Zoom Privacy Issues Business Users Need to Know
Since the onset of the pandemic, Zoom instant messaging and video conferencing platform has changed the way remote and distributed teams work — but its convenience doesn’t come without privacy concerns. Understand what privacy issues affect Zoom and how to protect your business and employees and shield their data in Zoom.
Table of Contents
- What is Zoom and Zoom Team Chat?
- What is Zoom Trust Center?
- Are Zoom calls private?
- What privacy issues affect Zoom?
- Is Zoom end-to-end encrypted?
- Where does Zoom store call recordings?
- Are Zoom transcriptions private?
- Can Zoom see private messages?
- How does Zoom protect users’ privacy?
- Is Zoom HIPAA compliant?
- Does Zoom support the GDPR?
- How does Aware support privacy controls in Zoom?
What is Zoom and Zoom Team Chat?
Zoom video conferencing app is a popular tool that supports video calls and screen sharing. Zoom also offers real-time messaging features using Zoom Team Chat. Users can hold private and group conversations or join channels arranged by topic.
Zoom is used by commercial and non-profit businesses, governments, healthcare providers, schools, and individuals. Zoom’s features include webinar hosting, meeting recording, scheduling, and visual breakout rooms, making it a versatile and efficient collaboration and communication tool for remote work.
What is Zoom Trust Center?
The Trust Center also provides resources for users to learn about best practices for keeping video meetings secure, protecting personal information, and preventing unauthorized access to Zoom accounts.
Learn more about how to protect your data and your people with Aware for Zoom.
Are Zoom calls private?
The privacy of Zoom calls depends in large part on the end user. Zoom provides various security features that can help ensure that calls are kept private and secure. For example, meetings can be protected with a password and a waiting room, where participants are held until the host admits them into the meeting. The host can also control who can share their screen or record the meeting and can lock the meeting once all participants have joined.
Users should also follow best practices to ensure the privacy and cybersecurity of their calls, such as creating a strong and unique password for each meeting and avoiding sharing meeting links or passwords publicly. By taking these measures and using Zoom's security features, users can help ensure that their Zoom calls remain private and secure.
What privacy issues affect Zoom?
Zoom has faced several well-publicized privacy issues and security flaws in the past, some of which include:
- Zoombombing: This refers to the unauthorized access of Zoom calls by trolls who disrupt meetings with inappropriate content. This issue was due to Zoom's default setting, which allowed anyone with a meeting link to join the call without authentication.
- Data sharing with Facebook: In March 2020, it was discovered that Facebook had collected Zoom user data through an iOS Software Development Kit (SDK) Zoom used to enable a “Login with Facebook” feature. Zoom removed the SDK upon learning of this data transmission.
- End-to-end encryption: Zoom initially claimed to offer end-to-end encryption for calls, but later investigation by the FTC discovered that it was not true for all users, and that the company had access to some participants’ unencrypted data.
- Security vulnerabilities: Zoom has faced several security vulnerabilities in the past, including one that allowed hackers to take over a user's webcam and microphone.
In response to these issues, Zoom has implemented several measures to improve its privacy and security, including stronger encryption, mandatory waiting rooms, and default password protection for meetings. The company has also committed to conducting regular security audits and providing more transparency about its data sharing practices.
Is Zoom end-to-end encrypted?
End-to-end encryption secures the transmission of digital information by ensuring that only the sender and intended recipient(s) of a message can access its contents. E2EE provides an additional layer of security by ensuring that only the participants in a call can access the content of the meeting. This means that even Zoom itself cannot access the data of the meeting.
Zoom offers end-to-end encryption (E2EE) for video calls, although it is not enabled by default for all calls, and it does have some limitations. For instance, certain features such as cloud recording, live transcription, and breakout rooms are not compatible with E2EE. Additionally, E2EE requires all participants to have the latest version of the Zoom app, and users cannot join a call via a web browser. If E2EE is enabled for a group meeting, some of the meeting features such as virtual backgrounds, polls, and meeting reactions will not be available.
The most up-to-date information about end-to-end encryption capabilities and restrictions in Zoom can be found here.
Where does Zoom store call recordings?
Zoom can store call recordings in the cloud or locally on the computer of the meeting host or participant who initiated the recording. If the host chooses to store the recording in the cloud, it is saved on Zoom's servers, and the host can access and share the recording via their Zoom account.
By default, Zoom records are saved locally unless Cloud Recording is enabled, in which case a popup will ask where to store the video at the start of each recording.
Are Zoom transcriptions private?
Zoom provides an automatic transcription feature that can transcribe audio from meetings or webinars. These transcriptions can be seen and downloaded by all call participants. After the call, the privacy of these transcriptions depends on the storage and sharing permissions chosen by the host. If a host chooses to store the transcripts in the cloud, they are stored on Zoom's servers, and the host can access and manage them via their Zoom account.
Can Zoom see private messages?
Private messages sent between users in Zoom Team Chat are only visible to those participants and some workspace administrators in some instances. Messages sent between users during recorded Zoom meetings or webinars are not saved as part of that recording.
Zoom says it does not monitor or access private messages exchanged between participants. However, it is important to note that Zoom may be required to disclose private messages to comply with applicable laws, regulations, or legal processes, or to protect the safety and address the security concerns of its users or the public.
How does Zoom protect users’ privacy?
Zoom offers several privacy protections to its users, including:
- End-to-End Encryption: Zoom uses end-to-end encryption to secure audio, video, and chat data. This means that only the sender and receiver of the data can access it, and not even Zoom has access to the data.
- Password Protection: Zoom meetings can be protected with passwords, which prevents unauthorized users from joining the meeting.
- Waiting Room: Zoom's Waiting Room feature allows hosts to screen participants before allowing them to join the meeting. This helps prevent unwanted guests from joining the meeting.
- Data Retention: Zoom allows users to set data retention policies, which determines how long Zoom will retain user data. Users can choose to have their personal data deleted after a certain period of time.
- Privacy Settings: Zoom offers a variety of privacy settings that allow users to control who can see their video, who can share their screen, and who can access their chat messages.
Overall, Zoom takes the privacy of its users seriously and offers several features to protect user data. However, it is important for users to also take steps to protect their own personal data by following best security practices such as not sharing sensitive information during Zoom meetings and keeping their Zoom software up to date.
Is Zoom HIPAA compliant?
Zoom for Healthcare is a Zoom plan designed superficially to meet the needs of healthcare providers and contains functionality to be used in ways compliant with the Health Insurance Portability and Accountability Act (HIPAA).
This includes entering into a Business Associate Agreement (BAA) in accordance with the HIPAA Privacy Rule, and features such as end-to-end encryption, password protection, and waiting rooms to protect users’ privacy in telehealth settings. However, all providers must ensure that users also take precautions to safeguard protected health information (PHI) while using Zoom for telemedicine.
Does Zoom support the GDPR?
Zoom supports the EU General Data Protection Regulation (GDPR) privacy law, and similar legislation elsewhere such as the California Privacy Rights Act (CPRA) and former California Consumer Privacy Act (CCPA).
Zoom has implemented various measures to comply with the GDPR, including content management, data subject access rights, and a Data Protection Addendum (DPA) that outlines the company's obligations as a data processor and the rights and responsibilities of its customers as data controllers. As with HIPAA, it’s important that administrators and users always use Zoom in ways that protect user data and confirm with GDPR and other privacy legislation in order to ensure full compliance.
How does Aware support privacy controls in Zoom?
Aware helps companies to manage their privacy and information security requirements in Zoom Team Chat through real-time compliance adherence and moderation capabilities that automatically surface risk within Zoom collaboration data.
- Granular controls normalized for each organization take a precision approach to detecting unauthorized information sharing and potential privacy risks.
- Real-time data ingestion and AI-enhanced analysis provides deeper insight for more accurate results and fewer false positives.
- Federated search based on intelligent parameters delivers complete, contextual understanding of potential risk exposures within Zoom Team Chat.
Contact us to learn more about how Aware can support greater privacy controls for Zoom and all major collaboration tools across your organization.
Get DLP, eDiscovery, and Compliance for Zoom Team Chat.