Privacy and data protection will be central to video conferencing

Amit Walia, EVP Managing Partner at Compodium, discusses why privacy and data protection will be central to video conferencing in public sector digital transformation, post-COVID

A recent report by Ofcom found that more than 70% of us now take part in a video conference at least once every week. That’s a significant increase from just six months ago and we’re all well aware of the reason why. What’s more, recent research from Sungard Availability Services suggests this trend is set to increase post-COVID, with many UK consumers having used lockdown to move to a digital-first mindset. Given government guidance is now moving back to encouraging people to work from home where possible, this is likely to increase even further.

For many people in the UK, a significant proportion of their personal and professional lives now exists online. And while the country has experienced a leap in the use of digital services, Sungard’s research also reveals rapidly changing service and availability expectations from users.

Beware: Changing expectations

Digital transformation has been taking place across the public sector for some time, and many local authorities and public sector organisations were already struggling to keep pace with the customer experience offered by private organisations. Then, coronavirus hit and the monumental shift to digital services in recent months has placed even more pressure on the public sector to match the increasingly demanding expectations of those using citizen services.

Yet, while functionality and uptime are undoubtedly important parts of the customer experience, one area consumers are not prepared to negotiate on is security.  This – above all else – needs to be the priority for the public sector in the renewed drive for digital transformation. 72% of UK consumers say they would immediately switch provider if they were to experience a data breach from a private organisation, while in the US 55% have already changed providers or reduced service levels due to technical issues in the last few months. nI the private sector, this can cause revenue loss and reputational damage, for the public sector the consequences could be far worse.

Video conferencing tools are becoming the cornerstone for all organisations in the shift to a new, digital-first service delivery environment. But while they are now a must-have for any public sector organisation providing citizen services, the adoption of these video conferencing platforms can pose a significant threat to the privacy and security of communications.  Who can have failed to read about the recent Zoom-bombing incidents, including one infamous case in a New Zealand courtroom?

Understanding the risks

Before public sector organisations rush to embrace video conferencing, they need to understand where the potential risks are. While it may seem as simple as joining a video session via a single link, there are far more privacy and security considerations that need to be made to protect citizens’ data. These range from basic security and authentication safeguards to ensuring communications meet the requirements of regulations like GDPR.

A comprehensive understanding of the risks involved will always centre on user data – including how video conferencing providers are accessing, collecting, managing and storing this data. However, before you can ensure this data is protected you need to know exactly what data is being collected. Under normal circumstances this will include a username and email address, as well as data collected in the background, such as IP address, device, operating system and call information. In a public sector context, this information will likely be linked to wider user information contained in public records and databases of previous interactions, so any access to this must be taken into account.

Once you have a clear idea of the data being handled, the next step is identifying how data is being used and any associated restrictions that might be governing this. For example, processing the data to support the function of the call is fine, but sharing the data with unauthorised third parties is not. Those using citizen services need to be confident their data is private, secure and the handling meets any relevant regulatory standards.

Security is the bedrock of data protection and any video communication channel being offered to citizens should provide industry security protocols such as AES-128, AES-256, SSL and TLS. Beyond encryption, public services should provide further security tools such as military grade authentication, waiting rooms and confidential communications, to ensure only those individuals invited to a video call are able to attend.

Privacy and security best practice in video conferencing

The recent pandemic has fundamentally changed the way public services are delivered, speeding up a drive for digital transformation that was already well underway in the public sector.

There’s no question as to the significance that video conferencing has played here, but while it is not a new technology, many organisations have rushed to roll out services under significant pressure. As the dust settles and it’s become clear that many of the recent changes public sector organisations have made are here for the long term, there is a greater need for a new focus on protecting the sensitive, confidential and valuable data contained in video conversations.

Privacy and security cannot be an afterthought – it must be built in – and it is not yet too late to ensure this is the case. But as the public sector communication landscape continues to evolve, we must ensure that people have a positive, safe and protected experience.