At a recent SRA event (‘Innovation – making business ideas a reality’), there was a short conversation about the use of WhatsApp.
A quick poll of the solicitors in the room concluded that many of those in attendance use WhatsApp to communicate with their clients.
The SRA presenter responded with words of encouragement and clearly saw this as a very positive sign of innovative engagement – reaching clients in a way that suits them.
One could even argue that this is consistent with paragraph 4.2 of the SRA Code of Conduct for Firms (“You ensure that the service you provide to clients is competent and delivered in a timely manner, and takes account of your client’s attributes, needs and circumstances”).
To be honest, we were a bit surprised that this use of WhatsApp (and presumably other similar services like Telegram or Signal) is so prevalent. There are clearly some risk issues to consider.
Why do law firms use WhatsApp to communicate with clients?
- It is quick and easy
- It is cheap
- You can send and receive documents
- Responses to texts are usually quicker and more to the point than replies to emails
- You can see if messages have been read
- Clients understand and can relate to the platform – it is what they use with family and friends
- It is easier than checking emails daily or trying to coordinate calendars for Zoom meetings
- Some people don’t like picking up the phone
So, a win-win arrangement?
On the face of it, yes.
But there is another side to this. Whilst the convenience of WhatsApp cannot be denied, does its use outweigh the potential harm it could cause a firm?
Issue 1: Lack of visibility
Most case management systems are set up to deal with email and telephone communications. Not texts.
Let’s say a solicitor uses WhatsApp to send some information to a client, possibly even a sensitive document. The app does not hook up to the firm’s case management system, which is its digital file and single ‘source of truth’.
Unless the lawyer is pro-active about uploading screenshots from their device (which is a pain in a long conversation thread), there is nothing on the client file to evidence what has been said, agreed, sent or returned.
It is as if the conversation did not happen. Which will be a problem if the client complaints, or the regulators or insurers get involved.
Worse, it makes supervision almost impossible. If key parts of the ‘file’ are trapped in the solicitor’s iPhone, the firm itself cannot have eyes on the case as it progresses and any file reviews will be incomplete. File reviews are hard enough as it is.
Paragraph 4.4 of the SRA Code of Conduct for Firms tells us that we must have “an effective system for supervising clients’ matters”. COLPs will be concerned that there is a systemic breach of the rules here.
But here’s the real danger: firms may not know what they don’t know. If members of the team are using WhatsApp outside of the firm’s regular systems, how is the firm supposed to know about it?
Firms may think they are supervising properly when in fact they do not have the full picture.
Issue 2: Data security and confidentiality
WhatsApp is an app that lives on an individual’s device. One of the selling points of the service is its encryption of messages, meaning that they would be hard to intercept (unlike unencrypted email).
But encryption is not the end of the conversation.
When a solicitor leaves the office with a client text in their WhatsApp chat history, in effect they are walking out with a part of the file.
What then happens if the phone if lost or stolen? Or if the individual’s WhatsApp account is compromised or blocked?
Does anyone actually log out of their apps? If not, other people with access to that device (e.g. a four-year old who wants to listen to Thomas the Tank Engine songs on Spotify) can also see your messages. As far as we know, most messaging apps do not require an additional password.
Issue 3: Unrecorded time
If quick messages are not making it onto the file, it is highly likely that they are also not being billed.
Thirty seconds here and there may not seem like much. But as with all time recording, it adds up. Particularly if the practice is commonplace across the firm.
How much time is the team ‘giving away’ for free?
The IT expert’s perspective
We spoke to Alex Hutchinson, Strategic IT Consultant for law firms and barristers chambers.
Alex is in no doubt that WhatsApp is a very risky area for law firms, noting that the more common practice it becomes, and the more solicitors who use it, the more the risk issues are multiplied and the harder it will be for firms to move away from it.
“If a firm invested in an app or a portal that is secure, then this would greatly assist them,” says Alex.
“This could also be built to integrate with their case management system, ensuring that everything sent out to a client, or received from a client, is uploaded to the client file and a full record is kept. Everything is tracked and importantly, data is secure. This is an area that has seen much development over the last couple of years and will likely to continue.”
Does the business version of WhatsApp have any benefits for use in law firms? Would this take away some of the issues already highlighted? Alex suggests not. “Whilst it does have benefits for the customer service industry, the issues of surrounding potential data breaches, confidentiality, full visibility of a case file, time recording, etc. would still be prevalent for law firms who use it.”
Tips for using WhatsApp in law firms
If you want the benefits of using services like WhatsApp, but want to manage the risks of doing so, here are our top tips:
- Make sure you know whether people are using WhatsApp with their clients
- Draft a policy to set the rules
- Add the use of messaging to your firm’s risk register
- Send a memo to all staff highlighting the risks and good practice
- If the team knows messaging is chargeable, they are more likely to find their way into the file
- Ensure people know how to export messages from their device to the file (e.g. screenshots)
- Add a check on your file review forms to query whether communication with the client is via messaging
- Audit personal devices to make sure they are secure
- Ask your IT team or software provider what (if anything) can be done to integrate the messages into your case management system