Senior members of Donald Trump’s cabinet accidentally added the editor-in-chief of Atlantic magazine, Jeffrey Goldberg, to a group chat in which participants reportedly discussed military plans for US attacks on the Houthi armed group in Yemen. The security breach was revealed in an Atlantic article on Monday (24 March).
Weeks earlier, on Thursday 13 March, Goldberg was added to a chat on the open-source encrypted messaging app Signal, reportedly called “Houthi PC small group”. Members of the chat included vice president JD Vance and defence secretary Pete Hegseth.
In an interview on broadcaster Fox News yesterday (25 March), national security adviser Mike Waltz took responsibility for the security breach. He said: "I take full responsibility. I built the group. We've got the best technical minds looking at how this happened."
Read more: How will Trump’s anti-DEI policies affect programmes in the UK?
To prevent this kind of thing from happening, employers should set out their expectations around social media use clearly and consistently, said Andrew Davidson, national head of employment at law firm Hempsons.
He told HR magazine: “The most effective social media policies strike a balance between protecting employers and appreciating that employees should be able to reasonably express their views on social media.
“The case of Bărbulescu v Romania, the European Court of Human Rights observed that '…an employer's instructions cannot reduce private social life in the workplace to zero’”.
The case, which was decided in 2017, involved an employee in Romania who was dismissed after his instant messaging communications from a workplace computer were read by his employer in order to prove that he had used the company’s property for personal purposes. The employee successfully claimed that his dismissal was unlawful given that his employer had violated his right to privacy.
In order to mitigate employer risk, Davidson emphasised the importance of making sure that social media channels are secure.
He said: “Employers should ensure that work communication channels are secure. They should offer encryption and protect sensitive information.
“They should also frequently remind employees of the need to keep confidential data secure and of the risks associated with social media platforms.”
Read more: MPs' WhatsApp group sparks workplace communication questions
Employees need to be reminded consistently of what they can and can't do in regards to workplace social media, explained Nicholas Le Riche, partner at law firm, Broadfield UK.
He told HR magazine: "Enforcing these type of policies is key, as many employers already have sophisticated policies in place on the use of social media.
"It's no good having these polices located in some far-off corner of the intranet. Employees have to be reminded of what they can and can’t do when they’re using social media at work on a regular basis, and appropriate steps have to be taken when policies are breached."
However, Le Riche emphasised that these policies should be proportionate. He said: "The parameters for such inclusion, and what information can and what can’t be disclosed to them, should be clearly understood by staff.”