Remote work has been one of the most discussed topics in the past months. Many businesses found themselves challenged to continue operations in a new, almost entirely virtual reality. Video conferencing has been an integral part of this process, with the respective apps and platforms being on the rise. They offer an easy way of organising online events, video and audio conferencing, distance education and others, in this way sparing physical contact and respectively – the spread of COVID-19. However, along with the perks, video conferencing platforms raise potential confidentiality, security and other legal and regulatory issues. And risk management practices are still catching up to new technology. A video recording is basically a digital document, no more or less secure than any other document or “electronically stored information” on an office server.
Anyone actively involved in video conferencing should consider the following tips for mitigating potential legal and regulatory risks.
Your biggest concern should be information protection
Who is on the other side?
When hosting a call you should always use programs with end-to-end encryption, which requires a key or a password, only known to the right people. You must verify the identity of all participants on the call by seeing them. However, for the purposes of their own security they might abstain from any video recording. In this case, you can use a programme, which allows for waiting room facilities and thus verify the identity of your attendees before letting them into the conference. In addition, you can use features, which allow for removal of any unwanted meeting guests in the course of the meeting. Always monitor members as they join and lock the event once all desired members have joined.
Are you recording the call?
If you decide to record the video meeting, it is recommended both from a legal and ethical standpoint to explicitly ask attendees for affirmative consent. If you are an attendee, you should consider whether the programme indicates when you are being recorded and if so, how? Some experts consider the safest approach, whereby you must assume the same as with an e-mail conversation - you can be recorded at any time, therefore, keep in mind how anything might appear in a courtroom. If you are a host and other participants agree to for you to record the call, you should provide a transparent retention policy, which prescribes how the recording will be maintained, preserved or destroyed and thus avoid potential exposure to discovery by adversaries. Remember to also provide other relevant privacy and data protection related information.
What is in the background?
Be cautious as to how you appear in an online video event. It is often the case that participants join calls from their homes or offices. Keep track of whether you display any materials or items, which might firstly, compromise your privacy and security, and secondly, disclose commercially sensitive information. Instead, look for a neutral background such as a bookcase or search for a readily available electronic background. Also, move, mute or disable virtual assistants, if any, to avoid inadvertently providing any sensitive personal information. Headphones are always the safest choice. Also, make sure no other people are being recorded in the background when having sensitive conversations.
Are you screen sharing?
Always consider the sensitivity of the data you are exposing, whether via screen share, uploads or links. When sharing a screen ensure only information that needs to be shared is visible, all other windows must be minimised or entirely closed. The safest test is to trust our common sense - would you share this information on a regular phone call? Beware that screen sharing has a huge potential for legal and reputation damages because even an icon or a stray file name could give away sensitive corporate or personal information. One good tip for call and event hosts is to limit the ability of certain people to share their screens and thus avoid the possibility for sharing content maliciously or by mistake.
Did you take the necessary network precautions?
Always change default settings and use broadband VPN Wi-Fi network, if possible, to protect the identity of who the network belongs to or the equipment manufacturer. It goes without saying that your software must always be updated and encrypted.
You must check the terms and conditions of products you are using and always keep in mind that if the product is free, then you are the product
If this is the case, inspect whether the provider is collecting, selling or sharing data to fund the provision of the free service.