In recent years, the Rijksoverheid has increasingly communicated via instant messages from messaging apps such as WhatsApp, Signal and SMS because it is fast and easy. Since the ruling of the Raad van State in March 20191 , these instant messages can be part of answering a Wob request. Communicating with chat messages is now mostly done outside the information services of government organizations. Chat messages are therefore unmanaged information and communication flows and are mostly shared unstructured and context-poor between officials from inside and outside the Rijksoverheid . This means that (relevant) information from chat messages must be secured, stored and managed.
When storing instant messages, personal data of employees are also processed. When proceeding to operationalization of the policy, the risks regarding these personal data must be taken into account. To this end, a pre-PIA scan2and/or a data protection impact assessment (DPIA) is generally carried out and submitted to the (departmental) data protection officer (FG) and, if necessary, the departmental works council (DOR).
This manual contains practical insights and guidelines regarding privacy protection in the retention of instant messages by government organizations:
What do we keep?
How do we store?
Who keeps the messages?
Where do we store messages?
View here the manual.
