Your Organization’s Videoconference Software May Present A Privacy Problem
Privacy Plus+
Privacy, Technology and Perspective
Your Organization’s Videoconference Software May Present A Privacy Problem. This week, we take up a timely consideration, addressing videoconferences over the Internet, and specifically the privacy and security risks associated with them.
Video conferencing technology is a doubled-edged sword. It allows us to communicate in real-time even when we otherwise can’t leave the house or see the person who we are talking with. However, there are certain privacy and security risks associated with videoconferencing that should be addressed.
Recently, Business Insider published an article on a group-video conferencing software called – without a hint of irony – “Sneek.” “Sneek” is always on, “by default,” and employers use it to take photos of their employees every five minutes to make sure they are on the job and (presumably) paying attention. A link to the article follows:
https://www.businessinsider.com/work-from-home-sneek-webcam-picture-5-minutes-monitor-video-2020-3
We note that Sneek’s Privacy Policy, available at this link: https://sneek.io/guides/policy, says little about how it collects, uses, shares, and safeguards information.
Further, there is always risk when using any third party for communications, rather than an on-premise system, because it naturally may expose information to individuals and entities that are not part of your organization. We have written before about the dangers associated with the data supply chain, and you can read our post by clicking on the following link:
https://www.hoschmorris.com/privacy-plus-news/privacy-plus-june-29-2019
The upshot is that before relying on any videoconferencing (or other) technology, you must inquire about privacy and security of your service provider in order to ensure that the service provider will appropriately protect your information. Also, we would be remiss not to provide a little reminder that you should always password-protect your meetings and limit access to only those with appropriate login information.
For employers who use videoconferencing or related technology (like Sneek), we have three thoughts:
First, you may be violating a biometric privacy law. Here, we particularly question how automated, in-home facial-photo capture can be squared against the “biometric” data-protection statutes of Texas, Washington state, and especially Illinois.
Second, you likely need your employee’s consent. We expect that Sneek – and probably other tools and techniques which clever taskmasters are developing to confirm or extract “productivity” from their homebound employees – will require express notice and consent. That would be especially true if the devices capture audio as well as video, since audio capture would raise additional, significant issues under the wording of many state wiretapping statutes.
Third, it’s maybe time to revisit (or create) an employee privacy policy. We realize that many employers don’t think to include employee privacy policies when they develop their privacy policies. They must. Further, those that currently have an employee privacy policy should ensure that it accurately reflects their privacy practices, especially in these strange days.
---
Hosch & Morris, PLLC is a Dallas-based boutique law firm dedicated to data protection, privacy, the Internet and technology. Open the Future℠.