From education to employment

From lectern to laptop: privacy and data protection best practice in the video conferencing era

Amit Walia

A recent report by @Ofcom found that more than seven in ten of us now take part in a video conference at least once every week. That’s a significant increase from just six months ago. And we’re all familiar with the reasons why. As universities welcome students back for the start of another academic year, video conferencing will continue to play a significant part in their lives as the laptop becomes the digital lectern. And with the latest statistics showing a sharp rise in cases of Covid-19 throughout a number of UK universities, video conferencing will become an essential link not only to their studies, but to friends and families too.

However, a word of caution. Just as video conferencing tools are now a vital communication tool, the adoption of these platforms can pose a significant threat to the privacy and security of our communications if not implemented properly. Who can have failed to read about the Zoom-bombing incidents earlier this year. And just last month, Zoom’s video conferencing platform crashed coinciding with US schools returning after the summer vacation, leaving hundreds of thousands of students, teachers and workers unable to connect. Fortunately the outage lasted only a few hours, but both these incidents illustrate the importance of utilising a video conferencing platform that’s ‘fit for purpose’ – one that is not only robust and scalable, but puts users privacy and security at its core. 

Enhanced security features and technical advancements are being added to video conferencing platforms all the time to help minimise the risk of succumbing to a security incident. But in addition, there are also some straightforward steps that organisations and users alike can take to ensure privacy and security concerns are minimised. 

For organisations these include: 

  • Data Protection – the arms of data protection regulation are long and complicated. Having come into play in 2018, many organisations have found themselves on the wrong side of the General Data Protection Regulation (GDPR) and the Information Commissioner’s Office (ICO) has imposed some considerable fines. All organisations should consider whether information being shared or recorded will have a data protection impact. If you’re unsure, you should conduct a Data Protection Impact Assessment to help determine the best way forward to remain within the scope of regulations such as the GDPR.
  • Reading and understanding the various privacy policies – users should be able to trust that companies will respect and protect their privacy and security.  Many of these policies draw on the Digital Standard, a set of benchmarks that can be used by organisations to design digital products that are respectful of consumer privacy rights. Policies vary but they should include information for assessing how secure the tool will be, including whether communications will be end-to-end encrypted or not. 
  • Create user guidelines – users should be provided with an organisation’s policy on the use of video conferencing technology so that they are aware of the measures that have been implemented to protect their personal data as well as the rules governing usage.

For users:

  • Familiarise yourself with the platform’s functionality – most platforms have options that enable users to improve security. This could be configuring controls to enable the waiting room option, the screen share option or even simple steps like using a background image to prevent personal data being visible during a call.
  • Read the user guidelines and privacy policy – if you have not been given this, ask to see it. It’s important to understand the policies and parameters that are in place relating to the use of video conferencing tools, specifically relating to security and privacy concerns.
  • For students working from home, or private rental properties, they should ensure their home router is not using the default administrator password and IP address. Changing the administrative password on the router is a good idea. Sometimes it comes with a complex password which is good, but it’s even better when it’s something only you know. 

Although 2020 will likely be remembered as a year of disrupted education, cancelled holidays, postponed celebrations and more, the silver lining is that we have access to technology that enables us to carry on, regardless. Video conferencing tools have been the saving grace for many of us, and so long as we secure communications and maintain privacy by implementing sensible precautions most aspects of our lives can continue to operate relatively normally, despite the global pandemic in our midst. At the heart of this is having a video conferencing policy which outlines the expectations and requirements from both the organisation and its users.


Related Articles

Responses