Overview
This article is related to the privacy and security policies of Zoom.
Details
Last updated March 15, 2022
PRIVACY AND SECURITY WITH ZOOM
SFU is prioritizing the security and privacy of all faculty, staff and students while configuring Zoom's system-wide settings, which will be more restrictive to start. As conversations progress and SFU continues adjusting to adopt recommended practices to balance risk mitigation with meeting community needs, changes may occur to the availability of features and functions. Updates will be published on this page as new details are confirmed.
GENERAL CONSIDERATIONS
- With the recent transition to work-from-home environments for many SFU faculty, staff, and students, please be mindful of the type of content being shared, which is now more likely to include personal environments. Participants have the option of either turning off their camera or using a virtual background to hide their personal environment.
- Anyone recording sessions in SFU Zoom is required to meet our privacy obligations under the Freedom of Information and Protection of Privacy Act (FIPPA). We advise against recording sessions using third-party applications or non-SFU Zoom accounts without attendees’ knowledge and/or consent.
- All recorded content may be subject to a formal access to information request made under FIPPA.
- For added security, you can configure your meetings to allow only users with Zoom accounts to join your meetings. Check out the instructions.
PROVIDING CONSENT TO TERMS OF USE
Your participation in a Zoom meeting will result in the disclosure of personal information to Zoom Video Communications. You may consent to this disclosure in one of two ways:
- If you are an SFU student, staff or faculty member, by signing into your SFU Zoom account, you have provided consent as part of the sign-in process.
- If you are a meeting/webinar participant without an SFU Zoom account, you can consent by filling out this form: https://www.surveymonkey.ca/r/zoomprivacy
RECORDING MEETINGS IN ZOOM
PRIVACY CONSIDERATIONS FOR RECORDING
Notable requirements for compliance with FIPPA include:
- Securing stored recordings. Avoid storing records on non-SFU systems (e.g., Google Drive or Dropbox). Consider filing recordings with other related departmental records; do not leave recordings on personal devices.
- On January 12th, 2021, SFU Zoom offers optional cloud recording for hosts of all Zoom meetings. All Cloud recordings are stored in SFU Zoom’s new online Canadian data centre. Passcode protection is enforced for all shared cloud recordings. Cloud recordings stored in the Zoom cloud will be deleted 365 days after the meeting date or can be deleted by the host. Local and cloud recording allows the host to record their Zoom meeting's video, audio, transcribed text, and chat transcripts.
- A properly formatted collection notice that clearly defines the business purpose for the collection of personal information, the legal authority for the collection, and the contact information of an SFU officer or employee who can answer questions regarding collection. Zoom does not have any built-in capability of delivering such a collection notice.
- Controlled access. Access to recordings can only be granted to university employees when it is necessary for the performance of their work duties. Sharing of the recordings in the absence of a legitimate business need is not authorized.
- Consistent use. Participants’ personal information can only be used for the purpose for which it was obtained and compiled or for a use consistent with that purpose. Secondary uses of the recordings are not authorized.
- Minimum retention. Recordings containing personal information must be retained for a minimum of one year if they are used to make decisions that directly affect participants. Examples include academic advising sessions, job interviews and exam invigilations.
- Authorized disposal. The University will dispose of recordings only with an approved Records Retention Schedule and Disposal Authority. Departments may or may not have applicable RRSDAs already in place. Visit the Directory of University Records for more information at https://www.sfu.ca/archives2/dur/dur.html.
- A business rationale for the need to record content. Staff meetings, academic advising sessions, job interviews, etc. have not been typically recorded at the University in the past. We strongly advise against recording Zoom sessions for the purposes of administrate convenience or as a means of compiling meeting minutes and notes.
COLLECTION
Depending on how you run your lectures and the steps students take to anonymize their identities, it is possible that a student's personal information (e.g., name, image, voice, personal views and opinions, course work) may be captured in a recording. Use a collection notice so that your students are aware of the purpose for the collection of their personal information, the legal authority for the collection, and to whom they can direct questions about the collection. The following is a recommended template: ...More →
FREQUENTLY ASKED QUESTIONS
1. CAN I RECORD A LECTURE THAT I AM DELIVERING?
See Privacy and Copyright Guidelines for Instructors for Recording Zoom Lectures for measures to take when recording lectures.
2. CAN I RECORD A STAFF MEETING?
Staff should not record meetings, especially if individual third parties will be discussed (e.g. job candidates, students, members of the public, etc.). If you must record a meeting then you should refrain from disclosing personal details about yourself or third parties. If you need to discuss specific third parties, anonymize the individuals by using pseudonyms (e.g. Applicant 1, Applicant 2, Applicant 3).
3. CAN I RECORD A MEETING WITH A STUDENT OR OTHER PRIVATE INDIVIDUAL?
When meeting virtually with students or other private individuals using Zoom, you need to inform the individual about how they can anonymize their identity. In addition, we strongly recommend that counsellors, doctors, advisors, and others who are discussing sensitive personal information (e.g., medical history, academic history, disability accommodations, financial history) do not use Zoom's recording feature. Meeting hosts are responsible for notifying participants if they are recording a meeting. Meeting participants will generally hear a notice or see an on-screen notification when recording is in progress
4. HOW DO I ANONYMIZE MY IDENTITY WHEN ATTENDING A ZOOM SESSION?
If you have been invited to a Zoom meeting as an attendee, you can join the Zoom meeting via the web application without signing into a Zoom account. The Zoom web application allows you to use a pseudonym (e.g. first name only or a nickname).
If you prefer to use your SFU Zoom account to participate in sessions, you can change your display name before joining the session. Please note that you will have to make this change every time you sign into SFU Zoom, as your display name will revert to your first and last name with every login.
You can anonymize yourself further by not using the audio and video conferencing features, and by not revealing any personal information about yourself or third parties during online discussions.
5. CAN I CHANGE MY DISPLAY NAME?
You can change your display name before joining the session or change a preferred name in your profile.