COVID-19

Ethics And Risk Management In The New Reality Of Online Meetings, Classes

Information about privacy and security when using Zoom.
By Texas A&M University Office of Risk, Ethics and Compliance April 6, 2020

While we continue to adapt to the impact of COVID-19 on our communities and our institutional mission, we rely increasingly on electronic media such as Zoom meetings.

It is suggested that the host of such an online meeting only allow recording of the discussion in accordance with what would be recorded in the normal course and scope of operations.

This measure is being taken to protect the privacy of meeting participants as required by university IT rules and SAPs. In addition, participants wanting to record must obtain permission from the host and all participants in the meeting. Any recording should only be used for university business purposes. Too, such recordings may be subject to disclosure through open records, and the recordings may be subject to records retention requirements.

Any class recordings that include students are considered education records and thereby subject to FERPA. Recordings that show students may only be kept and used by the instructor of record for the current class and section in which the student participates. These recordings may not be used in subsequent semesters and, under record retention policy, should be retained for one year after the course completion.

Updates from IT on increased Zoom security:

Recent TAMU Zoom account updates

NEW: Zoom In-Meeting Security Tab added to Host’s Meeting Toolbar (available with Zoom client version 4.6.10):

Microsoft Password Vulnerability

  • Resolved with Zoom client version 4.6.9 which was available for download on 4/3/2020.

Zoombombing

  • TAMU has issued recommended guidelines for setting up a secure Zoom meeting. More information can be found here.

Cloud Recordings

  • Only individuals with a TAMU NetID and Password will be able to view TAMU Zoom cloud recordings. This is a recent TAMU change to Account Settings.
  • Only the host is allowed to download a Zoom cloud recording. This is a recent TAMU change to Account Settings.

In-Meeting Recording (applicable to Cloud or Local Recordings)

  • The host controls the ability to record. Unless the host grants permission to a participant, no other recordings can take place within Zoom.
  • When a meeting is being recorded in Zoom, “Recording…” appears in the upper left-hand corner. This is visible to all participants.

Local Recording

  • In account settings, it is possible to allow the host and participants to record the meeting to a local file.
  • The host may give participants the ability to record locally. By default, this is not enabled. You as the host have to enable this in your Zoom Advanced Settings.

Recommendations when recording students for live online proctoring using Zoom

  • It is recommended that faculty add verbiage to exam guidelines that are distributed to students ahead of the exam to disclose that the faculty member/TA will be recording the proctored exams.
  • This information should be repeated at the start of the exam once the recording has been turned on.
  • Additionally, when students register for the exam via Zoom, faculty may add a disclaimer that the session will be recorded.
  • If the students are recorded and they can be identified, the portion that shows the student(s) would be an educational record under FERPA.
  • Only the instructor and/or TAs should have access to the recording. Recordings should be retained for one year from the date of the exam.

Requirement that students use webcams on classes conducted via Zoom

  • Council of Deans on 3/11/2020 agreed that the video function would not be required.

Steps Zoom is taking

  • To accommodate the rapid increase in demand in February 2020, Chinese datacenters were added to a lengthy whitelist of backup bridges, potentially enabling non-Chinese clients to — under extremely limited circumstances — connect to them. On 4/2/2020 Zoom took the mainland China datacenters off of the whitelist of secondary backup bridges for users outside of China.
  • Permanently removed the attendee attention tracker feature (updated 4/2/2020 to clarify that it is permanently removed).
  • On 3/27/2020, Zoom took action to remove the Facebook SDK in iOS client and have reconfigured it to prevent it from collecting unnecessary device information from our users.
  • A Message to our Users
  • Response to Research from University of Toronto’s Citizen Lab

The Facts Around Zoom and Encryption for Meetings/Webinar

Kevin McGinnis
Chief Risk, Ethics, and Compliance Officer

Related Stories

Recent Stories

View Archives →