FAQ on Privacy & Security issue of ZOOM
How to reduce the risk of "Zoombombing"?

Zoombombing refers to the situation when uninvited people break in and disrupt your Zoom meeting. Such cases can be prevented by properly setting up your Zoom meetings, including the following:

  • Only allow authenticated users to join — This will restrict your meeting to HKUST users by requiring attendees to join using their HKUST logon credentials. Our help page shows how to apply this setting in Zoom and Canvas. This is the most effective action that can be taken to limit "Zoombombing", and is the current default setting adopted in HKUST. Please note that previously scheduled meetings (recurrent or not) will not be updated even after you change your default setting. You need to select this setting by editing the setting of previously scheduled meetings. 
  • Don’t publicize Zoom links, Meeting IDs and passwords — The more people who know the link to your meeting, the greater the likelihood of it being leaked to intruders. If you have meetings that need to be shared broadly or include external participants, read more on Best Practices for protecting your ZOOM meetings.
  • Lock your meeting — The Security toolbar icon has been added to the menu bar in the latest Zoom version.  The meeting host can easily lock the meeting once the expected participants have joined.
  • Enable a waiting room  — The Security toolbar icon also supports the host or co-host to enable a waiting room such that new attendees are allowed in manually.
  • There are other settings to consider when scheduling your meetings:
How to address disturbances caused by a participant in a Zoom meeting?

If someone is disturbing your Zoom meeting, the meeting host can use the following tool to regain control of the meeting: 

  • Remove a participant  — If some people are disturbing a meeting, remove them from the session. Remember to lock the meeting too because they may return otherwise. 
  • The host may also choose milder controls to prevent participants from disturbing the meeting inadvertently:
    • Disable screen sharing
    • Disable chat

All of the above controls can be accessed by the Security toolbar icon for Host in the latest version of Zoom client software. See recent ZOOM Blog for more information.

Does Zoom share any user data with third parties that could qualify as “selling”? What about selling or providing user data to Google?
  • According to ZOOM's Privacy Policy, Zoom does not sell user data. Like most software companies, Zoom uses third-party advertising service providers (like Google) for marketing purposes: to deliver tailored ads to users about products the users may find interesting. (For example, if you visit Zoom's website, later on, depending on your cookie preferences, you may see an ad from Zoom reminding you of all the features that Zoom has to offer). It’s important to note that the tailored ads are only used when you visit zoom.us site, but have nothing to do with your use of Zoom’s products (video meetings, audio meetings, etc.).
  • If you do not want to receive targeted ads about Zoom, simply click the “Cookie Preferences” link at the bottom of any page on the zoom.us site and adjust the slider to “Required Cookies.”
Is it true person-to-person in meeting chat messages could be later sent to someone else after a call is recorded to the cloud?

No, Private Chats are not made available to the meeting host. However, Chats to Everyone may be stored by the meeting host. See ZOOM's Help Center for more information.

Is Zoom compliant with privacy laws in other jurisdictions like the GDPR?

Zoom explictly states (see here) that they comply with all applicable privacy laws, rules, and regulations in the jurisdictions within which they operates, including the GDPR (see here). 

Can users request information about what data are collected on them?

Yes, according to Zoom's Data Subject Rights, they will provide information about what types of personal data are collected from you regardless of geographic location. For more information, see ZOOM Privacy Policy.

Does Zoom provide encryption on meetings or chats involving education users/students?

ZOOM was found to be using in AES encryption in ECB mode for real-time meeting content (video, voice, and content share), this encryption was known to be not ideal in modern encryption technology. ZOOM have recently released a new ZOOM client software - v5.0, which they states to upgrade the encryption to AES-256 GCM. After 30-May-2020, ZOOM will be enforcing this new encryption for all ZOOM meetings and older clients software will be required to be upgraded to this new version before they can join any meetings.

ITSC recommend our users to upgrade their ZOOM client software to the newest version asap. For further information on Zoom encryption, please read ZOOM's Encryption White Paper.