I am planing to use Jitisi for academic research purposes to conduct online interviews. I have a few questions regarding the privacy and security measures.
a. What type of data will be collected, used, stored, and processed by the vendor and how sensitive is it the data?
b. Who will have access to the data, and how can we confirm this?
c. Does the vendor claim the right to use the information for its own, secondary purposes?
d. Where does the vendor operate and/or store the data and what laws govern data in that jurisdiction? Are those laws comparable to Canadian privacy laws?
e. Is access to personal information limited and restricted to authorized individuals?
f. What controls does the vendor have in place for intrusion detection, perimeter security, physical security, application of security patches, and data-leak prevention, among other safety measures?
g. What policies and procedures are in place to detect, prevent, and mitigate identity theft?
h. How are incidents and breaches reported?
i. Will we receive notification if a breach to our data occurs?
j. Can the data be retrieved and/or permanently deleted from the vendor’s systems and servers?