Ensuring Recording Compliance for MS Teams, Skype & Zoom
Video conferencing capabilities have changed the way business is conducted. Even pre-pandemic, conference call programs such as MS Teams, Skype and Zoom were revolutionizing the way that remote teams collaborated. In today’s world of hybrid and fully remote work, they have become an indispensable tool for connecting colleagues and clients wherever they may be.
As with all new technology, lawmakers and regulatory agencies have struggled to catch up to these new developments. However, there are now a host of regulations that certain industries must follow when making video calls. Like emails, compliance recording includes retention requirements as well as security protocols that must be followed.
In this blog post, we’ll discuss the three most popular video recording programs, their native capabilities and how that relates to compliance, as well as call recording regulatory compliance for different industries before wrapping up with a discussion of what to look for in third-party solutions.
Recording a Call
Call recording compliance requires certain companies to record and securely store their video calls in accordance with relevant statutes and regulations. MS Teams, Skype and Zoom all have native recording features that satisfy some of those requirements. However, for many companies, first-party offerings fail to meet the threshold required by the government.
MS Teams
- Native capabilities: Audio, video and screen recordings can be enabled by MS Teams users as an option. Each individual recording can only be four hours long, and recordings default to twenty days of storage. Additionally, there is a one-terabyte cap on most storage plans.
- Video Storage: MS Teams video calls are stored in OneDrive or SharePoint. Both are cloud-based storage solutions run by Microsoft.
- Regulatory compliance considerations: While technically HIPAA compliant and containing provisions for eDiscovery, the search function can be laborious and MS Teams compliance recording might not be enough for highly regulated industries.
Skype
- Native capabilities: Up to 24 hours can be recorded in a single call and call recording must be enabled by the user. The recording can be found in the host’s chat for thirty days.
- Video Storage: Skype video calls can be stored locally, but there is currently no option for long-term cloud storage, and recordings cannot be saved to mapped networks or drives.
- Regulatory compliance considerations: The short-term nature of Skype video storage makes it less than ideal from a regulatory perspective. Most users would do well to engage a third-party recording and storage software since Skype for business compliance call recording’s native features are rarely enough.
Zoom
- Native capabilities: Offered à la carte, storage is assigned to each individual user and caps out at 5 GB per licensed user. There is unlimited local storage.
- Video Storage: Zoom video calls can be stored in the cloud or on a local device, depending on user preference. The cloud storage option is only available to users with enterprise accounts.
- Regulatory compliance considerations: Off-the-shelf Zoom compliance recording is a less-than-ideal regulatory solution due to a lack of a truly unlimited secure cloud storage plan.
Call Recording Compliance Considerations
When recording a call, the first order of business is getting consent from all the parties involved. While laws vary from state to state and nation to nation, most require two-party consent, and you would do well to ensure compliance in this area.
Beyond consent, there are industries that are required to securely store video recordings related to certain types of information and transactions for set periods of time. Let’s explore two of these industries in a bit more depth.
Financial Services
Financial services organizations (FSOs) are heavily regulated at all levels of government. From state and federal through international, there are a host of relevant regulations that FSOs must follow in order to stay compliant and continue doing business. Here are two of the biggest current regulations and how they apply to video call recording compliance:
- MiFID II: A European Union law designed to standardize financial regulations across the entire EU, it requires all communications that lead to transactions (including video calls) to be recorded and stored for up to seven years.
- Dodd-Frank: All communications leading to the execution of futures or other commodity interests (including video calls) are required to be recorded and stored for up to five years. These recordings must be efficiently organized for easy search and recovery.
Government Contractors
When doing business with the government, there are additional regulations that apply. From bidding through contract completion, there are steps that must be followed in order to stay compliant. Most government contractors are required to keep certain types of records for up to 3 years after final payment is received, including relevant video calls.
Choosing the Right Recording Solution
While there are native recording features present in the most popular video conferencing applications, compliance recording for most industries, particularly those that are more heavily regulated, requires a third-party solution. Let’s look at a few things to consider when deciding which third-party solution is right for you.
Volume of Calls
How many video calls does your organization conduct per day? How about per week or month? How long are your longest calls? A regular high volume of calls could surpass the native storage capacity of your video storage application. Make sure you find a solution that allows the ability to store all of your video conference recordings for as long as regulations require.
Relevant Regulations
It’s not just government contractors and the financial sector that need to comply with relevant regulations. Education, healthcare and a variety of other sectors have their own to contend with. It’s important to know the specifics of your industry’s regulations and choose a third-party solution that ensures you’re compliant.
What Interactions Must Be Recorded?
Depending on relevant regulations, there are different types of calls that must be recorded. For some industries, it encompasses nearly all communications, and in others, only a small portion. HIPAA, for example, requires all interactions concerning confidential healthcare information to be recorded and securely stored in a specific manner. Pay attention to which classes of communication require storage in your industry and ensure all users are pre-emptively recording their conference calls.
Where Should Information Be Stored?
Many relevant regulations also stipulate the manner in which information must be stored. This is usually done to ensure data security. We typically recommend finding a cloud storage partner that meets the requirements of any applicable regulations in order to lighten your load while ensuring compliance.
With the variety of regulations out there for every industry, it’s important to stay up-to-date on the latest changes in requirements. While Skype, Zoom and MS Teams all have native recording capabilities, they fall short of compliance in most regulated industries. Finding a third-party provider to record and securely store your video calls is the best way to stay compliant.
For more information, check out our Recording Compliance Guide to get top tips for staying compliant, and if you’d like to speak with one of our knowledgeable staff, please feel free to contact us here.
