Search
Close this search box.

A guide to privacy and data protection issues concerning video conferencing

The DPO Centre, the UK’s market leading provider of data protection resources, warns that whilst video conferencing tools have become essential for both employers and employees, like many technologies, the adoption of video conferencing tools can pose a threat to the privacy and security of our communications.

The latest Ofcom annual Online Nation report highlights the increase in video conferencing with more than seven in 10 of the UK population taking part in a video conference at least weekly1.

The biggest growth was seen by Zoom, the virtual meeting platform, which grew from 659,000 users to reach 13 million users between January and April 2020 – a rise of almost 2,000%.

The DPO Centre, the UK’s market leading provider of data protection resources, warns that whilst video conferencing tools have become essential for both employers and employees, like many technologies, the adoption of video conferencing tools can pose a threat to the privacy and security of our communications.

Covid-19 has forced the adoption of video conferencing tools upon many organisations and consequently, their employees. However, it is still within the power of both parties to secure communications and maintain privacy by ensuing there is good guidance in place.

Many organisations rushed into home working and are having to now backfill establishing organisational guidance on how to use video conferencing and having a video conferencing policy to outline the expectations and requirements on employees.  Both employers and employees need to understand the risks involved to avoid future problems and below are our key tips:

Mitigating risk for companies

Prior to the adoption of a video conferencing tool your company should seek to consider the following measures/actions:

  1. Data Protection Impact Assessment: if a video conferencing tool is likely to increase the existing privacy risk inherent during remote communication, such as the transmission or recording of particularly sensitive information on data subjects, then a data protection impact assessment (DPIA) should be performed to understand the impact that the use of such a tool will have on the protection of personal information.
  2. Privacy Policy review: most video conferencing tool providers publish privacy policies on their websites. These contain useful information for assessing how secure the tool will be, including whether communications will be end-to-end encrypted or not. A recent review by Austrian privacy advocates, NOYB, concluded that video conferencing providers need to work harder on meeting their transparency obligations under the GDPR.
  3. Terms of Service review: while you may not have the bargaining power to re-negotiate terms of the agreement, you can shop around and review the terms of service agreements offered by different tools to determine which technology best suits your requirements.  As the software is acting as a ‘data processor’ on behalf of your organisation, you should ensure there is an adequate data processing agreement in place either as part of the Terms of Service or as an acceptable accompanying document.
  4. Creation of Staff Guidance: employees should be provided with an organisation’s policy on the use of video conferencing technology; so that they are aware of the measures that have been implemented to protect their personal data and the rules governing usage.
  1. The reality of the last several months has often resulted in the immediate adoption of the most convenient video conferencing tool available. However, the above measures can be performed retrospectively, enabling an organisation to determine whether they should continue using the current video conferencing tool.

Mitigating risk for employees 

As an employee you can:

  1. Know your controls: video conferencing tools often offer end users the option to configure controls that can improve security. As a user of video conferencing tools, you should know what these are for example ‘Zoom Bombing’ could have been prevented by following a few simple steps or using a background image can prevent other personal data being visible during a video call.
  2. Read the Employee Privacy Policy and other guidance: employees should direct their attention to their organisation’s privacy policy. This policy will contain information relating to the use of video conferencing tools or a standalone policy, detailing expectations and on employees.
  3. Ensure your home router is not using the default administration password and IP address: Many domestic routers including those from Linksys and Cisco use default administrator passwords such as “admin” or “cisco”. Worse still, the admin interface can be accessed using the default IP address (i.e. 192.168.1.1). This makes it easy for anyone within range of your router to login and change your DNS settings, meaning that all your browsing activity (including passwords entered) can be rerouted and recorded without you being aware. You should change your default settings now.

Covid-19 has forced the adoption of video conferencing tools upon many organisations and consequently, their employees. However, it is still within the power of both parties to secure communications and maintain privacy by following the steps outlined above, i.e. selecting a secure tool; configuring the tool to ensure secure communications; and, establishing organizational guidance on the use of the tool. Having a video conferencing policy to outline the expectations and requirements on employees is a key step to ensure all involved understand the risks involved.

    Read more

    Latest News

    Read More

    Three Euro Cup Lessons HR Pros Can Learn

    12 July 2024

    Newsletter

    Receive the latest HR news and strategic content

    Please note, as per the GDPR Legislation, we need to ensure you are ‘Opted In’ to receive updates from ‘theHRDIRECTOR’. We will NEVER sell, rent, share or give away your data to third parties. We only use it to send information about our products and updates within the HR space To see our Privacy Policy – click here

    Latest HR Jobs

    Manufacturing Experience Preferred Strong ER Skills Desirable 1 day WFH per week. Job Title: HR Director – 12m FTC Salary: £90,000 pa Location: Buckinghamshire Contract

    Job Title: HR Director – 12m FTC Salary: £90,000 pa Location: Buckinghamshire Contract length: 12m FTC. Hybrid: 4 days in office and 1 WFH. JGA

    Director of People Reports to: CEO Galop Salary: £60k–£65k Contract: 12 months Fixed Term Contract Hours: Full-time or Part-Time (5-4 days per week) -with flexible

    Hobson Prior is on the lookout for a dynamic HR Director to drive business transformation within a global pharmaceutical company. Manage day-to-day HR tasks and

    Read the latest digital issue of theHRDIRECTOR for FREE

    Read the latest digital issue of theHRDIRECTOR for FREE