Key privacy and security considerations when choosing a video conferencing solution

Remote and hybrid working has strongly increased in response to Covid-19, with IT leaders tasked to purchase collaboration tools to keep employees connected during this time. But in the rush to implement video conferencing at scale, many did not have time to fully evaluate how providers handle their data security and privacy, leaving themselves vulnerable to risk.

When looking at a video conferencing solution, you need to consider privacy and security individually. And as organisations adapt for the future, they should take into account a few key considerations when evaluating how a provider handles the security and privacy of meetings and employee data.

Do your homework

Every video conference call creates data, and if you’re recording audio, video and chat sessions, all of that data is in the hands of the provider. But even if you’re not recording, meetings still create metadata. Protecting information such as IP addresses, email addresses, or company information is crucial. Laws and regulations such as GDPR, CCPA, HIPAA and others set the standard of how this information is protected. It’s important to understand how the video service provider treats call information and metadata. Review the data privacy policy of the provider and have a clear understanding of what they do with your data. Ensure that this data is not sold or shared to a third party. You should be able to request information about how your provider uses your data, how long it is retained, and under what regulatory standards it handles such user data.

Assess your risks

When considering a solution, perform a risk assessment or research the standards that companies guarantee. Enterprise IT leaders must ensure privacy by understanding the security protocols that are in place by the provider, this also applies to video conferencing. As a buyer, look for a solution that’s secure from the start. It’s easier to start with strict security and loosen restrictions as you operate, rather than start with a lax security procedure and then move to a more secure environment.

Where in the world is your data?

Data needs to be stored somewhere, and when in motion, it needs to go from point A to point B. You should consider both where the data is stored and how it has travelled to get there. If your organisation prefers that your data remain only in selected geographies or even entirely hosted internally, consider how your solution is deployed and how much control you have over your data at rest and in transit.

To learn more about how Pexip upholds high standards of information security, privacy and transparency for its customers, partners and employees, visit www.pexip.com/security.