Ireland’s Data Protection Commission has issued advice on protecting data privacy when using videoconferencing.
Organizations should:
- Use contracted service providers for work-related communications. Ensure you are happy with the privacy and security features of the services you ask employees to use.
- Ensure that employees use work accounts, email addresses, phone numbers, etc., where possible, for work-related videoconferencing.
- Make sure that clear, understandable and up-to-date organizational policies and guidelines are provided to those using videoconferencing.
- Implement, and/or advise employees to implement, appropriate security controls such as access controls (such as multi-factor authentication and strong unique passwords) and limit use and data sharing to what is necessary.
- Where videoconferencing services need to be used for organizational reasons, have a consistent policy regarding which services are used and how, and offer through VPN or remote network access where possible.
- Avoid sharing of company data, document locations or hyperlinks in any shared “chat” facility that may be public.