Make sure your virtual meetings are secure, says Sask. privacy commissioner
Do your homework before selecting which platform to use for your online meeting
Technology has made it easy for thousands of us to work from home.
All you need is a laptop and access to the Internet.
Public and private companies have turned to virtual meetings on platforms like Zoom and Google Hangouts to help us keep in touch with our coworkers.
But Saskatchewan Information and Privacy Commissioner Ron Kruzeniski says we should make sure these apps are secure and we aren't sharing private information.
"Organizers should do their homework before they select the platform that they're going to use," Kruzeniski said.
He said there have been many stories of Zoom meetings being hacked, so organizers need to make sure they are able to put in settings that prevent unauthorized people from gaining access to the meeting.
"One really has to search for the platform that is most secure and sort of meets the needs of the organization that's setting up the meeting," Kruzeniski said.
Employers should research video chat platforms before using them to find out what privacy settings they offer, he said.
"Either research them on the Internet. Ask the platform itself. Just find out the settings that they can set so that they can exercise more control over the end results."
Organizations should also know what they are going to do with a virtual meeting.
"Are they just going to make minutes? Are they going to keep the recording? Are they going to have the recording deleted in 30 days because they don't need it anymore? It's just a whole series of questions that people should think about," Kruzeniski said.
Organizers need to be careful to choose a virtual meeting platform that protects confidential information, he added. And, they should make sure the program complies with the Freedom of Information and Protection of Privacy Act, the Local Authority Freedom of Information and Protection of Privacy Act, and the Health Information Protection Act.
Here are some questions Kruzeniski said organizations should be asking:
- Does the service provider offering the platform reside in Canada or the United States?
- Where geographically is the virtual meeting stored? If so, where is the server located (Canada or the United States)?
- Are virtual meetings going to be recorded and saved? If so, by whom?
- Will your meeting involve possible confidential information? If so, do you want it recorded?
- Who has possession/custody or control of the information?
- If saved, can the organization download the recording into its file management system?
- How long will the service provider retain the recording?
- Can the organization request deletion of the recording at any time?
- Does the service provider share the recording or other information with anyone else? If so, who and under what authority?
- Does the service provider have end-to-end encryption?
- Does the service provider have a privacy policy and a security policy?
- What settings can the organization set to maximize privacy and security?
- Does the organization consider the recording an official record or a transitory record?
- Has a service provider had a privacy or security assessment done by an independent third party? If so, can you request a copy?
Kruzeniski said it's likely organizations will continue to use virtual meetings after the pandemic because they save money and are convenient.
That means organizers have to set up policies that address which type of platform best suits their needs.