The University of Toronto provides a number of institutionally supported solutions for online meetings and collaboration that have little to no additional costs associated with them, and have been reviewed for their privacy and security in various settings (aside from clinical data). A list of these tools can be found on the Enterprise Video-conferencing & Video Meeting Resources website
Zoom is not officially supported and the tool is to be used at your own discretion.
Previously available free of charge, no time limit, basic Zoom accounts have now a 40-minutes per session time limit.
If you are intending to use Zoom, please review these considerations: #
Your data may leave Canada #
Zoom may transmit your “Customer Content” (i.e. data/files that you may show, talk about, or chat about during a meeting) through geographic regions outside Canada, as it uses a number of global data centres to provide its service. Zoom may attempt to use data centres that are geographically closer to where your participants reside, or use alternate data centres to help improve the quality of transmission if certain data centres are not performing well.
If you choose to record your sessions and store them via the cloud option then this data may be stored outside of Canada, quite possibly in the USA and therefore subject to their laws around who can access it.
If you are concerned about your customer content leaving Canada, you should not use Zoom.
Confidentiality #
Transmission of customer content is encrypted, but when it passes through the Zoom’s servers (which is how it is transmitted to meeting participants), it is technically possible for Zoom to see the customer content as it only encrypted in transmission, and not as it passes through these servers.
This risk is mitigated by Zoom’s Privacy Policy that states, “Zoom does not monitor or use customer content for any reason other than as part of providing our services. Zoom does not sell customer content to anyone or use it for any advertising purposes.”.
If you are concerned about Zoom being able see your customer content (and possibly being compelled by foreign governments to see it), then you should not use Zoom.
Meeting security #
Zoom’s popularity has increased in large part due to its ease of use and how easy it may be to join a meeting. New types of attacks have arisen called Zoom bombings that allow unauthorized users to join meetings and show inappropriate/offensive materials. Zoom has a number of security features to prevent this, but note that this may require more actions by participants to join the meeting (e.g. entering a password).
Users hosting Zoom meetings should be familiar with the options that may affect the security of their meetings and the privacy of its participants.
Keeping Zoom client up to date #
Like any software application bugs and flaws may exist in the Zoom software and are periodically uncovered. Some are minor and some have the potential to be serious. It’s always a good practice to keep your Zoom client up to date to have it patched against any known bugs or security flaw.
Hosts and participants should ensure the Zoom client they are using remains up to date.
Recommended settings for Zoom to minimize security and privacy risks #
The following settings are strongly recommended to help minimize the security and privacy risks associated with using Zoom. We recognize that these settings may not work in all contexts (e.g. having the waiting room to admit 250 learners), and have attempted to select the options that work for the majority of cases.
Meeting settings #
When you share your meeting link on social media or other public forums, that makes your event extremely public. Anyone with the link can join your meeting if you don’t require a password or authentication.
- Require a password to enter the meeting
- Screen sharing is set to host only
- Attention tracking is set to off
- Waiting room is set to on by default so that the host must admit users
- Avoid using your Personal Meeting ID (PMI) to host public events and enable PIN.
Note: all of the above recommended settings are provisioned by default for Zoom accounts issued by the Faculty IT office.
Manage Participants #
- Lock the meeting: It’s always smart to lock your front door, even when you’re inside the
house. When you lock a Zoom Meeting that’s already started, no new participants can join,
even if they have the meeting ID and password (if you have required one). In the meeting, click
Participants at the bottom of your Zoom window. In the Participants pop-up, click the button
that says Lock Meeting. - Remove unwanted or disruptive participants: From that Participants menu, you can mouse
over a participant’s name, and several options will appear, including Remove. Click that to
kick someone out of the meeting. - Mute participants: Hosts can mute/unmute individual participants or all of them at once.
Hosts can block unwanted, distracting, or inappropriate noise from other participants. You can
also enable Mute Upon Entry in your settings to keep the clamor at bay in large meetings. - Disable private chat: Zoom has in-meeting chat for everyone or participants can message
each other privately. Restrict participants’ ability to chat among one another while your event
is going on and cut back on distractions. This is really to prevent anyone from getting
unwanted messages during the meeting. - Turn off file transfer: In-meeting file transfer allows people to share files through the in-meeting
chat. Toggle this off to keep the chat from getting bombarded with unsolicited pics,
GIFs, memes, and other content. - Enable authentication profiles: Enable authentication profiles to restrict participants who can join a meeting or webinar to those who are logged into Zoom, and even restrict it to Zoom users who’s email address uses a certain domains (http://utoronto.ca,*.utoronto.ca,*.toronto.edu).
- Waiting Room: One of the best ways to use Zoom for public events is to enable the Waiting Room feature. Just like it sounds, the Waiting Room is a virtual staging area that stops your guests from joining until you’re ready for them. Meeting hosts can customize Waiting Room settings for additional control,
and you can even personalize the message people see when they hit the Waiting Room so they
know they’re in the right spot. This message is really a great spot to post any rules/guidelines for
your event, like who it’s intended for.
Recording settings #
Only record meetings when necessary. When recording, record locally if possible but understand this may affect your meeting experience.
- Allow hosts to record meetings locally (i.e. on their computer)
- Allow hosts to record meetings to the cloud (i.e. on Zoom’s servers)
- Records the active speaker with shared screen
- Records an audio file
- Saves chat messages
- Display participant’s names in recording
- Record thumbnails when sharing
- Automatic record is set to off
- Only the host can download cloud recordings
- Host can delete cloud recordings
- Ask participants for consent when a recording starts
Phone settings #
Phone numbers are masked in the participants list (e.g. they will show up as 888****123)
Learning more about Zoom #
- If you have ten minutes or less: Watch this 8:00 minute technical overview video, “How to use Zoom.
- If you have an hour: Watch this 60:00 minute overview of how other instructors (from the University of Washington) have used Zoom to enhance their teaching.
- See more tips to keep Zoom rooms secure.
- Best Practices for Securing Your Virtual Classroom.
- Zoom Knowledge Base (UTM)