Videoconferencing and the Privacy Risks

Online meeting technology exploded into popularity as social distancing was implemented across the world in response to the COVID-19 crisis. The most popular program, Zoom, went from 10 million daily users in December 2019 to 200 million daily users in March 2020. The sudden increase in both personal and business use of online meeting technology has created a raft of reports of privacy and security issues.

Issues such as data sharing with Facebook and the privacy of conversations taking place in “chat rooms” have been raised. Security concerns have included reports of “zoombombing”, where Zoom meetings were bombarded by users with racial slurs and pornographic motifs and a security vulnerability that allowed Mac users to be forced into calls without their knowledge. Serious questions have also been raised about encryption software and whether or not users’ data is being encrypted to ensure it is being kept safe.  

Privacy authorities are poised to focus on video and teleconferencing apps with  Privacy Commissioner Angelene Falk warning of “new risks to privacy” , requesting providers to be transparent about how they handle personal information, make their controls user-friendly and build in privacy and security “by default”. Ms Falk also states that “organisations that shift to using new mediums for doing business need to replicate, as far as possible, privacy and security measures that would apply in their regular environment”.

What you can do to fulfil your obligations under the Privacy Act

At the moment, it’s more important than ever to assess privacy risks and take active measures to protect personal and private internal information.

As a first step, we recommend that organisations adopt new practices to ensure that their security is protected (as far as possible).

You should consider:

  1. Conducting a Privacy Impact Assessment on each main software program used for remote working/learning purposes (stay tuned for our ‘5 Minute Privacy Impact Assessment’ article);
  2. Instituting guidelines and privacy protocols in relation to the usage of these programs – these should be distributed to all users;
  3. Consider what information and documents can be (safely) shared using these software programs;
  4. Educate your employees on the features of the software, and what to be aware of to identify potential security threats; and
  5. Ensure that your privacy policy aligns with the collection, use and disclosure of information that particular software programs may use.

Whilst using videoconferencing facilities, you should follow the guidelines below to ensure privacy and data stays safe:

  • if you are a host, ensure that you use a password protected meeting invite;
  • if you are a host (using Zoom), there is a feature that allows participants to provide consent before recording a meeting, you should ensure that this feature is turned on (it is turned off by default);
  • if you are an attendee, ensure your host is using a password-protected link, and also use an automatically generated meeting ID for each invite;
  • if you do not want to receive targeted ads from Zoom, you can click the “Cookie Preferences” (on the Zoom website) link at the very bottom of any page on the site and adjust the slider to “Required Cookies”; and
  • mute your microphone (and even sometimes turn your camera off) if you are not speaking.

Online Learning

The rapid transition to online learning has been made possible by videoconferencing apps. However, it is important to be mindful of the privacy and security risks that are associated with using the software.

We recommend teachers specifically take the following precautions when teaching via videoconferencing apps:

  • use the lock meeting option once all classroom attendees have joined the session. This prevents unauthorised access to the room;
  • use randomly generated meeting IDs;
  • where necessary and appropriate, try and obtain parental consent as students’ data may be stored;
  • do not create screen captures of students;
  • teachers can block students from joining the room before they themselves do; and
  • consider muting participants to block unwanted and distracted noise.

Next steps

Zoom has just implemented a specific K-12 privacy policy that can be accessed here. We suggest you read this privacy policy to ensure it aligns with your own privacy policy and you are fully informed about what data is being collected.

For more information or guidance, please do not hesitate to contact us.