Privacy and Remote Meetings

Guidelines on videoconference and teleconference Meetings

Care must be exercised to manage and protect privacy during meetings held remotely through the use of technology. In the context of this guidance a “meeting” could include things such as, but not limited to: departmental meeting, faculty council meeting, committee meeting, meeting with a colleague or one’s supervisor or director.  In addition, this could include things such as work events, services, or gatherings, as well as presentations, talks, or training sessions. For “meetings” held in the context of Teaching and Learning within the academic environment, please see Keep Learning.   

Whether you are the host or a participant, take note of these tips for enhancing privacy.

• Ensure that you are familiar with the platform being used, including guidance on how to enable security and privacy safeguards. Assistance and resources for this can be accessed through Staying Connected while Working Remotely or the IST Service Desk ext. 44357.
• Be mindful that while many devices allow for enabling video, some individuals may prefer to participate using voice only.
• Find a quiet space without interruptions and limited background noise. Be particularly aware of who can listen to or view your meeting and ensure that confidential conversations are not inadvertently overheard or seen. Using earphones or a headset will reduce what is overheard (and will also help avoid feedback and echoes).
• When your video camera is enabled, be aware of what is in your background - have a plain background as much as possible or blur your background.  If your surroundings can be seen, then have a “clean” work area so that personal objects (e.g., family photographs, etc.) are minimized.
• Be cognizant of “screen sharing” or “sharing options” to ensure that only what you want visible is actually visible to others. An alternative is to specifically upload to the meeting any material that you wish to be shared.
• Be mindful of how you communicate. Communication should be topical, focused on meeting content, and individuals should refrain from divulging the personal information of others. Individuals should also be aware of the possibility, when divulging personal information about themselves, that the recording may become more widely available than anticipated: for example, if included in an information access request.

Recording

In general, video or audio meetings should not be recorded. That is, meetings that are not typically recorded when held in person should not be recorded when held remotely. 

Recording a meeting puts everyone in the position of potentially having their information recorded in a number of ways, either with their direct participation (e.g., video, audio, chat) or through indirect means (i.e., online identifier, such as name or telephone number). These conditions raise privacy concerns that should be taken into account. In the limited number of cases where recording is warranted under established University procedures (e.g., online admissions interviews, interviews of position candidates, recordings used by committee secretaries to create meeting minutes), the following must be considered:

Notice of recording: 

• If recording a meeting is necessary, give participants as much advanced notice as possible –indicating the purpose of the recording and who intends to record. Notice to participants should also be repeated at the beginning of the meeting, before recording has started. Some tools such as Microsoft Teams automatically notify participants when a meeting is being recorded. Providing notice to participants about recording activity is not new. Some examples are the University’s existing notice of photography and image release forms.
• Participants should be provided the contact information for someone who can assist with any questions or concerns about recording, such as not wishing to be recorded, being in a significantly different time zone, not having the technological means to participate, or being disadvantaged in any way by video/audio recording.

Some options: 

• If recording a meeting is necessary, then offer alternatives to recording. Some examples might include:
  • limit what is recorded (e.g., record only the meeting chair or presenter-with their permission);
  • anonymous or de-identified attendance;
  • not requiring attendance at the meeting, but making the recording available for individuals who do not attend the real-time event;
  • not recording the entire event—for example, turn off recording for the last 5 minutes of the meeting, such as during the final Q&A period; 
  • providing way(s) for questions to be received anonymously during the event via a moderator—whether through the videoconference platform itself or outside the platform (such as through email);
  • inviting questions either before or after the recorded event.

Policies and guidelines:

• Recordings are subject to the Freedom of Information and Protection of Privacy Act (FIPPA), as well as University policies and guidelines.
• Recordings may only be used for the purpose for which they were obtained or compiled, as described in the notice of recording.
• Committee chairs and secretaries planning to record their committee meetings should review the Recordkeeping guidelines for University committees.

Storage and disposal:

• Always store recordings in a University system – SharePoint or a University file server, for example. Recordings should not be stored long-term on any personal device, even if that device has been safeguarded through encryption and password protection. Over time, recordings that are being stored on personal devices may be forgotten which then can pose a risk for inadvertent access or disclosure of personal information.
• With few exceptions, recordings are transitory University records which should be securely disposed of at the earliest opportunity.   
• The disposal/destruction of recordings which include personal information of students or other individuals should be documented using the University records destruction form or equivalent documentation. Documenting the disposal of records containing personal information is a requirement of FIPPA and of Policy 46 – Information Management.
• If you are unsure whether your recordings are transitory records, or believe they should be retained for an extended period of time, contact the University Records Manager for advice.

Limitation and Risk:

• Recording is not without limitation and risk which may include: (1) limitations to ensuring privacy security of information despite reasonable efforts; (2) unauthorized copying and disclosure, disclosure as required by law, access to information requests; and (3) introduction of malware into computer system, which could potentially damage or disrupt computer, networks, and security settings.  The University is not responsible for connectivity/technical difficulties or loss of data that is associated with participants’ own hardware, software, or Internet connection.

Questions or Concerns

If you have questions about the above guidance, or if you have additional questions about protecting University records containing personal information or about our responsibilities under Freedom of Information and Protection of Privacy legislation, please contact Kathy Winter, Assistant University Secretary and Privacy Officer.

For questions specific to videoconferencing or teleconferencing, individuals should contact their departments or access resources which are available through Staying Connected while Working Remotely, or the IST Service Desk  ext. 44357.