We know that staff will use it because it's widely promoted, they may be using it with family and friends.  If they run into technical issues they may find their own workarounds and I think that poses a different set of security risks.  My own view is that a broader DPIA is required that focusses more broadly on the risks of using online collaboration tools, such as Zoom i.e. those that aren't current organisational tools.  The greater risk is that people find an alternative that hasn't been checked.    



A series of 'how to...' guides for staff about how to use such apps safely and securely should be developed.  It's crucial for these to be written in plain language and focus on the broad security issues as well as how, when and where to use them safely and securely.  Perhaps it's a more positive approach?



Alison





Alison Parker

Information Governance Manager 







-----Original Message-----

From: This list is for those interested in Data Protection issues <[log in to unmask]> On Behalf Of Jon Baines

Sent: 08 April 2020 10:44

To: [log in to unmask]

Subject: Re: [data-protection] ZOOM DPIA [UNC]



That’s not the only thing which isn’t addressed...



Sent from my iPhone



> On 8 Apr 2020, at 09:58, Ciaran Ward <[log in to unmask]> wrote:

> 

> True.  They don't adequately address Zoom's lack of end to end encryption, which is one of its fundamental security flaws.  But as society becomes increasingly reliant on such technology, the tech giants will no doubt come under added pressure to remedy these faults.

> 

> 

> Ciaran Ward

> Information Governance Officer & Data Protection Officer Strategy and 

> Communications Guildford Borough Council

> 

> Twitter | Facebook |  Instagram

> 

> 

> -----Original Message-----

> From: This list is for those interested in Data Protection issues 

> <[log in to unmask]> On Behalf Of Jon Baines

> Sent: 08 April 2020 09:41

> To: [log in to unmask]

> Subject: Re: [data-protection] ZOOM DPIA

> 

> And now, having looked at it, I would say it is quite inadequate! 

> 

> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

>     All archives of messages are stored permanently and are

>      available to the world wide web community at large at

>      http://www.jiscmail.ac.uk/lists/data-protection.html

>     If you wish to leave this list please send the command

>       leave data-protection to [log in to unmask] All user 

> commands can be found at 

> https://www.jiscmail.ac.uk/help/subscribers/subscribercommands.html

> Any queries about sending or receiving messages please send to the list owner

>              [log in to unmask]

>  Full help Desk - please email [log in to unmask] describing your needs

>        To receive these emails in HTML format send the command:

>         SET data-protection HTML to [log in to unmask]

>   (all commands go to [log in to unmask] not the list please)

>    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

> 

> 

> Guildford Borough Council has arrangements for handling sensitive emails. For more information on how you may be affected please go to www.guildford.gov.uk/SecureEmail. If you have received this message in error, please (a) notify the sender immediately, (b) destroy this email and any attachments, and (c) do not use, copy, and/or disclose this email or any attachments to any person. 

> 

> Guildford Borough Council regularly updates virus software to ensure as far as possible that its networks are free of viruses. However, you will need to check this message and any attachments for viruses as Guildford Borough Council can take no responsibility for any computer virus that might be transferred by this email. 

> 

> The contents of this email may not reflect Guildford Borough Council policy. We store and monitor all emails and attachments sent and received by Guildford Borough Council employees in our Cryoserver system for up to 2 years to prevent misuse of the Council's networks.

> 

> 

> This message has been scanned for malware by Forcepoint. 

> www.forcepoint.com

> 

> 

> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

>     All archives of messages are stored permanently and are

>      available to the world wide web community at large at

>      http://www.jiscmail.ac.uk/lists/data-protection.html

>     If you wish to leave this list please send the command

>       leave data-protection to [log in to unmask] All user 

> commands can be found at 

> https://www.jiscmail.ac.uk/help/subscribers/subscribercommands.html

> Any queries about sending or receiving messages please send to the list owner

>              [log in to unmask]

>  Full help Desk - please email [log in to unmask] describing your needs

>        To receive these emails in HTML format send the command:

>         SET data-protection HTML to [log in to unmask]

>   (all commands go to [log in to unmask] not the list please)

>    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^



^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

     All archives of messages are stored permanently and are

      available to the world wide web community at large at

      http://www.jiscmail.ac.uk/lists/data-protection.html

     If you wish to leave this list please send the command

       leave data-protection to [log in to unmask] All user commands can be found at https://www.jiscmail.ac.uk/help/subscribers/subscribercommands.html

 Any queries about sending or receiving messages please send to the list owner

              [log in to unmask]

  Full help Desk - please email [log in to unmask] describing your needs

        To receive these emails in HTML format send the command:

         SET data-protection HTML to [log in to unmask]

   (all commands go to [log in to unmask] not the list please)

    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^



-- 

Public Services Ombudsman for Wales/Ombwdsmon Gwasanaethau Cyhoeddus Cymru

1 Ffordd yr Hen Gae

Pencoed

Bridgend/Pen-y-Bont ar Ogwr

CF35 5LJ



www.ombudsman-wales.org.uk 

www.ombwdsmon-cymru.org.uk 



Twitter: @OmbudsmanWales



All calls are recorded for training and reference purposes  / Bydd pob galwad yn cael ei recordio ar gyfer dibenion hyfforddi a chyfeirio



This email is subject to the conditions on Confidentiality, Content and Viruses set out on the Ombudsman's website. 

Mae'r e-bost hwn yn rhwym wrth yr amodau Cyfrinachedd, Cynnwys a Firysau a nodir ar wefan yr Ombwdsmon. 



Please consider the environment - do you really need to print this email? 

Ystyriwch yr amgylchedd – a oes wir angen i chi argraffu'r neges e-bost hon?



^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

     All archives of messages are stored permanently and are

      available to the world wide web community at large at

      http://www.jiscmail.ac.uk/lists/data-protection.html

     If you wish to leave this list please send the command

       leave data-protection to [log in to unmask]

All user commands can be found at https://www.jiscmail.ac.uk/help/subscribers/subscribercommands.html

 Any queries about sending or receiving messages please send to the list owner

              [log in to unmask]

  Full help Desk - please email [log in to unmask] describing your needs

        To receive these emails in HTML format send the command:

         SET data-protection HTML to [log in to unmask]

   (all commands go to [log in to unmask] not the list please)

    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^