Support Centre

You have out of 5 free articles left for the month

Signup for a trial to access unlimited content.

Start Trial

Continue reading on DataGuidance with:

Free Member

Limited Articles

Create an account to continue accessing select articles, resources, and guidance notes.

Free Trial

Unlimited Access

Start your free trial to access unlimited articles, resources, guidance notes, and workspaces.

USA: FTC settlement with Zoom requires implementation of information security program

The Federal Trade Commission ('FTC') announced, on 9 November 2020, a proposed settlement with Zoom Video Communications, Inc. over its security and privacy practices. In particular, the FTC alleged in a complaint that Zoom had misled consumers into believing that a higher level of security and encryption was available, when in fact Zoom had provided a lower level of end-to-end encryption. Specifically, the complaint alleges, among other things, that Zoom had misled some users about the storage of recorded meetings on the company's cloud storage by falsely claiming that those meetings were encrypted at the end of the meeting, when instead some recordings were allegedly stored unencrypted for up to 60 days on Zoom's servers before being transferred to its secure cloud storage.

As such, the settlement prohibits privacy and security misrepresentations and requires Zoom to, among other things, establish and implement a comprehensive information security program with specific measures, such as annually assessing and documenting potential internal and external security risks and develop ways to safeguard against such risks, implement a vulnerability management program, and deploy safeguards such as multi-factor authentication and instituting data deletion controls.

You can read the press release here, the complaint here, and the settlement here.