What do one canadian deputy, a commentator for a TV news channel and a politician? They all had to use a video conferencing or teleconferencing app to do their jobs in the age of Covid-19, like many of us. However, as these examples show, switching to videoconferencing comes with taking risks.
Hundreds of millions of workers are now engaged in daily chats, video and audio calls (often from their homes) with co-workers, customers and suppliers. This is the “new normal”. And according to data from a recent Forrester Analytics survey, nearly one in two businesses (48%) expects to consistently maintain a higher rate of full-time remote employees, even when the terms of return. at work will become safer again.
The conversations we have with these meeting and collaboration tools are visible, audible and readable. We use these video, audio and chat files to recall information, for broadcasts of general meetings, for negotiations with clients, for virtual medical visits and for other types of conversations. But for this new work habit to be a long-term success, IT professionals, business managers, and cybersecurity managers must agree on how this data is saved, stored, and securely shared.
Risks and obligations
IT and information management professionals must act in accordance with risks and obligations.
A recent study by Forrester highlights the key issues that need to be addressed in refining the questions of retention, security, and appropriate use of these digital conversations.
Most organizations will need to catch up in this area. Only 13% of records and information management pros said in the Forrester / ARMA survey (Q4 2019) that they manage their collaboration tools in accordance with their company’s retention policies. Compare that to the over 40% who say they handle email the same.
Yet meeting and collaboration apps produce text chats, documents, and video or audio files, and automatic transcripts – all considered stored digital information in the eyes of the legal department. And if that data is stolen, it can be exploited.
Conversations are inherently more informal than written documents, which means clear policies and procedures are needed to guide employees on the protection and retention of this data. What to record, how to obtain consent to record, where and how to store and secure recordings, and when to archive or delete them – all of this should be clear.
In these recorded conversations, participants discuss confidential business plans, customer issues, personal or medical information. Recorded conversations can be stored in repositories which make it very deceptively easy to share with colleagues or even external audiences.
Heavily regulated businesses – like banks or companies in the healthcare industry – have rules that dictate how information is captured and stored. Banks, for example, are required to monitor and inspect conversations with customers, as part of their supervisory obligations.
So what to do?
First, it’s about understanding the risks without sacrificing the benefits of adopting virtual meeting and collaboration applications in terms of productivity and knowledge sharing.
And here are the next steps:
- Review and refine the advice given to employees when using the meeting and messaging apps. Update policies, educate employees and ask managers to lead by example.
- Be sure to use the correct editions of the tools, business apps, not free consumer apps. The enterprise editions of the most popular platforms will include the integrations, APIs, administration tools and security controls you will need to govern the use, recording, retention and sharing of digital conversations.
- Examine archiving platforms to automatically capture meeting data. Regulated industries often use archiving tools for emails and text messages, and these vendors have been quick to come up with connectors for many of the strong meeting and collaboration tools that are trending right now. Archiving platforms already support the needs of regulated businesses for legal discovery, retention or secure deletion.
- Recognize that not all recorded meetings are important. The purpose of the meeting should dictate how it is filed and kept. Routine team meetings may have short-term value, while leadership meetings may need to be kept on an ongoing basis. Evaluate the utility of keeping text transcripts extracted longer term to preserve corporate memory, while eliminating very large video files faster.