Question: Could work-from-home staff be violating privacy laws during conference calls?
Jena Valdetero, a data security and privacy lawyer and partner with Bryan Cave Leighton Paisner: With the recent, rapid movement from in-person meetings at the office to phone conferences and videoconferences at home, employees suddenly have found themselves in new territory. If you are lucky enough to be able to do your job from home right now, you should be aware of a few key things.
First, if your role requires you to maintain confidentially about sensitive information, having calls with your spouse or nanny nearby can violate that. While generally those individuals are not likely to leak such information, technically you should be having confidential conversations in a private room. This is particularly the case for people who work in healthcare and may be discussing protected health information (PHI) and for attorneys whose jobs require confidentiality.
Second, if you are inclined to record calls or videoconferences, you should be aware that certain states require consent of all of the parties to the meeting before you can hit record. Even if the person recording is in a state that only requires consent of one party to the recording, if anyone else is in a state that requires consent of all parties, then the more protective state's law will apply. It's always a good idea to advise everyone on the call that you intend to record the conversation. If no one objects, then most courts will assume consent.
Third, many conference call programs do not permit the call moderator to see who is on the call. Thus, someone can easily call in and listen to a call to which they were not invited without the other participants being aware. Make sure to use a conference application that makes a noise to signal when a new person has joined the call. The moderator generally should try to call in a few minutes early in order to keep track of who is joining the call. Always ask people to identify themselves when you hear someone joining. Also, to avoid someone unintentionally joining a call prematurely, do not use the same conference number for calls that are scheduled back-to-back.
Fourth, utilize your mute button liberally and keep side conversations during calls to a minimum to eliminate the risk that you'll inadvertently disclose information on a call that was not intended for the ears of the call participants.
Fifth, avoid using free conference call services for sensitive work calls. These apps generally make money by sharing personal information with third-party marketing companies, which can raise some privacy concerns.
- Latest Security News & Commentary about COVID-19
- Privacy in a Pandemic: What You Can (and Can't) Ask Employees
- Why DPOs and CISOs Must Work Closely Together
- State of Cybersecurity Incident Response