Responding to my Dec. 28, 2007 blog "VOIP Calls Need Strong Privacy Protection," reader JP said I was wrong. First, JP said, if an employee wants to make a personal call from the office that person should use his or her cell phone. Second, JP noted that business phones are for business use and no conversation should be deemed private.
Every company I've ever worked for recognized the need for employees to occasionally make short personal telephone calls. And everyone makes business calls that they expect to be private. So, I stand by my assertion that laws and technical practice should place the content of VOIP calls off-limits.
Of the times that I've used my office phone to make personal calls, preserving the content of the call would create far greater liability than could be offset by monitoring my productivity. For example, a call to my doctor for test results or further consultation involves all sorts of medical information that I assume is covered by HIPAA. At the very least, if my employer disclosed my medical condition as part of a discipline process, for example, it seems (I'm not a lawyer) that there would be an opening for any number of legal challenges.
Rereading my original post, I'm starting to think of all sorts of business calls that are made for business reasons and that are still assumed and expected to be private. All the things that data-leak prevention tools seek to control apply to this area of telephone communication: mergers and acquisition plans, legal consultation, discussions of personnel matters, contract clarifications, and most negotiations. In fact, it seems to me that recording VOIP calls without advising all parties on the call is a de facto violation of laws of several states that require both or all parties consent to a phone call being recorded.
To reiterate, I maintain that VOIP calls need strong privacy protection.