Zoom - Security and privacy
The Zoom video conferencing solution provides different options from the developer (Zoom) and operator (C4V) to increase data protection and security in conferences. The IMT sets some of the options centrally for all conferences, which can then no longer be changed. For other options, the IMT has recommendations, but you can still customize them yourself.
We recommend the following settings regarding
Data protection and confidentiality of meetings
- Use Zoom only, if no other more privacy friendly service is available. (e. g. BigBlueButton, Jitsi)
- If possibly, only use Zoom in the browser (currently not globally enabled because the client offers more features). The client needs to be downloaded and installed locally. It is more
convenient and offers more functionality than the browser. However, it needs to be installed and thus has access to your computer and data.
- Enable end-to-end encryption (currently disabled, can be enabled per host as default setting or per conference) for conferences with confidential or sensitive content e. g. in committee meetings. Here is a guide and notes on the limitations of end-to-end encryption. Link
- Store recordings (if permitted) only locally if possible. You can make them online available by using e.g. Sciebo. Don't use cloud recording!
- Save chat: The chat allows participants to make comments or discuss together during the conference. They can also send you a message or exchange messages with each other, visible to everyone, or privately. As host, you can save chats, but this is not allowed for attendees.
- Virtual Background: To protect your privacy, you can activate the virtual background in the settings or directly in the meeting in the video settings. This way, your surroundings are not visible to the other participants. Zoom offers a few backgrounds. You can upload also your own backgrounds. At  you will find backgrounds with university motifs.
- Assign a password for your conference (currently enabled as default, customizable planned to be mandatory as of 04/01/2021, exception personal meetings). Password-protect your meeting and no one can join your meeting without knowing the password. The password will be sent with the invitation. Additionally, use the option Embed the password in the meeting link (default): The meeting password is encrypted and inserted into the conference link so that participants can join with just one click without having to enter the password.
Note on passwords: Choose a new password for each meeting to prevent access by third parties. Zoom always suggests a new random password for each meeting. Do not distribute the link and password of your meeting publicly, only by (official) mail or other secure communication. (e.g., via PANDA).
Activate a waiting room (currently enabled as default, changeable). With a waiting room, you control who joins your conference. You have to accept every person manually. A waiting room is impractical for large events.
- Regardless of a waiting room check the participant list regularly in your conference. Unauthorized participants can be removed. In addition, you can also mute all participants via the participant window if there are disturbances.
- Access only for users with campus license of the University of Paderborn (currently deactivated, changeable). With this function only users of the University Paderborn can enter. This can be helpful for large courses but requires that all participants are registered with their university email addresses on the Zoom portal.
- Screen sharing by participants (currently allowed, changeable). If you disable this option, you can prevent other participants from simply sharing their content. The default setting allows you as host to interrupt the screen sharing of participants.
- Annotate/comment screen shares (default: initially enabled after sharing, so possible)
- Lock meeting: Locking a meeting allows you to prevent other people from entering the meeting during a meeting. This is especially useful when there are only a limited number of participants and everyone has already joined.
Hosts have access to most of these functions via the "Security" button at least before, but sometimes also during a meeting.
Adjustments made by the IMT
To ensure that your personal data is protected in the best possible way, we have configured Zoom in all functional areas so that only a minmal data is transmitted and stored.
Participation in meetings
- All meetings start with participant video turned off. Participants must turn their video actively on. (since 01.05.2021)
- Display of e-mail addresses via watermark is prevented.
- The use of audio watermarks is also prevented.
- A password will be set by default for all meetings, (since 01.05.2021) also for participation by phone.
- The Waiting Room is enabled for all meetings.
- Feedbacks to Zoom at the end of a conference are disabled (since 21. 02. 2021).
- Remote control via screen sharing is always enabled, sharing must be confirmed.
- Remote support is disabled but can be overridden by any host.
- Camera remote control is disabled but can be overridden by the host.
- Notification to the host in case of access of participants before the host are deactivated (since 21.02.2021).
- Automatic notification of participants in the event of cancellation of a conference is disabled (since 21.02.2021).
- Used data centers are restricted to USA and Europe
- Encryption of all data exchange between the Zoom cloud and the Zoom client and in the browser (transport encryption).
- If there are only two people in a meeting, a peer-to-peer connection is established.
- Deletion of personal data from Zoom's dashboard and reports after the shortest period of time (30 days) (since 21.02.2021).
- Login to Zoom portal / conferences with Google Facebook or Apple ID is prohibited (since 01.05.2021)
- Encryption of chats (since 01.05.2021)
- Encryption method must be chosen for every meeting.
Data exchange with other services
- Data exchange with Office 365 is disabled. ( since 02/21)
- CDN usage is disabled. ( since 02/21)
Storage of conference content
- Storage of chat communication is not possible for participants (since 21. 02. 2021)
- Automatic storage of the chat communication for the host is not possible, it must be done actively.
- Automatic storage of whiteboard content is not possible.
- Storage of conferences in the Zoom Cloud is only allowed in data centers in Germany (since 21. 02. 2021).
- Storage of chats in the Zoom Cloud is only possible for default duration (7 days) (since 21. 02. 2021).
- Local recording of meetings and recordings in the cloud are possible.
- Automatic recording at the start of the conference is generally disabled.
- Participants must give their consent to the recording of a conference.
- Audio notifications will be made when the conference recording is started or restarted (also listenable on the phone) (since 21. 02. 2021)
- Zoom - Overview of all Zoom articles