Don’t Get Zoom-Bombed: How Municipalities Can Keep Virtual Meetings Secure

The recent “Zoom-bombing” of a council meeting in Saskatchewan serves as a reminder to municipalities everywhere of the importance of using secure platforms for virtual meetings.

Earlier this month, a rural municipality was broadcasting a council meeting on Zoom. The meeting was in chambers when the virtual gallery began filling with guests – including a naked man whose sudden appearance brought the meeting to an abrupt end, according to a news report.

This council meeting was open to the public, but had it been a private meeting to discuss confidential or personal information, that information that would have been compromised by the intrusion of unwanted visitors. In this blog, we’ll offer tips for keeping virtual meetings secure.

Some Virtual Meetings Require Privacy

Municipalities in Saskatchewan are subject to The Local Authority Freedom of Information and Protection of Privacy Act as well as municipal legislation that requires them to have appropriate safeguards in place to protect the privacy of personal information discussed during council meetings.

While council meetings are generally open to the public, s.120 of The Municipalities Act allows for meetings or portions thereof to be held privately through “in camera” sessions. These sessions often involve sensitive matters that may include personal or confidential information – information that could be at risk if virtual meetings aren’t held over a secure network.

Best Practices for Secure Meetings

Not long after the pandemic started, the Officer of the Privacy Commissioner of Canada highlighted several key considerations for protecting privacy during virtual meetings. These include:

  • Conducting appropriate due diligence on video conferencing software, including reviewing privacy policies and terms of use
  • When holding public meetings, disabling certain features such as the ability to join a meeting before the host, as well as screen sharing and file transfers
  • Making sure private meetings are accessible only to people who received invitations
  • Using appropriate password protection for videoconferencing accounts and meetings
  • Regularly updating videoconferencing apps to ensure they have the latest security upgrades

The U.K.’s National Cyber Security Centre has also published a number of recommendations for keeping meetings secure, including looking into a videoconferencing platform’s security controls, finding out where it stores data, and determining whether it provides end-to-end encryption of meetings.

Virtual Meetings Pose Risks for Municipalities Everywhere

While the Zoom-bombing event discussed in this blog struck a municipality in Saskatchewan, municipalities across Canada are required to safeguard personal information – information that could easily be compromised in a virtual setting.

Holding virtual meetings without appropriate safeguards is a risky proposition. An interruption from a nude visitor is one thing – having personal information compromised is quite another. MLT Aikins has extensive experience advising municipalities on their privacy law obligations and other legal requirements. Contact our Municipal or Privacy, Data Protection & Cybersecurity group to learn more.

Note: This article is of a general nature only and is not exhaustive of all possible legal rights or remedies. In addition, laws may change over time and should be interpreted only in the context of particular circumstances such that these materials are not intended to be relied upon or taken as legal advice or opinion. Readers should consult a legal professional for specific advice in any particular situation.