Zoom Security FAQs


Overview


The following holds a few FAQs regarding how to keep your Zoom meeting safe. General FAQs regarding how to use and set up Zoom can be found on our article: Zoom bombing Instructors needing further assistance in setting up a safe learning environment via Zoom should review guidelines provided by the EdTech team.
 

General


Learn about Zoom Bombing and other potential security risks as well as tools and strategies available to protect your meeting and your participants.

 

Security FAQs


What Can I Recommend to Students to Protect Their Privacy?

If students have privacy concerns, permit students to seek approval for an alternative arrangement. Sample alternative arrangements include:

All alternative arrangements should be approved by the instructor in advance and should still allow the instructor to readily identify the student. For privacy, the student need not divulge the reason for the request (e.g., I’m a sexual harassment victim, etc.).

Can Instructors Be Liable for Privacy Violations on Zoom?

Instructors are not liable for Zoom flaws. As long as you are using Zoom as recommended by the campus, not posting your lectures on a publicly accessible website, and students are adequately advised of privacy-protective alternatives, we do not see any reasonable basis for instructor liability.

Are Zoom Meeting Sessions Encrypted?

On April 27, 2020, Zoom upgraded their encryption method (for the curious, it is being upgraded to AES-256 GCM) with increased protection of your meeting data in transit, resistance against tampering, and improved confidentiality assurances for Zoom sessions. Stronger audio/video stream encryption is included in Zoom 5.0. For details, see Zoom 5.0 website.

How Long May I Retain My Course's Recordings?

Recordings should be deleted once they are no longer needed for their educational purpose.

How do I Protect my Faculty Intellectual Property (IP) Rights with Zoom Lectures?

Students should be advised that lectures must not be shared with anyone outside the classroom.

As one precaution, instructors can disallow viewers from downloading video files to their own computers by turning off the “Viewers can download” option in the sharing settings for recordings stored on Zoom. With this option disabled, viewers can only view the video in a web browser and not download the actual video files. This makes it harder for viewers to intentionally or accidentally re-share videos.

Find more information on the sharing options for Zoom recordings.

What Information Does Zoom Collect and What Is Its Privacy Policy?

Zoom’s current Privacy Policy (revised March 17, 2024) commits to never selling customer information and to not using customer data stored on the Zoom app for advertising.

Although Zoom’s Privacy Policy describes how, the extent to which data is used, and collected, it has recently been criticized as needing to be more specific.   Zoom has acknowledged these criticisms and committed to changes and a more detailed policy in the coming months.

In that spirit, Zoom’s privacy officials recently met with UC privacy officers and verbally advised that Zoom does not share session content with any third parties, with the sole exception of recordings stored in a Zoom cloud.  Zoom cloud recordings are stored under contract with Amazon Web Services (AWS).  

Zoom’s Privacy Policy also states that Zoom “collects only the user data that is required to provide you Zoom services.”  In Zoom’s recent call with UC privacy officers, Zoom’s privacy official further advised that this data includes (but may not be limited to) location, device, IP address, operating system type, Zoom version, connection time.  
Zoom has posted a list of certain third parties, engaged by Zoom, who may have access to such data to assist Zoom in delivering the service.  Note that additional clarification in this area has been requested of Zoom.  The UC San Diego Privacy Office and Office of Information Assurance will continue to monitor Zoom’s privacy policy clarifications and update this FAQ accordingly.

Will a Participant’s “Private” Text Chats During a Zoom Call Ever Be Made Visible to the Host or Others?

On April 14, 2020, Zoom’s Privacy Officer advised UC privacy officers via telephone that private text chats are never made visible to anyone except to those whom they are addressed.  UC privacy officers have requested that this advice be provided in writing on a Zoom FAQ. This answer will be updated when we become aware of any new published guidance.

Please be aware that for all non-private text chats, any participant may save that chat as a file on their computer.  Additionally, private text chats may also be saved (as a file) by the intended recipient(s) of that text chat.

What Has Zoom Communicated to the Higher Education Community on Security and Privacy?

On April 20, 2020, Zoom gave a webinar to members of the higher education community detailing the company’s commitment to creating the best and safest Zoom meeting experiences for users and addressed security, privacy, data, and any other concerns gathered by the higher education community.

Zoom has also provided additional guidance to education community.

If you still have questions or need additional assistance, please submit a Zoom Request Form or call the ITS Service Desk at (858) 246-4357