Video Conferencing and Recording: Know the Risks Before You Connect
Most conferencing programs allow easy recording and sharing of the videos, creating an innovative tool for bringing others in on the conversation. But this function also raises a host of potential confidentiality, discovery and security issues.
April 23, 2020 at 10:00 AM
7 minute read
Credit: Girts Ragelis/Shutterstock.com.
Our new normal has made most of us regular users of video online meeting software. Just a few months ago, this technology was a novelty that we resorted to when travel plans went awry. Now it has gained a foothold in our business lives that makes it almost as common as a phone call. Zoom, just one of the companies that provides video conferencing, went from 10 million daily users in December to 200 million in March.
Most of these programs allow easy recording and sharing of the videos, creating an innovative tool for bringing others in on the conversation. But this function also raises a host of potential confidentiality, discovery and security issues.
Before you embrace the recording feature, consider how to manage the risks associated with it.
|Is It Worth the Risk?
As often happens with new technology, our risk management best practices are still catching up. This is particularly true with the ability to record video conferences. Many of these software programs tout easy recording and sharing of those meetings as one of the benefits, but that feature also carries security and legal risks.
Strip a video recording down to its basic form and it is a digital document, no more or less secure than any other document or "electronically stored information" on an office server. We have all read news reports of major companies, the government and even the military being hacked. To date, corporate data breaches usually have targeted credit card and financial account information. But just imagine if the legal, personnel or business strategy matters you normally discuss behind closed conference room doors were in a video floating around on the web.
The Washington Post reported on April 3, 2020, that thousands of recorded Zoom meetings had been made viewable on the open internet, including therapy sessions, financial meetings, telehealth calls and elementary school classes that exposed the faces and other details about children. The hosts of these meetings may not used all the security protections available to them, but this breach still should send a wake up call to businesses and law firms. Hackers now have a new and inviting target—and they will work overtime to exploit it. Some matters may just be too sensitive to risk discussion in an online video forum. For most remote communications, the most secure and confidential method remains the telephone.
Discovery could be painful. You should be concerned about legal adversaries gaining access to meeting recordings as part of discovery in litigation. The sweeping e-discovery requests we see in lawsuits can include video meetings as easily as they do documents and emails. When we write a memo or an email, most of us are cautious in the views we express or the language we use, knowing that a digital footprint never disappears and could show up in discovery, or at the very least, on the computer screen of someone we never intended to read it.
Live meetings are a different animal. The spontaneity and feeling of almost being in the room make for creative and less guarded conversation, which is maybe the definition of a something you don't want popping up in discovery.
While having an attorney participate in the video chat may lend attorney-client privilege to a meeting, don't take that for granted. There are exceptions to this rule, and you can expect an adversary to push hard to convince a judge to remove the cloak of privilege. And if there is no attorney-client privilege, you can be sure your meeting will have little chance of remaining off limits in discovery.
Limiting risks with best practices. We suggest that any company or law firm using video conferencing start by setting up a policy for users and criteria for what calls are subject to recording. Lawyers should have the last word on this policy, but your IT and data security experts also should have a seat at the table.
Select the right program. The first decision is to decide what software to use. Convenience and features are important, but security should drive the decision. Don't use any program that does not have end-to-end encryption, which requires a key to open it that is known only to the users. Look for a program that enables the host to limit recording by others. Innovation in this area moves quickly and there may be other encryption and security features your in-house data experts will recommend. Charge them with identifying the most secure program available. And make it policy that there is no freelancing by users who prefer to use other software.
Consent should be transparent. Both from a legal and ethical standpoint, no meeting participant should be recorded without consent. If a meeting organizer plans to record, affirmative consent should be given by all participants. Don't rely on terms-of-service type micro-print, and make sure everyone understands. Depending on the software, the host may be the only person who can record through the program, but anyone can record the conversation using the recording feature on their cell phone. If that is a concern, the disclaimer at the beginning of the meeting should include an agreement that nobody but the host is allowed to record.
Consent to record laws vary by state, but we don't recommend you ever rely on a one-party consent policy or otherwise record without notification because participants deserve to know if they are being recorded. If you have a special situation that requires secret recording, be sure you are familiar with the laws of every state where there is a participant on the call.
Use a uniform disclaimer approved by an attorney: Here is an example:
"IMPORTANT NOTICE: Please note that this {Name of Meeting Software} service allows audio and other information sent during the session to be recorded, which may be discoverable in a legal matter. By joining this session, you automatically consent to such recordings. If you do not consent to being recorded, discuss your concerns with the host or do not join the session. Rules regarding the recording of communications differ from jurisdiction to jurisdiction. Please check the rules on this topic in your respective jurisdiction."
This can be added to the meeting invitation and it's not a bad idea for the host to remind everyone at the beginning of the meeting that it is being recorded.
Have a retention policy. Just like with other digital records, you should have a policy for how video conferences will be maintained, preserved or destroyed in accordance with policies governing the storage of other electronic files. Your retention policy will allow you to destroy videos after a suitable period of time and thus remove them from the reach of discovery.
Video conferencing is a powerful tool that will help businesses and law firms make the best of this period when on-site meetings are not feasible. Just be sure this technology is working for you, and not setting you up for exposure to other problems.
Gina M. Vitiello is a shareholder in the Atlanta office of Chamberlain Hrdlicka. Contact her at 404.588.3426 or [email protected].
This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.
To view this content, please continue to their sites.
Not a Lexis Subscriber?
Subscribe Now
Not a Bloomberg Law Subscriber?
Subscribe Now
NOT FOR REPRINT
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
You Might Like
View AllLaw Firms Mentioned
Trending Stories
- 1The Growing PFAS Morass: Why Insurance Should Cover These Products Liability Claims
- 2Dallas Jury Awards $98.65M in Botham Jean Killing by Dallas Officer
- 3In Talc Bankruptcy, Andy Birchfield Skipped His Deposition. Could He Face Sanctions?
- 4Pharmaceutical Patents: Benefits and Challenges
- 5Where Do Web-Tracking Class Actions Belong? 8th Circuit Weighs the Issue
Who Got The Work
Michael G. Bongiorno, Andrew Scott Dulberg and Elizabeth E. Driscoll from Wilmer Cutler Pickering Hale and Dorr have stepped in to represent Symbotic Inc., an A.I.-enabled technology platform that focuses on increasing supply chain efficiency, and other defendants in a pending shareholder derivative lawsuit. The case, filed Oct. 2 in Massachusetts District Court by the Brown Law Firm on behalf of Stephen Austen, accuses certain officers and directors of misleading investors in regard to Symbotic's potential for margin growth by failing to disclose that the company was not equipped to timely deploy its systems or manage expenses through project delays. The case, assigned to U.S. District Judge Nathaniel M. Gorton, is 1:24-cv-12522, Austen v. Cohen et al.
Who Got The Work
Edmund Polubinski and Marie Killmond of Davis Polk & Wardwell have entered appearances for data platform software development company MongoDB and other defendants in a pending shareholder derivative lawsuit. The action, filed Oct. 7 in New York Southern District Court by the Brown Law Firm, accuses the company's directors and/or officers of falsely expressing confidence in the company’s restructuring of its sales incentive plan and downplaying the severity of decreases in its upfront commitments. The case is 1:24-cv-07594, Roy v. Ittycheria et al.
Who Got The Work
Amy O. Bruchs and Kurt F. Ellison of Michael Best & Friedrich have entered appearances for Epic Systems Corp. in a pending employment discrimination lawsuit. The suit was filed Sept. 7 in Wisconsin Western District Court by Levine Eisberner LLC and Siri & Glimstad on behalf of a project manager who claims that he was wrongfully terminated after applying for a religious exemption to the defendant's COVID-19 vaccine mandate. The case, assigned to U.S. Magistrate Judge Anita Marie Boor, is 3:24-cv-00630, Secker, Nathan v. Epic Systems Corporation.
Who Got The Work
David X. Sullivan, Thomas J. Finn and Gregory A. Hall from McCarter & English have entered appearances for Sunrun Installation Services in a pending civil rights lawsuit. The complaint was filed Sept. 4 in Connecticut District Court by attorney Robert M. Berke on behalf of former employee George Edward Steins, who was arrested and charged with employing an unregistered home improvement salesperson. The complaint alleges that had Sunrun informed the Connecticut Department of Consumer Protection that the plaintiff's employment had ended in 2017 and that he no longer held Sunrun's home improvement contractor license, he would not have been hit with charges, which were dismissed in May 2024. The case, assigned to U.S. District Judge Jeffrey A. Meyer, is 3:24-cv-01423, Steins v. Sunrun, Inc. et al.
Who Got The Work
Greenberg Traurig shareholder Joshua L. Raskin has entered an appearance for boohoo.com UK Ltd. in a pending patent infringement lawsuit. The suit, filed Sept. 3 in Texas Eastern District Court by Rozier Hardt McDonough on behalf of Alto Dynamics, asserts five patents related to an online shopping platform. The case, assigned to U.S. District Judge Rodney Gilstrap, is 2:24-cv-00719, Alto Dynamics, LLC v. boohoo.com UK Limited.
Featured Firms
Law Offices of Gary Martin Hays & Associates, P.C.
(470) 294-1674
Law Offices of Mark E. Salomone
(857) 444-6468
Smith & Hassler
(713) 739-1250
