Privacy Considerations When Using Zoom

Guidance on Protecting Privacy and Data when using Zoom to conduct remote meetings while COVID-19 Modifications are in effect.  This guidance applies to administrative meetings; guidelines for use of Zoom for instruction can be viewed here.

A. Purpose and Principles

Zoom is one of the primary approved software tools for conducting remote/virtual meetings. This document provides basic guidance on how to protect your privacy and the privacy of others when using Zoom

Click on the hyperlinks throughout this document for quick access to important use instructions.

Note: For more general information on best practices for working remotely, please consult the Information Security Office’s Best Practices for Telecommuting Page.  For privacy guidance related to working remotely consult the Campus Privacy Office Homepage.

UC Berkeley’s Privacy Values:  Privacy is a basis for an ethical and respectful workplace; and privacy, together with information security, underpins the University’s ability to be a good steward of the information entrusted to it by its students and employees.  The University protects the privacy of faculty, students and staff while working or participating in educational programs and other university business. Use of remote delivery software and technologies heightens the criticality of privacy and the need to use the least invasive means of engaging in these alternative methods of conducting our activities. Existing law and policy that address privacy remain in effect when we work remotely.

Remember that UC Berkeley Security Policies and Standards do apply to any computer you use for your Zoom session. For more specific information regarding UC Berkeley’s Security Policies and Standards, consult the Information Security Office’s Policy Home Page.

All University staff, faculty and students should follow these principles when using Zoom to conduct remote meetings:

B. Technical Tips and Privacy Protections for Video Conferencing

  1. Visibility of Remote Work Locations:  Participants should use Zoom’s virtual background feature, when available, if they do not want to have their surroundings visible.  Managers should avoid requiring staff to use Zoom meeting settings that leave staff living areas visible.  
    1. To set up a Virtual Background in Zoom click the up arrow by the Zoom video icon and click on “Choose Virtual Background”.
    2. Select only appropriate virtual backgrounds.
    3. Be mindful of others in your remote location who may not wish to be visible or recorded in the background.
    4. Also consider if all participants need to be visible as limiting the meeting to a single video stream can ease bandwidth concerns for participants.
    5. Ensure sensitive conversations cannot be overheard or work observed by unauthorized persons.

  1. Screen Sharing Privacy
    1. Protecting Confidential Data on Your Device from Being Viewed: Avoid sharing confidential information visible on your other screens.  Before screen sharing, close all applications, emails and documents that you will not use in that session.
    2. Managing Whose Screen is Visible:   Zoom default settings for the campus are set to limit screen sharing to the host. The host can also allow screen sharing by participants.  Options are available by clicking on the up arrow by the Share Screen icon. The host can select the “host only” setting to prevent others from sharing their screens. If the host determines that screen sharing by participants is needed, sharing by “one participant at a time” should be selected.  The host should remind participants not to share other sensitive information during the meeting inadvertently.

  1. Managing Participants Some basic tips for limited preventing unwanted attendees or Zoom Bombing are listed below:
    1. Don’t post meeting IDs in public forums.
    2. Don’t reuse meeting access codes. You can generate a new access code for each meeting.
    3. Monitor participant list for unwanted attendees
    4. Using Zoom settings for meeting participants, the meeting host can:
      1. Limit attendance to participants who are signed in to the meeting using the email listed in the meeting invited
      2. Set up a Waiting Room Function
      3. Password protect meeting access
      4. Lock meetings once they start
      5. Mute participants who are not presenting
      6. Remove unwanted participants
      7. Disable private chat

Note: For more detailed instructions for how to prevent unauthorized access to your meeting in Zoom, consult the Information Security Office’s Settings for Preventing Zoom Bombing Page.

For further privacy features and options for Zoom see: https://blog.zoom.us/wordpress/2020/03/20/keep-the-party-crashers-from-crashing-your-zoom-event/

C. Recording of Zoom Meetings and Chats

Video or audio recording of a meeting is permitted but only with advance notice and opportunity to opt out of video/audio participation. This requires that you download and install the native Zoom app for your computer.

  1. Permission and Notice:  Only the host (or meeting chair) is permitted to record meetings.   If the host decides to record a meeting, participants should be notified that the meeting will be recorded prior to the start of the meeting and given the opportunity to opt out of the recorded session.   This notification shall be provided to any new participants who join the meeting, at the point when they join the meeting.  

Sample Notification:  This meeting is being conducted over Zoom.  As the host, I will be recording this session.  The recording feature for others is disabled so that no one else will be able to record this session through Zoom. No recording by other means is permitted.

  1. Automatic Notification:  When a meeting is being recorded, Zoom will automatically inform all participants that the session is being recorded. It is also possible to configure Zoom’s settings to notify new participants when they join the meeting. Be aware not all participants may be running the latest version of Zoom that implements these features.
  2. Recordings and transcripts of recordings should be retained in accordance with applicable retention schedules, no longer than necessary, and should only be retained on approved University devices, platforms or networks.

Video or audio recording (including taping, recording, photographing, screen capture and other methods of capture) by participants for purposes other than instruction is prohibited absent a strong rationale and only if the host provides advance notice and opportunity to opt out of video/audio participation.

  1. Chat Function: During video conferencing, there is a chat function that permits participants to ask questions and engage in dialogue with the class or meeting proceeding. Recording, including photographing, screen capture, or other copying methods, of chat exchanges is also prohibited, except by the instructor or host or meeting chair.
  2. Attention Tracking:  Managers should inform Zoom meeting attendees in advance if they are going to use the attention tracking function.

Please note that chat discussions should maintain a professional tone.  Private chat messages can be made visible to the host when recorded transcripts of Zoom meetings are created.

D. Disability Accommodations 

For guidance regarding accessibility and Zoom, see the Center for Teaching and Learning’s Zoom Accessibility Considerations page. If you have specific questions regarding employee disability accommodations in connection with use of Zoom, please consult UC Berkeley Disability Access and Compliance.

E. Privacy Data Protections with Zoom

Zoom’s Updated Privacy Policy states:

We do not sell your personal data. Whether you are a business or a school or an individual user, we do not sell your data.  

  • Your meetings are yours. We do not monitor them or even store them after your meeting is done unless we are requested to record and store them by the meeting host. We alert participants via both audio and video when they join meetings if the host is recording a meeting, and participants have the option to leave the meeting.  

  • When the meeting is recorded, it is, at the host’s choice, stored either locally on the host’s machine or in our Zoom cloud. We have robust and validated access controls to prevent unauthorized access to meeting recordings saved to the Zoom cloud.

  • Zoom collects only the user data that is required to provide you Zoom services. This includes technical and operational support and service improvement. For example, we collect information such as a user’s IP address and OS and device details to deliver the best possible Zoom experience to you regardless of how and from where you join.   

  • We do not use data we obtain from your use of our services, including your meetings, for any advertising. We do use data we obtain from you when you visit our marketing websites, such as zoom.us and zoom.com. You have control over your own cookie settings when visiting our marketing websites.

  • We are particularly focused on protecting the privacy of K-12 users. Both Zoom’s Privacy Policy (attached) and Zoom’s K-12 Schools & Districts Privacy Policy are designed to reflect our compliance with the requirements of the Children’s Online Privacy Protection Act (COPPA), the Federal Education Rights and Privacy Act (FERPA), the California Consumer Privacy Act (CCPA), and other applicable laws.

Despite these protections, users should use common sense and avoid sharing more information when necessary when using Zoom, especially when discussing confidential matters.

Additionally, as a user of Zoom, if you give Zoom access to any files or programs you need to manage cookies through your browser settings in the way you do with other applications.

Remember that UC Berkeley Security Policies and Standards do apply to any computer you use for your Zoom session. For more specific information regarding UC Berkeley’s Security Policies and Standards, consult the Information Security Office’s Policy Home Page.