Videoconferencing isn’t exactly new, and many people have been using Skype or FaceTime for face-to-face conversations for quite some time.
But it’s no secret that the pandemic opened many more businesses to regular videoconferencing through a host of readily available tools, including Zoom.
What many business owners might not be thinking about are the possible legal risks associated with the widespread use of these platforms. Generally, the tools companies are using were intended for more casual or smaller-scale use.
Let’s start with Zoom, which is now popular from day-to-evening, for everything from a client meeting to a virtual happy hour.
In March, the Office of the New York Attorney General sent a letter to Zoom expressing concerns about the platform’s “existing security practices.” The letter stated that those practices might not be “sufficient to adapt to the recent and sudden surge in both the volume and sensitivity of data being passed through its network.”
Specifically, the letter stated a cybersecurity concern that “malicious third parties” could access users’ webcams, an issue that has occurred with platforms like this before.
The same day that the New York Attorney General sent the letter, the FBI’s Boston Division issued a statement warning users about the hijacking of videoconferences and online classrooms, something that’s come to be known as “Zoom-bombing.”
While Zoom has been singled out in the conversation around videoconferencing due to its sharp rise in popularity, the privacy issues are not specific to Zoom. The issue lies in the fact that such platforms are now being used on a much bigger scale and before businesses have considered the legal concerns or trained their employees on those concerns.
Often, videoconferencing platforms run through data centers that are located in other countries, and businesses using them might not even know where. The result is that users’ data might be exposed in places that don’t have the same privacy protocols as the U.S.
While this could be a risk if you use these tools to chat among family and friends, the risk rises to a higher level when you use videoconferencing for a business negotiation or to obtain sensitive information from a customer.
One seemingly helpful tool offered by these videoconferencing platforms is the option to record the chat. However, the federal government and all states have laws that require at least one party to consent before recording a private conversation. In the following states, all parties must consent: California, Delaware, Florida, Illinois, Maryland, Massachusetts, Montana, New Hampshire, Pennsylvania and Washington.
Failure to get consent can rise to the level of criminal wiretapping.
In the past, recording these conversations wasn’t always the easiest thing to do, so most businesses didn’t think about training employees on the issue.
However, the current tools make it possible to record a conversation with just one click. That means someone who works for you could easily record a conversation without thinking anything of it.
It’s also hard to set any controls on the videoconferences connected to your organization. The sudden rise in working from home means people are quickly setting up their video calls through personal accounts, over which you don’t have any control.
It’s also important to think about it in the reverse. That is, you or someone who works for you could be recorded in a video chat with another vendor, client or customer.
In fact, even before the recent surge in video calls for business cases where recorded calls were used as evidence in business disputes were already on the rise.
It’s important to speak with a lawyer who can give you specific guidance for your business, but here are some ways you can minimize your risk.
- Set up company-wide software for videoconferencing. With enterprise software implemented for everyone who works with you, it is easier to put limits on the use of the platform.
- If you use other video options such as Zoom, mute the audio. Consider using the video function in tandem with your company-based phone conferencing for audio.
- Use the private meeting function. In Zoom, there are two options for making a meeting private: requiring a meeting password or using the waiting room feature to control who can enter.
- Provide the meeting link privately. Be sure to email your meeting link only to invited parties, and do not share it on social media.
- Confirm that you and your team are using updated versions of all software. Zoom updated its software in January of this year, including a security update, which added passwords as the default for meetings and made it impossible for a user to randomly scan for meetings to join.
- Use the “Host Only” setting for screensharing in Zoom. This minimizes the risk of privacy breaches.
- Conduct quick reviews on the possible risks of any platform you use. Be ready to adjust quickly to any security or privacy concerns, both for yourself and your workers.
- Train your employees right away. Provide guidelines for employees on best practices, including a ban on recording unless all parties consent, just to be safe. Advise employees that anything they say could be recorded, and update all policies to match with your company’s best practices.