Privacy Considerations When Using Zoom

This guidance applies to administrative meetings; guidelines for use of Zoom for instruction can be viewed here(link is external)

A. Purpose and Principles

Zoom is one of the primary approved software tools for conducting remote/virtual meetings. This document provides basic guidance on how to protect your privacy and the privacy of others when using Zoom

Note: For more general information on best practices for working remotely, please consult the Information Security Office’s Best Practices for Telecommuting Securely Page(link is external).  For privacy guidance related to working remotely consult the Campus Privacy Office Homepage.

UC Berkeley’s Privacy Values:  Privacy is a basis for an ethical and respectful workplace; and privacy, together with information security, underpins the University’s ability to be a good steward of the information entrusted to it by its students and employees.  The University protects the privacy of faculty, students and staff while working or participating in educational programs and other university business. Use of remote delivery software and technologies heightens the criticality of privacy and the need to use the least invasive means of engaging in these alternative methods of conducting our activities. Existing law and policy that address privacy remain in effect when we work remotely.

Remember that UC Berkeley Security Policies and Standards do apply to any computer you use for your Zoom session. For more specific information regarding UC Berkeley’s Security Policies and Standards, consult the Information Security Office’s Policy Home Page(link is external).

All University staff, faculty and students should follow these principles when using Zoom to conduct remote meetings:

B. Tips and Privacy Protections for Video Conferencing

  1. Users should use common sense and avoid sharing more information than necessary when using Zoom, especially when discussing confidential matters. 

    1. Ensure sensitive conversations cannot be overheard or work observed by unauthorized persons.
    2. Remember that UC Berkeley Security Policies and Standards do apply to any computer you use for your Zoom session. For more specific information regarding UC Berkeley’s Security Policies and Standards, consult the Information Security Office’s Policy Home Page.
  2. Screen Sharing Privacy
    1. Protecting Confidential Data on Your Device from Being Viewed: Avoid sharing confidential information visible on your other screens.  Before screen sharing, close all applications, emails and documents that you will not use in that session.
    2. Managing Whose Screen is Visible(link is external):   Zoom default settings for the campus are set to limit screen sharing to the host. The host can also allow screen sharing by participants.  Options are available by clicking on the up arrow by the Share Screen icon. The host can select the “host only” setting to prevent others from sharing their screens. If the host determines that screen sharing by participants is needed, sharing by “one participant at a time” should be selected.  The host should remind participants not to share other sensitive information during the meeting inadvertently.
  3. Managing Participants (tips to prevent unwanted attendees are listed below):
    1. Don’t post meeting IDs in public forums.
    2. Don’t reuse meeting access codes. You can generate a new access code for each meeting.
    3. Monitor participant list for unwanted attendees
    4. Using Zoom settings for meeting participants(link is external), the meeting host can:
      1. Limit attendance to participants who are signed in to the meeting(link is external) using the email listed in the meeting invited
      2. Set up a Waiting Room Function(link is external)
      3. Password protect(link is external) meeting access
      4. Lock meetings(link is external) once they start
      5. Mute participants(link is external) who are not presenting
      6. Remove unwanted participants(link is external)
      7. Disable private chat

Note: For more detailed instructions for how to prevent unauthorized access to your meeting in Zoom, consult the Information Security Office’s Settings for Preventing Zoom Bombing Page(link is external).

For further privacy features and options for Zoom see: https://blog.zoom.us/wordpress/2020/03/20/keep-the-party-crashers-from-crashing-your-zoom-event/(link is external)

C. Recording of Zoom Meetings and Chats

Recording of Meetings – Notice/Consent: Do I need to obtain meeting attendee permission to capture their video and save sessions?

Yes. Some US states (including California) are “two party” or “all party” consent states, which generally require the permission of both or all parties involved in a recording. While attendees participating remotely may be coming from a variety of states (or countries), we must assume the “all party” consent rule applies.

Meeting hosts should always inform attendees at the start of the meeting or in advance of the meeting if they are going to record a meeting.   Zoom automatically notifies attendees present at the start of a meeting if the meeting is being recorded.  However, meeting hosts should also verbally notify attendees that a meeting will be recorded.  Meeting hosts may also choose to explicitly require consent to be recorded via Zoom(link is external).  Attendees who do not consent will be denied access to the meeting, so we suggest its use only after you’ve communicated with your attendees, given them a chance to express any concerns, and determined an alternative for individuals who have not consented.

We recommend that you inform meeting attendees, prior to a recorded meeting, how you intend to record, use, and share video. You may also consider giving attendees options to participate without having their image or voice recorded, such as allowing them to attend with no video or audio, and the option to pose questions only in the text chat window. Because you can start and stop recordings in Zoom at any time, you can choose to include unrecorded time throughout your Zoom session, giving attendees an opportunity to discuss topics or ask questions that they do not wish to have recorded. 

As a general rule, staff meetings should not be recorded absent an articulated business purpose (including as a reasonable accommodation) that requires recording of the meeting.  Generally, you should not record a meeting if the same meeting would not be recorded if it occurred in person. 

If a staff meeting is going to be recorded, hosts should inform attendees that the meeting will be recorded in advance of the meeting and also offer attendees the opportunity to opt out of the meeting or to mute their audio and video if they object to the recording of their image or voice.  Please consider whether it is necessary to record the meeting.  Bear in mind that the recording becomes a University record that must be stored and retained appropriately and may be subject to disclosure upon request (e.g., in response to a request under the California Public Records Act or California’s Information Practices Act).   If you believe it is necessary to record a meeting, but one or more participants object to the recording, please consult your People & Culture representative.

D. Disability Accommodations 

For guidance regarding accessibility and Zoom, see the Center for Teaching and Learning’s Zoom Accessibility Considerations page(link is external). If you have specific questions regarding employee disability accommodations in connection with use of Zoom, please consult UC Berkeley Disability Access and Compliance(link is external)