In today’s workplace, it takes almost no effort to secretly record a meeting. While some of us know how easy it is to record a meeting—recording software on our laptop, but even a phone in a shirt pocket, or a smart watch on the wrist—some team members may errantly believe that if the red dot isn’t flashing, nobody’s recording. Awareness training should establish that ANYBODY could be recording, that meeting attendees don’t need Zoom or Teams to capture audio.

The way I like to put it: “If you say something in a digital meeting, it could be played back to you later.”

But should we, by policy, ban “undisclosed meeting recording?”

In Indiana, and most states, it’s legal to record a meeting as long as one of the attendees know the meeting is being recorded. In other words, long before the pandemic, a person could record a board meeting by bringing a microcassette deck into the meeting, hidden in a briefcase, and that would be legal.

That’s exactly why banks should consider a clear internal policy: no recording meetings without notifying ALL participants.

(Or at least some participants. I can see a law firm cringing over not having the ability to record recruitment interviews or even exit interviews, for that matter. I don’t know. I’d sure run this by your lawyer.)

But the risk is there. Legal risk. Recordings could be used out of context, or with outdated information, in litigation. But also operational and reputational risk, and of course, confidentiality risk.

If you want to enlighten management, I came across an article about Carmen Segarra, a Federal Reserve examiner, who secretly recorded 46 hours of conversations between her colleagues and Goldman Sachs. Her tapes, later released by ProPublica, triggered public outcry and embarrassment for both the New York Fed and the bank.

Closer to my home, Indiana’s Whitt v. Town of New Carlisle case shows how even unproven suspicions of secret recordings can escalate into costly litigation and eroded trust.

Since banks already restrict access to customer data, limit who can download reports, and track document sharing, maybe we should have a policy on who can record sensitive discussions—about strategy, risk, or internal investigations. While we’re at it, maybe we should be more careful about what happens to recordings when we DO turn them on, and their transcriptions.

A simple policy requiring advance notice for any meeting recording—verbal or written—would protect the institution, preserve confidentiality, and deter misuse. Exceptions can be made for whistleblowers, but even those should involve compliance or legal oversight.

I asked an LLM for a starting point and got the following:

Recording of Meetings Policy

To protect confidentiality and preserve trust, employees may not record any in-person, phone, or virtual meetings—whether audio, video, or screen capture—without first notifying all participants and obtaining their consent. Authorized recordings must be for business purposes and disclosed at the outset. Unauthorized or covert recordings, regardless of intent, may result in disciplinary action, up to and including termination. Exceptions for protected whistleblower activity must be coordinated with the Legal or Compliance Department.

 The above language makes a good example of how one must always confirm LLM results. Obviously, this will need to be vetted by the bank’s legal counsel . . . the red flag there is the word, “whistleblower” . . . because this definitely goes outside the realm of cybersecurity. In other words, your lawyer might have bigger issues to consider.

And yes, if you’re thinking this is the classic “let’s punish the good people” because it will never stop the bad people . . . you’re right!

Still, we should at least consider it in our next risk assessment. But I wouldn’t wait too long. In fact, I would feel better if there was awareness training that did not wait for our annual meeting or our annual risk assessment. In other words, let’s start our digital meetings alerting others of this risk, for the next couple of weeks. Because I’ll end this article pointing out that there is still one risk not yet raised, and rarely discussed: our mutual trust.