Skip to main content
Search

Data security of voice recorders and cameras

Tampere University and TAMK

Do not lose your device 

As a rule, personal data is stored in voice recorders and cameras, meaning that such devices must be handled with the care required for processing personal data. Almost without exception, data contained in voice recorders, cameras and similar audio-visual recording devices are not protected in any way. Thus, the only security measure available is to ensure that only appropriate parties have physical control of the device. Storing the device under lock and key and taking special care when using it in a public place are a good starting point. You can begin by picturing some €1 million paid in compensation for the lost device and the personal data it contains. 

Be careful when transferring recordings

The recordings are typically stored and further processed elsewhere than in the voice recorder or camera used for collecting the data. When transferring recordings containing personal data, you must ensure that the receiving device or service is suitable for the purpose. In the case of voice recorders and cameras, special attention must be paid to the transfer mechanism and its settings. In some cases, it is possible to store data also on the manufacturer’s cloud service or even a social media service. This applies especially to the feature some devices have of connecting it to a cloud service owned by the manufacturer or a third party. A similar functionality may also be part of the software provided by the device manufacturer to transfer the recordings from your device to your computer. 

Pay attention to wireless connections

Many modern recorders, such as various cameras, are equipped with a wireless connection (eg Bluetooth or WI-FI). Beware of the security risks involved in wireless connections. It is especially important to change the default password used to connect to the wireless service. If you do not need wireless connections, it is a good idea to turn them off completely from the settings of your device, which will also save some energy.

Check your device settings

Using your smartphone as a recorder requires checking your device settings and taking special care .

A modern smartphone works as a versatile and often handy recorder. However, using a regular personal telephone for the purpose of recording research interviews or other similar collection of personal data entails potential data protection risks. For example, a phone’s default settings may be that it automatically stores data also in a cloud service managed by the manufacturer, which almost invariably is located outside the EEA.  In practice, a phone that is used for both personal and research use simultaneously also carries the risk that confidential material is shared accidentally. For slightly wider use than a one-off situation, it is advisable to buy a separate recording device for research purposes, which means that it is not necessary to do the trade-offs in the settings of the device required for private use. 

Empty jointly used devices

Jointly used devices must be emptied when the user changes.

In general, voice recorders often have only internal memory, but cameras (including  GoPro) also most often have a removable memory card. In some cases, video recorders can also use an external hard disk or removable mass storage, but in this context, a memory card refers to all removable memory solutions.

Some devices that have a memory card also have an internal memory. When using a shared device, take care to ensure that confidential information does not end up in the wrong hands when the device is passed on to the next user. In the case of a removable memory card, a good starting point is that each user uses their own memory card.  However, this is not always possible and, when using an internal memory, it must always be ensured that the memory is properly emptied when the user changes.

It is important to note that typically deleting the stored material technically means, simply put, only marking the storage space consumed by the deleted material as reusable. As a result, the material marked for deletion is often still legible with relatively modest IT skills. 

The possibility of recovering data marked for deletion can be substantially reduced by storing harmless material to obscure the confidential recordings. How effectively overwriting makes it difficult to dig up previous data from the device depends on the technical features of the device. In general, significant protection is already achieved by first marking all data for deletion and then overwriting it full of harmless material. When this is the case, only small parts of the old material remain recoverable. By increasing the number of overwrites and appropriately varying the harmless material to be stored, the probability of overwriting each sensitive item increases. In principle, old data can still be read from even an overwritten memory to some extent, but this requires significantly better resources and more complicated hardware. Also, this quickly becomes more difficult as the number of overwrites increases. 

Disposal of devices

When disposing of recorders, be aware that the devices are likely to contain personal information and choose the appropriate method of disposal, for example, the same as with non-erasable computer hard drives, memory cards etc.

Disposal of confidental material


IT Helpdesk
0294 520 500
it-helpdesk [at] tuni.fi (it-helpdesk[at]tuni[dot]fi)
helpdesk.tuni.fi

Published: 9.2.2021
Updated: 19.10.2022