DPC Data Protection Tips for Video-Conferencing (3rd April 2020)May 2020
- Employees should be using your contracted service providers for work related communications. Ensure you are happy with the privacy and security features of the services you ask them to use. Ad-hoc use of apps or services by individuals should not be encouraged.
- Try to ensure that employees use work accounts, email addresses, phone numbers, etc., where possible, for work-related video-conferencing, to avoid the unnecessary collection of their personal contact or social media detail.
- Make sure that clear, understandable, and up-to-date organisational policies and guidelines are provided to those using video-conferencing, so they know what rules to follow and steps to take to minimise data protection risks. This should include information on the controls the services provide and that are available to them to protect their security, data, and communications.
- Implement, and/or advise employees to implement, appropriate security controls such as access controls (such as multi-factor authentication and strong unique passwords) and limit use and data sharing to what is necessary.
- Where video-conferencing services need to be used for organisational reasons, have a consistent policy regarding which services are used and how, and offer through VPN or remote network access where possible.
- Avoid sharing of company data, document locations or hyperlinks in any shared ‘chat’ facility that may be public as these may be processed by the service or device in unsafe ways.
- Read DPC guidance on Protecting Personal Data When Working Remotely and DPC guidance on data security and make sure the points contained within are made clear to employees.
By Judy de Castro - Regulatory Consultant