The Information Commissioner’s Office (ICO) has called for a review into the way government officials use private messaging channels to conduct official business.
The private messaging channels include apps like WhatsApp as well as personal email accounts which have been tied to MoD security breaches, and Russian hackers stealing trade talk papers.
It comes as the ICO publishes the results of a year-long investigation into how ministers at the Department of Health behaved during the pandemic which found there was “extensive use of private correspondence channels by ministers, and staff”.
“Evidence more widely available in the public domain also suggests this practice is commonly seen across much of the rest of government and predates the pandemic,” the report added.
The investigation has found that important information around the government’s response to the COVID-19 pandemic may potentially have been lost or insecurely handled due to the use of the messaging apps.
Earlier this year Lord Evans, then chair of the committee on standards in public life, said the government had demonstrated a “carelessness” in its attitude to standards and criticised ministers for conducting official business through WhatsApp.
The use of private messaging channels during the pandemic “brought some real operation benefits at a time in which the UK was facing exceptional pressures” according to the ICO.
COVID-19 cases continuing to rise, reaching highest level since late April
COVID-19: New wave of Omicron mutations spreading across Europe, EU Medicines Agency warns
China’s first COVID-19 vaccine mandate to be introduced in Beijing
However they also “presented risks to the confidentiality, integrity and accessibility of the data exchanges”, the ICO’s report added.
In particular it found that that the Department of Health’s “policies and procedures were inconsistent with Cabinet Office policy on the use of private email… and had some significant gaps based on how key individuals were working in practice.
“This presented a risk of the effective handling of requests for information in line with the relevant codes of practice under [the Freedom of Information Act (FOI Act)].”
Correspondence channels used were ‘lawful’
The data watchdog, which is responsible for upholding the FOI Act, has issued the Department of Health with a formal order demanding that it to improve how it responds to information requests.
Last year the government denied setting up a “Clearing House” unit to profile journalists and undermine FOI requests, following a letter from newspaper editors demanding action.
The department was also reprimanded and told to “improve its processes and procedures around the handling of personal information through private correspondence channels and ensure information is kept secure”.
“To make sure wider lessons are learnt, the ICO is also calling for the government to set up a separate review into the use of these channels,” it said.
A government spokesperson said: “This report makes clear that the correspondence channels used by ministers and the department were lawful.
“Ministers and officials had to work at extraordinary pace during the pandemic and the use of modern technology was necessary to deliver important public services that saved lives – such as building a testing system from scratch and rolling out our world-leading vaccine programme.
“The government is committed to accountability and transparency, and we are already undertaking a review into the policy for the use of non-corporate communication channels.
“We will carefully consider the ICO’s report, alongside recognising the ongoing benefits of using digital forms of communication,” the spokesperson added.