User data storage and login to Zoom

The Zoom service is implemented through NORDUnet in a Nordic manner in compliance with Finnish law and European data protection regulations.

HAMK does not use Zoom’s own servers, but a solution jointly tendered by Nordic higher education institutions. The Zoom service is provided by to HAMK offers CSC Center for Scientific Computing. Technically, NORDUnet from Denmark is responsible for the operation. More information about NORDUnet’s operations, link. Read more about GDPR and data protection in Nordunet Zoom.

All data is transmitted between participants on servers reserved for NORDUnet’s use, which are located in Denmark and Sweden. All communication in Zoom is encrypted between the server and the participants.

Data protection matters have been agreed quite precisely for Zoom, as well as for other services chosen for us, already in connection with the tender.

HAM residents are instructed to always log in to Zoom with the Single Sign-On (SSO) option, in which case the user is directed directly to Haka login. Other login methods, such as email login, do not work with HAMK credentials. Participating in the session does not require the user to log in.

Also take a look at Zoom’s own documentation: https://zoom.us/docs/doc/Zoom-Security-White-Paper.pdf.

Session recording and chat message recording

The host of the session or a participant who has been separately given permission to record the session can make a recording. This should be discussed together before starting the recording. Session participants will see an icon on the screen during the recording, indicating that the recording is in progress.

During the session, the host of the session can save the public messages as well as the private messages that he himself has received. Chat messages are automatically saved if the session is recorded. Private messages of other users are not saved. More information in Zoom’s own instructions, link.

Possible external persons in the session

The Host can remove people from the session with the Remove function.

Update 9.4: the host has a Security button, which contains the following functions:

• You can lock the session
• The host can use the waiting room, from which the participant must be accepted into the actual session and
• the host can control participants’ use of chat or screen sharing.

More tips to prevent potentially disturbing behavior, such as drawing on the screen, i.e. preventing annotation, on Zoom’s blog, link.

Actions in a web session

It is good to remember a few rules of thumb when using all online session services:

• The microphones are kept closed when do not have your own speech.
• You should cover the webcam lens with tape or a post-it note if the device does not have a mechanical flap that can be used to cover it. This way you can prevent that you accidentally show more than you thought when sharing the camera feed. By default, video is not shared when joining a Zoom session.
• When sharing the screen or screen, remember to take care of data protection. Guide: link
• Use the latest available application version of the online session service.