Canadian Hosting
UFV Zoom accounts are hosted in Canada.
If your meeting is created by a UFV user, your data stays within Canadian servers.
Inform students not to use free Zoom accounts as they are are hosted on US servers and do not fall within UFV’s educational license.
FIPPA Compliance
UFV configures Zoom's system-wide settings to prioritize the security and privacy of all UFV faculty, staff, and students.
To reduce privacy and security risks, UFV sets these Zoom default settings:
- Require a password to join all meetings.
- Enable the "Waiting Room" feature to allow the host to control who enters the meeting.
- Mute all participants on entry to a meeting.
- Disable file transfers within chats.
- Disable the ability to allow others to take control of a screen share (remote control).
- Disable the ability to allow others to take control of someone’s camera during a meeting.
Zoom Privacy Considerations
When using Zoom at UFV, you must comply with the Freedom of Information and Protection of Privacy Act (FIPPA).
Anyone recording sessions in UFV Zoom is required to meet privacy obligations under the FIPPA.
With work from home options, many zoom recordings may involve personal environments.
Remind participants the option of either turning off their cameras or using a virtual background.
If recording sessions using third-party applications or non-UFV Zoom accounts get attendees’ knowledge and/or consent.
All recorded content may be subject to a formal access to information request made under FIPPA.
If you prefer only to use Zoom, learn how to only allow users with Zoom accounts to join your meetings.
Note: If you choose to upload a chat transcript for a meeting, be aware that all chat content for that meeting, including private chat content, will be included in the transcript.
Zoom Recording Rationale
UFV strongly recommends not recording meetings as there is always the potential that personal information may be discussed.
UFV departments that do record a meeting should ensure they have an appropriate business rationale for recording a Zoom meeting.
Administrative convenience, or ease of recording meeting minutes or notes, is not an appropriate rationale.
Prior to Zoom, UFV staff meetings, academic advising sessions, student meetings, job interviews, etc. have not been typically recorded.
Unless a specific rationale exists to justify a recording, it would not be appropriate to now start recording such events.
Zoom Recording & FIPPA Requirements
In the event a Zoom meeting is recorded, UFV departments must follow these FIPPA requirements:
Store recordings only in Canada
Zoom offers the ability to store recordings locally on a computer.
Avoid copying or sharing to a cloud service, such as Google Drive or Dropbox as the information would then be stored on servers outside of Canada.
Consider filing recordings with other UFV-related records on a secure UFV department drive.
Never leave recordings on a personal device.
Provide a formatted collection notice
If you record, FIPPA requires you present a collection notice to an individual(s) that their personal information is being collected.
The notice must clearly define the business purpose for the collection of personal information, the legal authority for the collection, and the contact information of a UFV officer or employee who can answer questions regarding UFV's Standard Collection Notice.
It is recommended sending it as part of your calendar invitation (see example below):
Sample Collection Notice
This Zoom meeting will be recorded. As a result, the University of the Fraser Valley (“UFV”) may collect your name, image, voice, and any information shared during the course of the meeting. This recording is made under the authority of the "University Act", and "s.26(c) of the Freedom of Information and Protection of Privacy Act". The recording of this meeting and any information shared within it will be used for the purpose of [insert rationale for recording meeting]. Please direct any information about this collection of personal information to [name] at [insert department or business unit] at UFV at [insert phone number of person to answer questions] or [insert email address of person to answer questions].
Control who can access the recordings
Access to recordings can only be granted to UFV employees when it is necessary for the performance of their work duties.
The sharing of the recordings in the absence of a legitimate business need is not authorized.
Only use recording for its intended purpose
A participant’s personal information can only be used for the purpose for which it was obtained and compiled or for a use consistent with that purpose, and secondary uses of the recordings are not authorized.
Zoom Chat Transcripts
Chat conversations and transcriptions in Zoom can be:
Public and can be viewed by anyone in the meeting.
Private chats between two attendees.
Saved by any attendee that took place between other participants after a meeting.
Saved on a user’s local computer by default when downloaded.
Note: Participants are required to let others know before saving chat transcripts.
Records storage from Chat in Zoom
Records should not be stored within chat platforms.
After collaborating in Zoom, move any business records to a centralized storage system such as a department drive.
Transcriptions of Zoom chat and recordings follow the UFV Records and Information Management program.
Destroy Zoom transitory records when no longer of use on chat platforms as per UFV’s transitory records schedule.
Keep Uninvited Guests Out of Your Zoom Meeting
If a Zoom meeting link is shared publicly, anyone (within or outside of UFV) could potentially enter the meeting.
For larger meetings/events, follow these practises:
Avoid using your Personal Meeting ID (PMI) to host the meeting.
Allow only the host to share their screen and/or approve screen-sharing requests from attendees.
Learn and use Zoom options such as: