Covid-19 has driven us back into our homes; transforming what was once a sanctuary into a place of work. Video conferencing tools have hence become essential for both employers and employees, facilitating the homeward migration. However, like many technologies, the adoption of video conferencing tools can pose a threat to the privacy and security of our communications. Organisations and their employees can play a vital role in attempting to mitigate this risk.
Mitigating risk – Organisations
Prior to the adoption of a video conferencing tool, an organisation should seek to consider the following measures/actions:
-
- Data Protection Impact AssessmentA formal documented assessment which allows decision-makers to identify, manage and mitigate any data protection risks associated with a project. (DPIA): if a video conferencing tool is likely to increase the existing privacy risk inherent during remote communication, such as the transmission or recording of particularly sensitive information on data subjects, then a DPIA should be performed to understand the impact that the use of such a tool will have on the protection of personal information.
- Privacy Policy review: most video conferencing tool providers publish privacy policies on their websites. These contain useful information for assessing how secure the tool will be, e.g. whether communications will be end-to-end encrypted or not. A recent review by Austrian privacy advocates, NOYB, concluded that video conferencing providers need to work harder on meeting their transparency obligations under the GDPR.
- Terms of Service review: while you may not have the bargaining power to re-negotiate terms of the agreement, you can shop around and review the terms of service agreements offered by different tools to determine which technology best suits your requirements. As the software is acting as a ‘data processor’ on behalf of your organisation, you should ensure there is an adequate data processing agreement in place either as part of the Terms of Service or as an acceptable accompanying document.
- Creation of Staff Guidance: employees should be provided with an organisation’s policy on the use of video conferencing technology; so that they are aware of the measures that have been implemented to protect their personal dataInformation which relates to an identified or identifiable natural person. and the rules governing usage.
The reality of the last several months has often resulted in the immediate adoption of the most convenient video conferencing tool available. However, the above measures can be performed retrospectively, enabling an organisation to determine whether they should continue using the current video conferencing tool.
Mitigating risk – Employees
As an employee you can:
-
- Know your controls: video conferencing tools often offer end users the option to configure controls that can improve security. As a user of video conferencing tools, you should know what these are, e.g. ‘Zoom Bombing’ could have been prevented by following a few simple steps or using a background image can prevent other personal data being visible during a video call.
- Read the Employee Privacy Policy and other guidance: employees should direct their attention to their organisation’s privacy policy. This policy will contain information relating to the use of video conferencing tools or a stand alone policy detailing expectations and on employees.
Conclusion
Covid-19 has forced the adoption of video conferencing tools upon many organisations and consequently, their employees. However, it is still within the power of both parties to secure communications and maintain privacy by following the steps outlined above, i.e. selecting a secure tool; configuring the tool to ensure secure communications; and, establishing organisational guidance on the use of the tool. Having a video conferencing policy to outline the expectations and requirements on employees is a key step to ensure all involved understand the risks involved.
The DPO Centre can review your current usage of video conferencing facilities and provide you with all the necessary documents. For further information, please use the form below to contact us.
Fill in your details below and we’ll get back to you as soon as possible
Alternatively, click one of the options below to speak to us
Email Call