Usage and policy guidance for mobile messaging apps: FOI release

Information requested

All information, risk analysis and minutes of related meetings that explain how the policy available at:
https://www.gov.scot/publications/mobile-messaging-apps-usage-and-policy-guidance/ (dated 31 October 2023) was arrived at.

In particular, what was the justification for permitting government officials to conduct government business on chat applications that are owned by foreign organisations (e.g. Meta) over which the Scottish Government has little influence?

How much of the Digital Directorate's policy in this regard is influenced by Westminster policy? Please provide sources where relevant.

And finally, in light of recent events (in particular deleted messages for which no central record appears to exist) does the Digital Directorate plan to revise this policy to ensure that proper records are maintained, ideally on ICT infrastructure that is within the _complete_ control of the government?

Response

While our aim is to provide information whenever possible, in this instance we are unable to provide some of the information you have requested because an exemption under section s.38(1)(b) (personal information) of FOISA applies to some of the information requested because it is personal data of a third party, ie names of individuals, and disclosing it would contravene the data protection principles in Article 5(1) of the General Data Protection Regulation and in section 34(1) of the Data Protection Act 2018. This exemption is not subject to the ‘public interest test’, so we are not required to consider if the public interest in disclosing the information outweighs the public interest in applying the exemption.

Copies of relevant correspondence are included as attachments with this response which have been redacted under this exemption.

There are also redactions where content is considered to be out of scope.

In June 2021, the Scottish Government Executive Team agreed to consider whether further guidance was required on the use of Whatsapp, which saw the development of the Scottish Government Mobile messaging apps - usage and policy in November 2021. In line with the overarching Records Management Policy, this complementary guidance also makes clear that mobile messaging does not change individual civil servants’ responsibility to maintain complete and comprehensive records of key conversations and decisions. by saving into the Electronic Records and Document Management system (eRDM).

The action was completed as directed by the Executive Team. Director of Communications & Ministerial Support consulted with colleagues in SG Digital Directorate, and it was agreed that the extant guidance should be updated to provide revised guidance for ‘personal messaging apps’. This was taken forward by SG Chief Information Officer [CIO].

As Chair of the Information Governance Delivery Board, CIO agreed to take the guidance document to that board which had all the relevant contributors/scrutiny on it e.g. SG Legal Directorate, Communications, Ministerial Private Offices, Data Protection Officer, Freedom of Information Unit, People Directorate Cyber Security and Internal Audit.

I would also refer you to the:
Published FoI 202300383183
Published FoI 202300383191

Included in this response is a 2021 email to the SG Executive Team referencing an internal guidance note from 2019. At the time it was believed that the note had been published on the SG internal intranet, known as Saltire; it had not.

After further discussion with the creator of the note, it has been confirmed that this was drafted by the DG Economy Ministerial Overseas Visits team while exploring options for officials to use WhatsApp during overseas visits – so for that specific purpose. The intended audience were officials involved in the ministerial visit (in Scotland and those heading out abroad), and it was never published nor publicised more widely than the team discussion.

The vast majority of commonly used software tools and products are international and are not owned or run by either Scottish or UK companies. This includes software products from Microsoft, Apple, Google, Amazon, Oracle, Salesforce, Cisco, Adobe, Objective, Alfresco and many more. Likewise many governments across the world now rely on software and hardware products that are not owned from within their borders – but are never-the-less subject to the laws of the country of usage.

Scottish Government recognises that some real-time off-platform apps can be useful to its Ministers and staff in the same way that telephone conversations and face-to-face discussions can be useful – business continuity being a key example. Therefore, we have sought to provide policies and guidance around the use of those communication tools.

The First Minister has commissioned an externally led review into the use of mobile messaging apps and non-corporate technology in the Scottish Government. This will take particular account of government interaction with statutory public inquiries.

Please see the clip from First Minister’s Questions on 25 January 2024:
https://www.scottishparliament.tv/meeting/first-ministers-questions-january-25-2024?clip_start=12:09:27&clip_end=12:10:09
Please also see the link below:
https://www.parliament.scot/chamber-and-committees/official-report/search-what-was-said-inparliament/meeting-of-parliament-25-01-2024?meeting=15670&iob=133677#orscontributions_M4941E408P744C2555414

About FOI

The Scottish Government is committed to publishing all information released in response to Freedom of Information requests. View all FOI responses at http://www.gov.scot/foi-responses.

FOI 202400396640 - Information released - Annex

File type

27 page PDF

File size

1.0 MB