The University of Toronto provides a number of institutionally supported solutions for online meetings and collaboration that have little to no additional costs associated with them, and have been reviewed for their privacy and security in various settings (aside from clinical data). A list of these tools can be found on the Enterprise Video-conferencing & Video Meeting Resources website
Zoom is not officially supported and the tool is to be used at your own discretion.
Previously available free of charge, no time limit, basic Zoom accounts have now a 40-minutes per session time limit.
Zoom may transmit your “Customer Content” (i.e. data/files that you may show, talk about, or chat about during a meeting) through geographic regions outside Canada, as it uses a number of global data centres to provide its service. Zoom may attempt to use data centres that are geographically closer to where your participants reside, or use alternate data centres to help improve the quality of transmission if certain data centres are not performing well.
If you choose to record your sessions and store them via the cloud option then this data may be stored outside of Canada, quite possibly in the USA and therefore subject to their laws around who can access it.
If you are concerned about your customer content leaving Canada, you should not use Zoom.
Transmission of customer content is encrypted, but when it passes through the Zoom’s servers (which is how it is transmitted to meeting participants), it is technically possible for Zoom to see the customer content as it only encrypted in transmission, and not as it passes through these servers.
If you are concerned about Zoom being able see your customer content (and possibly being compelled by foreign governments to see it), then you should not use Zoom.
Zoom’s popularity has increased in large part due to its ease of use and how easy it may be to join a meeting. New types of attacks have arisen called Zoom bombings that allow unauthorized users to join meetings and show inappropriate/offensive materials. Zoom has a number of security features to prevent this, but note that this may require more actions by participants to join the meeting (e.g. entering a password).
Users hosting Zoom meetings should be familiar with the options that may affect the security of their meetings and the privacy of its participants.
Like any software application bugs and flaws may exist in the Zoom software and are periodically uncovered. Some are minor and some have the potential to be serious. It’s always a good practice to keep your Zoom client up to date to have it patched against any known bugs or security flaw.
Hosts and participants should ensure the Zoom client they are using remains up to date.
The following settings are strongly recommended to help minimize the security and privacy risks associated with using Zoom. We recognize that these settings may not work in all contexts (e.g. having the waiting room to admit 250 learners), and have attempted to select the options that work for the majority of cases.
When you share your meeting link on social media or other public forums, that makes your event extremely public. Anyone with the link can join your meeting if you don’t require a password or authentication.
Note: all of the above recommended settings are provisioned by default for Zoom accounts issued by the Faculty IT office.
Only record meetings when necessary. When recording, record locally if possible but understand this may affect your meeting experience.
Phone numbers are masked in the participants list (e.g. they will show up as 888****123)