Zoom Meetings: Duke Terms of Service

 

For more information or to access Zoom Meetings visit https://oit.duke.edu/what-we-do/applications/zoom-meetings 

Zoom Meetings is available to Duke University campus based faculty, staff, and students. Eligible faculty, staff, and students automatically have access to Zoom Meetings.

Use of Service

• Sensitive information, including PHI, may be discussed during a live Zoom Meeting when recording is not in use. Sensitive information should not be recorded, typed into a meeting description, or any other text field that may be stored within Zoom
• Zoom audio-only recordings may be used for transcription of some University based (not Duke Health) research interviews after approval by the Campus IRB and the published guidelines are followed
• Duke Zoom users are responsible for managing their cloud recordings and should delete unneeded recordings routinely. NOTE: Zoom retention policies are enabled that move recordings to the trash depending on affiliation (faculty 5 years, all other affiliations, 180 days) 
• While recordings may be stored and shared directly from your Zoom account, consider using an appropriate public facing hosting site (Panopto, Sakai, or public service such as YouTube) if you plan on providing wide access to your recording. You may also download recordings to store in department/program specific data repositories like Box or OneDrive
• When you leave Duke, your Duke Zoom account and associated recordings will automatically be deleted according to existing Duke account management policies
• Zoom webinar and Zoom rooms, are available for purchase through Duke Software Licensing. Departments should work with their local IT staff to submit these requests. Please allow 2-4 weeks for availability. NOTE: Zoom webinars and large meetings are available for temporary use (see KB0032731 for more information). 

Privacy with Duke's Zoom

Duke's corporate contract was executed with Zoom in March of 2019. This contract was reviewed and signed off on by Duke's Legal, Privacy and Security Offices. The Duke-Zoom contract has provisions that protect privacy and implement security protections which supersede the standard EULA (End User License Agreement) that an individual sees when signing up for a free or consumer account with Zoom. Specifically: 

• Zoom does not have ownership of content or data originated from Duke that is stored or transmitted using Zoom. For privacy and intellectual property implications of recorded class sessions, the same policies apply on campus and online. The Duke Policy on Intellectual Property Rights in the Faculty Handbook (Appendix M) “reaffirms [the university’s] traditional commitment to the personal ownership of intellectual property rights in works of the intellect by their individual creators…”. See Keeping a College Class Going During an Emergency for more information.
• Zoom maintains physical and technical safeguards to prevent unauthorized disclosure of or access to Duke Data and complies with the Duke’s Data Security requirements as outlined in the contract.
• With respect to confidential data such as data related to the Family Educational Rights and Privacy Act (FERPA), Health Insurance Portability and Accountability Act (HIPAA) or Gramm-Leach-Bliley Act (GLBA), Zoom has agreed to further protect the records and hold the confidential data under strict security and privacy protections, not sharing with any other party without the prior written agreement of Duke.
• Zoom may only use data associated with Duke’s Zoom instance to improve the service or investigate issues, much like Duke IT staff might do with normal Duke IT systems to address issues. Specifically, Zoom is prohibited from sharing or using in any way content information, especially that related to the confidential data above, including with other parties.

Together these provisions ensure Duke use of Zoom is well secured and well within the control of Duke, much as it would be if we were running the system ourselves.

Registering to use Zoom with a Duke NetID (https://oit.duke.edu/what-we-do/applications/zoom-meetings) ensures that these protections will be applied to your account, and meetings and recordings associated to your account. Please note that Zoom's protections with regards to HIPAA data do NOT extend to Recordings. Therefore, no Zoom meetings involving protected health information (PHI) can be recorded.

For assistance with Zoom Meetings, please contact your local IT support, the DHTS Service Desk or the OIT Service Desk.