Legal Issues in Communication
When planning a VoIP system for an organization, naturally you need to be aware of technological issues, but there are certain legal issues with regard to communication that you should be aware of too. Using VoIP has legal ramifications that business owners must take into account so that they are not in breach of any laws.
The fundamental issue here is the protection of the integrity and/or privacy of certain types of information, which must be very strictly safeguarded. Remember that VoIP is still an IP network, and so as a result, it is vulnerable to the same kinds of threats from hackers than any other IP network is.
When it comes to legal issues in communication as they relate to VoIP, the most common issues occur around the long-term storage of data and the issue of privileged communications, particularly as it relates to sensitive personal, legal and medical data.
The Health Insurance Portability and Accountability Act (HIPAA)
Medical data is very valuable. Hackers will go to extraordinary lengths to get hold of it. One cannot be too careful considering the devastating repercussions that can follow for an individual whose medical data has been stolen. The United States government has long been aware of the risks associated with compromised healthcare data and communications. As a result, the US Government developed the HIPAA regulations. These set an extremely high standard for protecting sensitive patient data.
VoIP communications service providers must be configured so they are HIPAA-compliant, and they should provide tailored business associate agreements (BAAs) to document their compliance.
Find out more about how 8x8 is dealing with HIPAA Compliance and what you need to do to protect your business in their white paper.
Storage of Sensitive Communications
One of the most valuable features of VoIP is the ability to store voice recordings and data in the cloud indefinitely. But the cloud-based service providers and the organization using the system do have a responsibility to safeguard those saved recordings of intimate conversations, as well as emails containing personal information, contact details and instant messages that could be exploited if they fell into the wrong hands.
When a cloud solution is installed, these issues need to be examined and carefully considered. Businesses are required to know how to store data, where it is kept and how secure it is, particularly when it comes to financial or sensitive personal information.
It's vital that cloud communication service providers can assure their clients that the services they provide are secure and that they will not be embarrassed by any leaks, mishaps or breaches of trust.
For example, when an attorney speaks to an individual or company involved in a lawsuit using a VoIP service, there needs to be a level of trust that allows both parties to speak freely and openly, without fear of recrimination. The same goes for doctors and their patients, as well as social workers and clients. Those relationships conversations need to be treated as sacred. That privilege doesn't just refer to direct speech but must also apply to any emails or text messages that the two parties wish to share over a VoIP network.
Legal VoIP Best Practices
The technology blog TechRepublic put together a useful list of VoIP best practices to make sure you stay on the right side of the law. This list appears verbatim below.
- Logical separation of the voice and data networks
- Strong authentication—complex passwords, password expiration policies, and good identity management
- Dedicated VoIP servers on hardened operating systems with all unnecessary services disabled
- Encryption of communications and control packets via IPSec, Transport Layer Security (TLS), WPA, and other encryption methods
- VoIP-aware firewalls
- Avoidance of soft phones where possible
- Security of calls stored on voice messaging systems
These are the kinds of issues that most businesses do not want to deal with. It is advisable to consult a lawyer who knows your business and who can provide assurance that the work you are doing is compliant. We also recommend you work with a cloud-based communications provider who has experience with VoIP and will provide a solution that operates well within the confines of the law.
When it comes to ensuring legal communication, 8x8 provides reliable and compliant cloud solutions at a demanding level rarely seen by other cloud providers. Don't take your chances with a subpar cloud-based telecom system. Call 1-866-879-8647 or fill out an online form to request a no-obligation quote from an 8x8 product specialist.