4 Key security & compliancy criteria when video calling with customers

When using video conferencing solutions to interact with customers, you are discussing personal and private information more often than not. That can be their claims information, bank account, or their patient data. Since personal and private data is shared, it is good to know what are the 4 key security and compliancy criteria to take into consideration when video conferencing and selecting a video conferencing solution. 

Let’s dive in! 

1. Protect confidential information during video calls 

The purpose of ISO27001 is to have a compliance check for solution providers and minimise the risk of confidential or personal information being misused. When using a video solution make sure to check:

• Your video solution provider is ISO27001 certified 
• End-to-end encryption of in-transit data (example the video or audio stream) 

• There’s an option to anonymise or remove specific data 

2. Inform your customers of security in a compliant manner 

Some compliance regulations specify you need to inform customers about the way their personal information is being collected, processed, and secured during a call. This may be the case when data like geolocalisation is collected or when video recordings are made. What do you need to look out for? 

• Custom email templates so you can send customers relevant and informative information about their security rights before a video call. 

• Custom notifications via channels like SMS or whatsapp containing the video call link 
• Disclaimer messages before a call where a customer clicks to accept their participation in a video call. 

3. Store data correctly 

When documenting during video calls with customers in the form of recordings, pictures or other documents, then compliance regulations like GDPR requires your vendor to store those artifacts securely. This of course differs per industry, so it will depend on your company and what your business activities are. However, what is useful in this case is to have a vendor that offers multiple options to store data. For example, in the cloud, on their servers, your own servers or in a hybrid fashion where artifacts are stored on your servers and call data on theirs. Additionally, make sure to know the length of time you need to store the data. 

What do you need to consider? 

• Choose where files and artifacts will be stored 
• Configure how long data will be stored 

4. Restrict access to call and data using user roles 

Besides data, files and artifacts it is also good to restrict access to them via your video solution portal or dashboard. Prevent hacking or misuse of data by unauthorized persons using roles based usage. What to consider here when choosing a vendor: 

• User roles to prevent unauthorized usage and access to files 
• Roles determining configuration of settings, such as message templates 
• Verified log-in to the dashboard with separate process to start a video call 

• Ensure you use a web-based solution, and preferably on your own domain URL. 

Conclusion 

Compliancy and security aren’t a taboo item and can easily be handled when you select the right vendor which offers options such as customised message templates and data storage options. Video In Person for example offers this and more to industry leaders like DEKRA and Ergo Hestia. If you have any questions about compliancy and security for your video solution – get in touch!

Nick van Xanten