A recent security blunder in the United States – involving a journalist accidentally added to a private group chat where top-level military strategies were being discussed – has sparked global concern over the misuse of informal communication platforms at work. In light of this, an Australian employment lawyer has shared insights into the legal and operational risks organisations face when employees bypass formal channels.
“There are two primary risks to consider,” said Daniel Erickson, Partner at Tompkins Wake, in a conversation with HRD. “Firstly, there’s the potential misuse of confidential information. Often, organisations hold this information on behalf of third parties, such as clients, suppliers, or partners – so disclosing it inappropriately can cause significant legal and reputational fallout.”
“Secondly, breaches of privacy legislation can occur if personal information protected under the Privacy Act is mishandled. Both scenarios not only expose the business to liability but also erode trust.”
The Signal App Controversy
The concerns follow revelations by The Atlantic magazine, where Editor-in-Chief Jeffrey Goldberg reported that classified discussions between US officials – including the Vice President and National Security Advisor – took place via Signal, a messaging platform not approved for classified communication. The discussions included plans to carry out military strikes in Yemen.
“I’ve never seen a breach like this,” wrote Goldberg, noting that while Signal is commonly used for logistical purposes, it’s not intended for high-level security matters. To make matters worse, messages in the group were set to auto-delete after seven days – potentially breaching federal laws requiring preservation of government records.
What This Means for Employers
In a corporate context, such lapses could result in serious disciplinary action. If an employee knowingly sidesteps the company’s communication policies or uses unauthorised apps to share sensitive information, it can lead to summary dismissal.
Such breaches also raise questions around recordkeeping and organisational compliance. In Australia, mishandling personal or commercially sensitive information can incur penalties under the Employment Relations Act, with damages of up to $10,000 per breach.
The Role of Education in Preventing Breaches
Employee awareness is fundamental. Many staff may not realise the risks associated with texting or using apps like WhatsApp or Signal for work communications. While these platforms are convenient, they’re not always secure or appropriate for business-critical conversations.
Last year, Microsoft found that 78% of AI users were operating their own tools at work – often without approval or clear guidance. The lesson? Convenience can lead to compliance blind spots.
Meta, for instance, has responded by reinforcing internal policies and warning staff that leaking sensitive information could result in immediate dismissal, as outlined by its Chief Information Security Officer, Guy Rosen.
Clarity, Compliance, and Consequences
To avoid similar mishaps, businesses must take proactive steps. Set clear expectations around communication tools and ensure employees understand what’s acceptable. Employers should consider monitoring systems for company-owned devices and enforce policies that apply to everyone, regardless of their seniority.
When it comes to safeguarding sensitive data, it’s essential to ask: Are we compliant? If the answer isn’t a confident ‘yes’, it’s time to act.
Is your business communication policy up to date? Do your teams understand the risks?
ForgeHR can help you establish practical, compliant, and enforceable workplace policies that keep your people and your organisation safe. Contact us today to review your communication protocols and ensure your business is protected from costly mistakes.
