Zoom Service Policy

Bryn Mawr College maintains a subscription to Zoom, a cloud-based web-conferencing service, which students, faculty, and staff can use to record, stream and share audio and video recordings. All College community members who use Zoom are subject to Zoom’s terms of service. Zoom’s privacy policy explains what data the company collects from users and how the company uses that data. 
This document outlines additional, internal policies that LITS has adopted to manage Zoom as a service for the Bryn Mawr College community. These internal policies augment, but in no way override, Zoom’s policies.

Terms of Use

As with any College-provided IT resource, all users must follow the terms of Bryn Mawr College’s Acceptable Use Policy when using Zoom; failure to do so may result in the penalties outlined in that policy.

Data Collection and Privacy

Panopto’s policies explain the rights that you and Zoom have with respect to the User-Generated Content that you create or upload to Zoom (e.g., recordings; see terms of service) and any Personal Data generated by your use of Panopto (see privacy policy). Personal Data includes the “Account Data” and “Operation Data” generated as you interact with Zoom, such as data about meetings you schedule and time-stamped information about the meetings and webinars you attend or recordings you view. 

This policy clarifies only who at Bryn Mawr College can see User-Generated Content and Personal Data stored in Zoom. 

Access permissions on Zoom are role-based: 

• The person who schedules a Meeting or Webinar has a “Host” role, which enables them to:
  • Control what other participants can see and do during the Meeting or Webinar, including whether they can record locally and save chat and audio transcription files. 
  • Record the meeting, save chat and audio transcription files, and manage and control access to these recordings and files. By default, Zoom shares links to recordings and saved files with participants, but recordings can’t be downloaded; hosts can override these defaults for meetings they control. 
  • If a Host enables registration, Hosts can view and download the registration list and any Personal Data individuals provided when registering.
  • If polling is enabled, Hosts can view and download a record of poll responses; in non-anonymous polls, responses will be tied to the individual’s screen name (and email address if registration is enabled).  
• Participants can see only the Content and data that Hosts enable them to see. 
• A small number of Library and Information Technology Services (LITS) staff have Admin roles in Zoom and can access all User-Generated Content, user Account Data, and Operational Data related to the College’s account.
  • Admins use content and data pertaining to individual, identified users to the extent needed to:
    • Keep the system running, 
    • Help users troubleshoot and fix technical issues
    • Provide the Honor Board or Offices of the Undergraduate Dean, the Dean of the Graduate School of Social Work and Social Research, or the Dean of the Graduate School of Arts and Sciences with data and information needed to adjudicate questions of credit and academic integrity
    • Provide administrative offices with data needed to conduct college business.
  • Admins may also compile, store, and share aggregated, anonymized Account and Operational Data as needed for the purposes of educational research and college business, but this data will not be traceable to identifiable individuals.

All use of data collected and stored in Zoom, including use by Admins, is governed by the terms of Bryn Mawr College’s Data Handling Policy; failure to observe these terms can result in the penalties described in that policy. Files downloaded from Zoom, including but not limited to recordings, transcripts, and reports must also be used, transmitted, and stored in a manner consistent with Bryn Mawr College’s Acceptable Use and Data Handling Policies.

FERPA (Family Educational Rights and Privacy Act) law also governs the use of student educational records collected and stored on Panopto, such as recordings of course meetings. More information about the rights and responsibilities created by this law and related College policies.

Record Retention

Our Zoom license provides very limited storage for cloud recordings. LITS has connected Panopto and Zoom and all Zoom Meetings and Webinars that are recorded to the cloud are automatically ingested into Panopto for longer-term storage. Cloud recordings will be deleted from Zoom after 90 days; the copies stored in Panopto will be retained according to the schedule specified in our Panopto Service Policy.   

Users can delete their recordings any time. For privacy reasons, LITS strongly recommends deleting recordings containing identifiable persons as soon as the recordings are are no longer needed.