Insights
Publications

Zoom Successfully Addresses New York’s Privacy and Security Concerns

May 29, 2020 Blog

A few weeks ago on this blog, we addressed some of the legal issues that have arisen for Zoom, as it becomes a significant part of American daily life during the COVID-19 pandemic. 

Among those legal issues was an inquiry by the New York State Attorney General into Zoom’s privacy practices, and particularly into its measures to detect and prevent hackers or other outside parties attempting to observe or interfere with online meetings. In several incidents, the third parties interrupted meetings with disturbing messages or images. In fact, two other states – Connecticut and Florida - joined the New York probe after state government officials fell victim to “zoombombing.” Based on perceived security flaws, on April 6, 2020, the New York City Department of Education implemented a ban on public schools’ use of Zoom for classes and educational purposes. 

These problems inspired Zoom to implement a 90-day plan to expand security measures on its platform. It established a special version of its platform that is licensed by the New York City Department of Education. That version allows teachers to control what is shared and who participates in online class sessions, and prevents students from chatting privately with their classmates outside their teachers’ view. As a result of these, and other expanded security measures, on May 6, 2020 the New York City Department of Education lifted its ban on schools’ use of Zoom.

Around the same time, the company reached an agreement with the New York Attorney General’s office, which further expanded protections for those using the platform, even outside an educational context. Specifically, Zoom agreed to increase hosts’ ability to control their web conferences by allowing them to do the following:

  • implement password protection (by default), or place users in a digital waiting room before accessing a meeting;
  • control access to private messages sent via Zoom chat;
  • control which, if any, participants can share screens; and
  • limit access to email domains in a Zoom directory, or limit participation to specific email domains.

Zoom also agreed to take steps to stop sharing user data with Facebook, and to disable a feature which shared LinkedIn profiles with users. Many of the agreed-upon measures have already been implemented by Zoom, which has agreed to submit a copy of its annual data security assessment to the New York Attorney General’s office for review.

Zoom’s quick response to New York’s privacy and security concerns appears, thus far, to have helped it continue its forward momentum.

Firm Highlights

News

Prop. 24 Passes: What Companies Need To Know About the New Privacy Law

Nate Garhart spoke to the San Francisco Business Times on the steps companies can take to prepare for the California Privacy Rights Act (CPRA). He noted that if the CPRA applies to your business, then...

Read More
Publication

Undergoing Bankruptcy Proceedings? Here’s How to Make Sure PII Maintains Its Value

Due to the COVID-19 pandemic, some businesses are considering potential liquidation or restructuring through bankruptcy. Companies in this situation should keep privacy concerns in mind, because the handling of personal data in bankruptcy proceedings...

Read More
Publication

Arbitration Agreements in Privacy Disputes: The Wyze Decision and the CCPA

Earlier this year, a number of individuals brought a lawsuit in the United States District Court for the Western District of Washington against Washington-based company Wyze Labs, Inc (Wyze), which manufactures “smart” home cameras...

Read More
Publication

PSDcast – Is Energy Companies' Customer Data a Trade Secret?

We often focus on the privacy issues involved in data collection – and they are critically important – while neglecting the idea of data as a tangible and valuable resource (and how to protect...

Read More
Publication

Electric Fence: Protecting Proprietary Rights in Collected Energy Data

Like companies in other industries, a growing number of modern energy-related companies are focusing their efforts on data collection and analysis. For example, Enphase – an energy technology company – regularly tracks data about how...

Read More
Publication

Proposition 24: California’s Ever-Evolving Privacy Landscape

Next Tuesday is election day, and this year, California voters are deciding whether to support another statewide privacy initiative – the California Privacy Rights Act (CPRA) (Proposition 24).  This measure would expand on the...

Read More
Publication

Three Steps Licensees Can Take to Protect Their IP Rights in Bankruptcy

During periods of widespread economic disruption such as the present, operating businesses must be able to identify and respond to threats to the financial health of their contracting counterparts in order to protect key...

Read More
Publication

Privacy During Bankruptcy Proceedings: Why It Matters

During these particularly trying times resulting from the COVID-19 pandemic, businesses of all sizes have been concerned about the future. As a result, considering potential liquidation or restructuring through bankruptcy is inevitably starting to...

Read More
Publication

Top 10 Practical Business Implications Arising From the Passage of the CPRA

California’s Proposition 24 passed as expected, and the new California Privacy Rights Act will change the privacy landscape created by the California Consumer Protection Act (CCPA), which went into effect only months ago. While...

Read More
Publication

Twists in the Plot: California AG Releases Final CCPA Regulations

With a little time to consider the  finalized California Consumer Privacy Act regulations  released by the California Attorney General on August 14, 2020, it is clear that some last-minute negotiations (or perhaps just some...

Read More