Insights
Publications

Zoom Successfully Addresses New York’s Privacy and Security Concerns

May 29, 2020 Blog

A few weeks ago on this blog, we addressed some of the legal issues that have arisen for Zoom, as it becomes a significant part of American daily life during the COVID-19 pandemic. 

Among those legal issues was an inquiry by the New York State Attorney General into Zoom’s privacy practices, and particularly into its measures to detect and prevent hackers or other outside parties attempting to observe or interfere with online meetings. In several incidents, the third parties interrupted meetings with disturbing messages or images. In fact, two other states – Connecticut and Florida - joined the New York probe after state government officials fell victim to “zoombombing.” Based on perceived security flaws, on April 6, 2020, the New York City Department of Education implemented a ban on public schools’ use of Zoom for classes and educational purposes. 

These problems inspired Zoom to implement a 90-day plan to expand security measures on its platform. It established a special version of its platform that is licensed by the New York City Department of Education. That version allows teachers to control what is shared and who participates in online class sessions, and prevents students from chatting privately with their classmates outside their teachers’ view. As a result of these, and other expanded security measures, on May 6, 2020 the New York City Department of Education lifted its ban on schools’ use of Zoom.

Around the same time, the company reached an agreement with the New York Attorney General’s office, which further expanded protections for those using the platform, even outside an educational context. Specifically, Zoom agreed to increase hosts’ ability to control their web conferences by allowing them to do the following:

  • implement password protection (by default), or place users in a digital waiting room before accessing a meeting;
  • control access to private messages sent via Zoom chat;
  • control which, if any, participants can share screens; and
  • limit access to email domains in a Zoom directory, or limit participation to specific email domains.

Zoom also agreed to take steps to stop sharing user data with Facebook, and to disable a feature which shared LinkedIn profiles with users. Many of the agreed-upon measures have already been implemented by Zoom, which has agreed to submit a copy of its annual data security assessment to the New York Attorney General’s office for review.

Zoom’s quick response to New York’s privacy and security concerns appears, thus far, to have helped it continue its forward momentum.

Firm Highlights

Publication

Using Multi-Factor Authentication as a Prerequisite to Cyber Liability Coverage

Multi-factor authentication (MFA) is more than an annoying popup or text message when logging onto a company’s website or platform. Not only is using MFA a sound security practice and good business, it is frequently...

Read More
Publication

The War Exclusion in a Time of War

The “war” exclusion has gotten more attention over the past couple of weeks in light of Russia’s invasion of Ukraine. For good reason. This exclusion, common in property and liability policies alike, typically eliminates...

Read More
Publication

Continuing Use of CGL Policies to Cover Data Breach Losses

Our lives and the products and devices we use become more dependent on data by the day. As a result, cyberattacks and data breaches present everchanging risks to companies and individuals, and the importance...

Read More
Publication

How to Guard Against 3 Cannabis Cyber Attack Risks

Cyber attacks are now commonplace. Ransomware attacks, in particular, have skyrocketed in frequency and size. High-profile data breaches have cost businesses in the United States millions of dollars in losses and incalculable reputational harm...

Read More
News

Janice Reicher Named a 2022 Leadership Council on Legal Diversity Fellow

Farella Braun + Martel is proud to announce that Janice Reicher has been named a member of the 2022 class of Leadership Council on Legal Diversity (LCLD) Fellows. Janice joins a select group of...

Read More
Publication

hiQ’s Groundbreaking Injunction Against LinkedIn Reaffirmed: Scraping of Publicly Available Data Likely Does Not Violate CFAA

The U.S. Court of Appeals for the Ninth Circuit has affirmed its prior decision , holding that LinkedIn could not block hiQ, a scraping entity, from scraping public LinkedIn profiles. The court found it was...

Read More
Event

How hiQ Labs v. LinkedIn and Cases Following It Have Changed U.S. Law on Scraping

Alex Reese is a speaker at OxyCon's 2022 web scraping conference for the session "How hiQ Labs v. LinkedIn and Cases Following It Have Changed U.S. Law on Scraping." To register for the conference, please click...

Read More
Publication

Caught in the Crossfire — How will the war exclusion affect commercial policyholders?

The war exclusion has received a lot of attention over the past year, particularly since Russia invaded Ukraine in February. Policyholders’ concern that insurers will assert the exclusion as a basis to deny coverage...

Read More
Publication

Maximizing Your Insurance Coverage for Data Privacy Liability

With news of massive data breaches making headlines in recent years, the handling of personal data has become a focus for legislators and regulators around the world. Compliance with data privacy regulations such as the...

Read More
News

LinkedIn Loses Data Appeal

Erik Olson was quoted in the article "LinkedIn Loses Data Appeal" in CDR Magazine . In the article, Erik said: We are pleased to see that the Ninth Circuit has again affirmed, in light...

Read More