There has been a huge rise in the use of video conferencing and online messaging services while we are at home due to the Covid-19 related lockdown.

These services undoubtedly deliver many benefits, for both personal use and organisations, but we also want to make you aware of the risks they bring for organisations of all types; not to scare anyone, but so you can assess and reduce those risks.

There are lots of different services to choose from, and each has its pros and cons, which we will look at briefly to help you choose the right one for your needs. Regardless of which software you use though, there are risks attached to any video conferencing that all organisations should be mindful of. This applies to church groups and charities, who are holding committee meetings and prayer groups online now, as much as to businesses.

When planning to hold meetings by video call, as well as choosing an appropriate video conferencing service, consider:

  • what’s being discussed in the meeting, and how sensitive that is;
  • if any attendees might have some extra “guests”, and most importantly;
  • whether video conferencing is appropriate for the meeting at all, either for some or all of the attendees.

What’s on the agenda?

Any method of communication can involve sharing personal data, about the people in the conversation, and other people. A meeting held over video from home (in your slippers!) can feel more informal than usual, and there is a risk that it can feel like it’s “off the record”. Remember that all the usual data protection and confidentiality rules apply when you’re discussing anything that could identify a person or people, especially when the meeting host is recording the meeting. Attendees should always be made aware if they are being recorded.

Who else is around?

When we’re working from home with family around, we can have extra uninvited guests to the video meetings; remember “BBC Dad” whose children popped into his office without him realising when he was doing a video link on the TV? Luckily it was just an amusing, and very cute, distraction, but in other circumstances, it could have been more problematic. Be aware that children (or adults!) could wander into shot in a state of undress or say something out loud they don’t intend to share with your fellow meeting attendees. Parents who don’t usually share their children’s images on social media, for a variety of reasons, including safeguarding, should especially be made aware if a video meeting is being recorded so they can keep their children out of shot, which might mean keeping the camera turned off.

Are you sitting comfortably?

This could have you thinking about only video conferencing from behind a heavily padlocked door, but the simplest way to avoid the risk of anything appearing on camera that shouldn’t is to turn the camera off, or not turn it on in the first place. Just because the technology is available, we don’t have to use it at all times, or at all, if it’s not appropriate or someone isn’t comfortable with it.

While the use of cameras can help us feel more connected while we’re apart, there is the danger that they can be too intrusive for colleagues, even if there are no safeguarding issues in their home. Who can honestly say their video conferences only show a beautifully presented tidy house behind your well-groomed and smiling face? Or who (like me!) is more likely to show off a scruffy dressing gown hanging on the door, while sporting unwashed hair and an anxious scowl? Some video conferencing services, including Zoom and Microsoft Teams, allow you to either blur your background or change it completely, but I’m afraid we’re still left with my ungroomed appearance. And while we’re being honest here, yes, I have been known to take a video call while wearing pyjama trousers and a ‘proper’ top!

So, before you encourage everyone to dive into video conferencing, with colleagues, clients, church members, and others, please do consider if it’s necessary and proportionate to the aim of the meeting. And if you do use video calls, which of course many people are happy to do, let participants know it’s perfectly fine for them to join in with voice only, if that is more comfortable for them. Anyone twisting attendees’ arms to use the camera should be aware they are likely breaching Data Protection laws, by processing personal data (video images) unnecessarily.

A final note; bear in mind too, that even when meeting attendees are happy to appear on the video call, that does not automatically extend to them being happy for screenshots from the meeting to be shared on social media! To do that you will need their permission.

Choosing the right service for you

As you’re probably aware, there are a huge number of different services available now. The market had been growing for some time, but these services are in higher demand than ever, due to Covid-19.

I spoke to an IT expert colleague to get up to speed on the most commonly used or well-known video conferencing and messaging software, which should help you to choose the right system for your needs.

There is a difference between the more corporate-friendly services and the ones designed more for personal use. Also, be aware of the different types and levels of security in the way the service works.

True end-to-end encryption means messages can only be accessed by the sender and recipient(s), not even by the software provider, and this is used by WhatsApp and Facetime. Facebook’s Messenger service and Skype (as opposed to Skype for Business) provides end-to-end encryption only if you choose the “secret conversation” or “private conversation” option.

Other software, which does not provide end-to-end encryption, including Microsoft Teams, (which will replace Skype for Business Online), Zoom, BlueJeans, Slack and Starleaf, are not necessarily unsecured; the data is usually encrypted in transit and at rest, so is secure, but it also means the provider and admin can gain access to the content of messages if necessary. This makes them more appropriate for organisations whose conversations are work-related, than software like WhatsApp where only individual users can access the messages, meaning that work-related content would be lost if individuals left the organisation.

Do be aware though, that not all of the more informal video call software provides end-to-end encryption like WhatsApp and Facetime do. For example, my colleague could find no definitive statement from the owners of Houseparty, which is a popular app for video calls, about how the messages are secured between the cloud and users’ devices. There have been recent, albeit unconfirmed, rumours that Houseparty users’ account data was hacked.

There have also been stories circulating about Zoom’s security issues, including the practice of ‘Zoombombing’ where random people can access your meeting, and there are reports of a flaw that allows hackers to gain control of a meeting attendee’s workstation. My colleague’s view is that Zoom has some improvements to make, which they are working on. Your organisation will need to balance the ease of use with these potential risks.

When considering what is most appropriate for your purposes, review the types of information that the different software collects from its users, in the form of account set-up data and technical data such as IP addresses, and whether messages and meetings are recorded by default. This will not be an area of high concern for many organisations, but if you are handling particularly sensitive data, or you are a charity or group working with people who are vulnerable for any reason, this might be more important in your decision-making process.

Further information

For more information on any of the issues in this article, please contact Clare Paterson in our data protection and information team.