Do You Know What Information Zoom Has About Your Communications?
Mediators, arbitrators, litigators, and parties are rightly concerned about the confidentiality of communications. Mediators rely on the mediation confidentiality protections in the California Evidence Code, sections 1119 et seq, and litigators and arbitrators rely on confidentiality agreements. Today, many of us are using online videoconferencing platforms to communicate, and we also seek assurances that those platforms preserve confidentiality. The widespread use of Zoom led to concerns about how Zoom communications were encrypted, and also led to the use of passwords and waiting rooms to protect participants from unwanted intruders. And it is common at the beginning of Zoom conferences, if not earlier, to insist that participants agree that they will not take screen snapshots, or record Zoom video or chat.
But what information does Zoom preserve that might be reached by a government agency or a subpoena?
There are several online sources that are helpful in answering this question:
First and foremost, the Zoom Government Requests Guide is the place to go. The Guide discusses types of data Zoom has, data retention practices, preservation requests, U.S. and international government requests for user information, notification to users of requests for user or meeting information, details that must be included in information requests, production of documents, user consent, emergency requests, and expert witness testimony and authentication of records.
Zoom provides the following high-level summary of types of data it has: “We obtain data that users provide to us, as well as data that our system collects. We may also obtain some data from visitors to our marketing websites. . . .We have not built a mechanism to decrypt live meetings for any purpose, including lawful intercept, and we do not have the means to insert our employees or others into meetings without that person being visible as a participant. As such, we do not collect or maintain information related to meeting content unless requested by the meeting host, for example, to record and store the meeting in our cloud. Zoom does not sell user data and we have no intention of selling user data going forward.”
Zoom’s information about data it has should be read together with its Privacy Statement.
Our takeaway is that metadata may be kept by Zoom, as well as video, audio, and chat recording that the user decides to store in the cloud. The limitations to accessing such information are set forth in greater detail in the Guide.
Second, in addition to the policies described on the Zoom website, take a look at the Stored Communications Act, 18 U.S.C. sections 2701-2712. This is a law that addresses voluntary and compelled disclosure of “stored wire and electronic communications and transactional records” held by third-party internet service providers.
Third, here are some articles still available online, at the time of this post, that are relevant to understanding the accessibility of Zoom’s data:
Marc D. Alexander helps companies and individuals find cost-effective and satisfactory resolutions to a broad range of complex business disputes. After more than 35 years litigating civil business matters, Marc mediates conflict with a steadfast conviction that negotiation, patience, and persistence lead to positive outcomes in even the most challenging disputes. He authors the blog California Mediation and Arbitration and co-contributes to the blog California Attorneys Fees.
DISCLAIMER: The information contained herein is intended for informational purposes only and should not be construed as professional counsel or legal advice. Seek legal counsel for advice with respect to any legal matter. The information in this document may not reflect the most current developments as the subject matter is extremely fluid and may change daily. The content and interpretation of the issues addressed herein are subject to change.