When should I record and when shouldn’t I record?
One of the most beneficial strategies to make sure you get the most out of your meeting conversation is to record the meeting. You might need to record your next meeting for the following reasons:
- To ensure that no important information is lost in the ether
- You have a trustworthy source of knowledge to refer to.
- In case someone missed the meeting, keep them informed.
- Examine your meetings and become better.
- Observe talks centered on a specific subject or project, among other things.
When you can’t record a meeting
Despite the fact that it is generally lawful to record meetings and phone calls, there are some circumstances with legal sensitivity where it is advisable to refrain. If those meetings must be recorded, only the parties involved should have access to the recordings.
Legal justifications: Not all jurisdictions require that meetings be recorded. On occasion, recording may require the approval of both parties in some states within the same nation, whereas in other places, recording may be permitted with the consent of just one side.
When may a meeting can be recorded
From a legal perspective, consent is the most crucial concept to comprehend before recording a meeting or phone call. So, to start, if you wish to record a conversation, please inform the participants in advance and get their permission before beginning.
Four different types of consent exist:
One-party consent, also known as single-party consent, refers to the ability to record a call or a meeting with the permission of just one of the participants. The other person does not have to expressly agree.
Two-party consent requires both parties to give their prior consent before recording a call and requires that both parties are notified that the call is being recorded. The consent may, however, be provided voluntarily or inadvertently.
In order to obtain active consent, it is customary to signal the meeting attendees visually or audibly that the conversation will be recorded. The participants (other parties) must actively consent for you to record by either vocally consenting or by clicking an approve button confirming their consent.
The term “passive consent” describes a situation in which a meeting participant is informed that the event is being recorded audibly or visually while they are present but chooses not to object. Participants have passively granted you their consent if they are willing to continue the meeting even after learning that it is being filmed.
What are the Laws in the US
The Electronic Communications Privacy Act (ECPA) in the US governs call recording. Because the ECPA primarily regulates obtaining aural transfer (any transfer involving the human voice from the point of origin to the receiver) over electronic communication channels, it also covers video conference meetings and conversations.
According to the ECPA, it is forbidden to record a call without at least one party’s permission. As was previously mentioned, “active consent” is not always required. Nevertheless, states have created their own versions of the recording laws, making them either the same as or stricter.
Because the ECPA regulations only act as a starting point, individual states may impose stricter requirements. Take North Carolina as an illustration; it is a one-party consent state. It means that as long as they are informed that the meeting or call is being recorded, a meeting participant can actively or passively indicate agreement to a recording.
States like California and Florida, on the other hand, require two parties’ consent before the meeting can be recorded. It implies that you must notify everyone beforehand if you plan to record the meeting. Email notifications, audio disclaimer announcements, clickable CTAs, and other forms of communication are all acceptable. Additionally, in this scenario, meeting participants can assent actively or passively.
What are the Laws in the EU
Although the recording rules in the EU don’t vary significantly, we can state that they are among the strictest in the world. You must abide by the guidelines stated in the General Data Protection Regulation of the European Union if your company conducts business in an EU member state or has clients there (GDPR).
According to GDPR, you must provide a compelling reason for why the call or meeting needs to be recorded and secure everyone’s clear agreement before beginning to tape any conversations. Laws in two-party consent states in the US are quite similar to how this one operates.
Following are some permitted GDPR justifications for meeting recording:
- The recording is necessary for the party in question to fulfill a contract.
- To comply with legal requirements, the recording is made.
- To safeguard the interests of one or more parties, the recording is required.
- The recording was made with the consent of the public or under official permission.
- As long as the interests of the other callers or participants in the conversation do not prevail, the recording is in the recorder’s legitimate interest.
Requirements for data security, storage, and retention:
According to the legislation, all recordings may only be kept for as long as it takes to complete the tasks for which they were gathered or processed. However, the data can be kept for longer if it is needed for research, scientific, or statistical purposes.
As long as you keep the recordings, you must:
- Pseudonymize and encrypt all personally identifying information to make sure it cannot be connected to a specific person.
- Have a procedure in place for testing, evaluating, and assessing the efficacy of security measures on a regular basis.
- To prevent unwanted access, ensure the processing systems’ confidentiality, integrity, availability, and resilience.
- Assure prompt availability and access to personal data in the event of a technical or physical malfunction.
Access to recordings is allowed
Participants in conversations and meetings have the right to listen to the tape / read the transcription and ask for further details regarding:
- The objective of gathering and processing information
- Personal information about them who will be permitted access to the recording
- The use of automated decision-making, including profiling, as well as accurate information regarding the logic behind such decisions, their importance, and any potential effects on the data subject.
- How long would the data be kept?
Right to erasure requests
The GDPR also enables data subjects to ask for the deletion of their personal information, and it must be done right away. The following scenarios give the data subjects the option to seek data deletion:
- They are not the ones that provide the data.
- They revoke their authorization for the processing.
- Illegal processing has been done to the recording.
- Children’s personal information is involved.
- The information is no longer required for the functions for which it was gathered or processed.
What are the Laws in Canada
The recording regulations in Canada are simple. They are required to obtain “two-party/all-party approval.” Consequently, you must do the following while recording a conversation involving a Canadian meeting participant:
- Before recording, get permission (actively or passively)
- In advance, explain the recording’s purpose.
- Ask each meeting attendee for their permission.
How does isLucid is using your data
Azure services, including Microsoft Teams, by default, run in separate containers for each tenant. It means that everything that happens in your MS Teams call is either sent to our bot (for transcription, data processing purposes) or, for most of the activities, is left for your company (tenant) account.
For our Software as a Service (SaaS) customers, within isLucid software, we separate all confidential data for each client, including different streams/channels, tasks, and summaries identified. This information is stored in dedicated containers for each user. It is made by design that there wouldn’t be any space left for accidental unauthorized access of other customer information.
After isLucid bot registration, the audio stream is sent to transcription service. Transcription service is enabled only when user enables the service within the call (clicks Start transcription). After data processing, we are not storing any information associated with our clients and/or identified as private. Data processing consists only of doing the transcription, assigning transcription to a specific user, sending it back to isLucid Teams application for demonstration and storing (transcript) within the dedicated for client container.
There is no mechanism behind the scenes to store audio, data is transferred encrypted and in small chunks. A possible Man in the Middle attack vector is prevented by Azure service and within Azure configured services access policy, allowing to interact only with trusted sources.
Customers owning a deployed solution have all the services on their tenant account. Only information requests for external resources – licensing management information requests to isLucid subscription service.
We hope this blog post has provided you with a clear understanding of the global legal implications of recording meetings and calls. Of course, we do not are legal experts so if you have any points where you are not sure about your rights, we recommend asking experts to be sure you’re on your rights. isLucid tries to make it simple for you to ensure compliance with the call recording rules. If you need any other information about isLucid policy you can check this page : https://islucid.com/security/