriate conduct (e.g. sharing discriminatory content) occurs in a workplace WhatsApp group, you, as the employer, can be held responsible. This is true even if the group was set up for social purposes so you need to be an ever-present administrator of the platform and have clear guidelines.
Fair Work Australia has upheld dismissals where employees have used messaging platforms to engage in serious misconduct, but they have also found employers liable for not having clear policies or for failing to respond appropriately to a complaint.
Operational and Security Risks
Security Vulnerabilities: WhatsApp is a frequent target for phishing and hacking attacks and, because it’s a personal app, employees will likely use it with a lower level of security awareness than they would a professional one, making the business more vulnerable to a breach.
No Centralised Control: If an employee leaves your company, you can remove them from a WhatsApp group but you can’t delete and sensitive conversations or files that they have on their personal phone. It stays in their chat history until they delete it themselves. This poses a significant security risk for your business.
Limited Features: As an operational downfall, the app is not designed to scale with a business, if that’s your intention. It lacks features like a formal roster, a centralised document storage option and effective search functionality.
Legal and Compliance Risks
The Right to Disconnect: WhatsApp lacks a scheduling feature which means that any work-related message you send out-of-hours is immediate and potentially disruptive. And in any case, if you’re a retail business you’re probably operating seven days with a fluid team so it’s always going to be out-of-hours for someone. This puts the burden on the employee to manage their notifications and could be seen that you’re not taking reasonable steps to prevent after-hours contact.
Data Privacy and Confidentiality: While WhatsApp offers end-to-end encryption for the message content itself, it’s not a compliant platform for handling sensitive business data. Messages are stored on the employee’s personal device, which you have no control over, and so it’s difficult for you to manage, retrieve or delete sensitive information once it’s on their phone. There’s nothing you can do if an employee leaves or their phone is lost or stolen.
Lack of Official Records: Unlike email or other dedicated platforms, WhatsApp doesn’t provide a long-term audit trail. WhatsApp does have an option to schedule backup to the cloud (Google Drive or iCloud) but if an employee uses the ‘disappearing messages’ feature or deletes the entire chat history before the backup, that information is gone forever and that creates a significant gap in your official records. Under Australian law, the Fair Work Act 2009 requires all employers to keep employee records for 7 years and a conversation on WhatsApp would be part of the employment record if it relates to a legal matter, a directive, or a dispute that may arise years down the track.
“The key takeaway here is that, if there’s a legal dispute, you could be left without a complete record of communications with your employee, making it difficult to defend yourself. To me, as someone who believes strongly that a small business should protect itself from compliance risks, this lack of legal accountability is probably WhatsApp’s biggest downfall.”
WHAT ABOUT WHATSAPP JUST AS AN EMPLOYEE SOCIAL PLATFORM?
It’s tempting to try to explain using a business WhatsApp with employees as a social platform where they can share funny memes, plan a coffee catch-up or send birthday wishes, and none of these things would relate to the Right to Disconnect laws. The law doesn’t prevent employees from contacting one another, nor does it regulate their personal relationships.
However, as I mentioned previously, since you are the employer and ‘owner’ of the WhatsApp page, there is a risk of ‘blurred lines’ where, even if the intent is social, work related communications start to appear. For example, a manager might post a notice of an available shift or an employee could ask a work question. Once that happens, all rules about the right to disconnect would apply.
Different but related to this is the greater risk in the content of the messages themselves where an employer can be held vicariously liable for any inappropriate conduct or comments on the platform, even if they’re done outside of working hours. If a group chat, for example, becomes a forum for making inappropriate jokes, the employer could be liable.
“Is it wise for a business and its owner to be a part of their team’s social communications? Blurring the lines between employer and employee can make it difficult to maintain the necessary authority, address disciplinary issues and manage the business’s legal risk. It may be better to stay out of employee social groups entirely to remove that direct liability. That is, be friendly but not friends.”
WHAT IF YOU STILL CHOOSE TO USE WHATSAPP FOR BUSINESS COMMS?
I hate to say it, but having a policy is probably the best policy!
If you’re determined to use WhatsApp, or indeed any platform (including a rostering one), then you need a formal written policy that is signed by all employees. It might not fully protect you, but it may help. The easiest place to put this is in the employment document for new employees and as an addendum for existing ones. They sign and return it to you and you keep it on file.
This means that your team understand how to use the platform and ensures clarity around your intentions. And, importantly, it may help to protect you as an employer. Remember, FairWork has found employers to be liable for unfair dismissal, even when serious misconduct was involved, if the employer didn’t have clear policies in place or failed to follow a fair process.
Building a WhatsApp Policy for Your Business
If you choose to use WhatsApp, or any other platform, for your business you should have a written policy that all users sign and acknowledge. Also, remember to set the group's permissions so that only admin can add new members, and you as the employer must be either the only admin or at least one of them. Here are some points to consider including, but please seek legal advice whenever preparing a workplace policy.
What is the platform for?
Include how it might be used for urgent and last-minute work communications. For example, think of it as a tool for emergencies, not a place to run the business.
List what the platform is not to be used for (e.g., sharing confidential information, official roster changes, performance feedback, or HR matters). This will depend on your intentions for the platform.
Clarify how this platform works alongside your other communication tools that you use such as the team noticeboard, store communication book, emails and phone calls.
State that access is for business purposes, not personal use.
Set Rules for the Right to Disconnect:
Define what a genuine ‘emergency’ is for your business as this is a key part of the Right to Disconnect rules. For example, a burst pipe or alarm going off is an emergency, a message asking for a shift swap isn’t.
State that employees are not expected to monitor or respond to messages outside their rostered hours.
Inform employees that they can use their phone's "Do Not Disturb" or "Focus" settings to mute work-related notifications.
Establish Rules of Conduct and Content
Require all communication to be professional and respectful at all times.
State that inappropriate content, including bullying, harassment, or discriminatory language, is strictly prohibited.
Remind all users of their obligation to protect confidentiality and not share sensitive business, customer, or employee information.
State that all communications and files are subject to company policy and can be reviewed if needed.
Address Data Management and Accountability
State that the business has no control over the information once it's on a personal phone and cannot be responsible for its security. Therefore, all users must strictly adhere to the rules of conduct and content stated in the policy.
Clarify that when an employee leaves the company, they will be removed from the group. However, because they will retain the full chat history on their personal device, it’s important to remember that all content remains subject to the employee's confidentiality clause within their employment agreement and must not be used or disclosed unless required by law.
Employee Consent
A policy is only as effective as its enforceability and so you need a legal record that they accept these rules. Include a statement that says that, by joining this group, they agree to adhere to the terms of this policy, they understand that their participation is a condition of their employment (if it is), and any breach may lead to disciplinary action.
State what the disciplinary action is if they don’t adhere to the policy.
WHAT ARE THE BETTER ALTERNATIVES?
Well, you could always go back to good ol’ store communications book. The dog-eared one that sits under the counter or out in the office that everyone looks at as soon as they start work. It certainly does the trick in relaying tasks and information but it means that you or the manager always has to physically be there to write into it.
For a digital solution that allows you to log in from anywhere, I always think that it’s best to use the platforms that you already have so Teams or Google Chat come to mind. They are both excellent alternatives because they offer more security and control than WhatsApp and they allow you to access them remotely to add information at any time or to read messages from your team.
Microsoft Teams: This is the go-to alternative for any business using Microsoft 365. Unlike WhatsApp, Teams provides a formal, searchable audit trail of all communications. It has a general chat function as well as one-to-one conversations but also allows a conversation to be in departments or topics so that you could have sections for product information, training manuals, OHS guidelines and so forth. You also have full administrative control to add and remove users and can enforce security policies across the platform.
Google Chat: If your business uses Google Workspace, Google Chat is the natural choice. It offers similar benefits to Teams, including an effective search function, direct messaging or threaded conversations, and the ability to create separate ‘spaces’ for different projects. Because it's integrated with Google Drive and your other Google apps, sharing and managing files is easy and secure.
There are two scenarios for using these platforms:
Scenario 1: On-site Access
Have your team members access these platforms only when they are at work. They would check the communication platforms for tasks and work updates at the beginning of their shift, and at given times throughout (such as after a break) and sign off that they’ve done so. For all other communications outside of work hours, the old-fashioned tools of phone calls for emergency roster changes and emails for non-urgent employment matters would be used.
Scenario 2: Individual Access
Each team member is given their own work email address allowing them to access these platforms at any time, although there would have to be guidelines around this to protect their right to disconnect and confidentiality. However, additional email addresses come at a cost though, so keep that in mind.
Disclaimer: This document provides general guidelines and suggestions only. It is not a substitute for professional legal advice. You should adapt the information given and this policy guideline to suit your specific business needs and consult with a solicitor to ensure full compliance with all applicable laws.