Privacy in online meetings

On 18 February, the Spanish Data Protection Agency (AEPD) published a press release [1] which included a list of basic tips and precautions for conducting online meetings, whose use has soared due to COVID-19, while ensuring security and privacy:

• Follow your organization’s policies for online meetings, using only the tool and devices approved and/or provided by the organization. If sensitive data or information is being processed, use end-to-end encryption services for meetings that use unique passwords for each attendee, giving instructions for them not to be shared.
• In meetings with a large number of attendees from various organizations, a participant should be designated to help with privacy and security issues.
• If the meeting is to be recorded, assess in advance the sensitivity of the issues to be addressed, the identity of the participants and the possible dissemination. Do not
• record the meeting unless necessary, and in any case be sure to properly inform attendees of the purpose of the recording and when it begins or ends.
• Turn off or limit unnecessary features, such as chat, file sharing, screen sharing, or recording.
• Enable notifications for when attendees join the meeting. If the platform does not allow this make sure the host asks new attendees to identify themselves. Use the dashboard, if available, to check attendees and identify them.
• Limit the reuse of access codes or links. If you’ve been using the same code for a long time, it’s probably been shared with more people than you can remember. If the topic or identity of the participants is sensitive, use one-time access codes, links, or access pins. Also consider using two-factor authentication and block access to the meeting once all attendees have been identified.
• ·Convene only specific contacts, avoid sending groups or mailing lists that include individual access links.
• Use the ‘waiting room’ to admit participants, and do not allow the meeting to begin until the host joins.
• Before starting the meeting, check what visible area is behind you and what personal information it reveals. Consider using a virtual background. Notify those in your household before signing in and take steps to ensure their activity is out of the reach of the microphone and camera.
• During the meeting turn on only the microphone and camera when needed. Be especially careful with wireless microphones since they can still record audio even if they are not in front of the computer. Once the meeting is over, be sure to physically disable the camera and the microphone if possible.

REFERENCES [1]
https://www.aepd.es/es/prensa-y-comunicacion/blog/privacidad-reuniones-online
https://www.nist.gov/blogs/cybersecurity-insights/preventing-eavesdropping-and-protecting-privacy-virtual-meetings

For any additional questions or clarifications you can contact:

Tel.: 93 553 26 42 (9 am to 2 pm)

dpd@ticsalutsocial.cat

https://www.dpd.cat