Standard for Zoom AI Companion

I. Purpose

The purpose of this standard is to establish requirements for faculty, staff, students and other authorized users regarding the use of Zoom AI Companion in order to protect individual and University information resources. Adherence to this standard will help ensure that the University network and information systems are secure and available to all authorized users.

II. Scope

The scope of this standard includes all UNC Charlotte faculty, staff, students and all authorized users who have or are responsible for an account on Zoom. Each user and/or system administrator on the UNC Charlotte network is required to follow this standard.

III. Contacts

Direct any general questions about this standard to your unit’s Information Security Liaison. If you have specific questions, please contact OneIT Information Security Compliance at ISCompliance-group@charlotte.edu.

IV. Standard

What is Zoom AI Companion?

Zoom AI Companion is an AI-based digital assistant that delivers real-time capabilities, functionality, and assistance to help users improve their productivity and their user experience when using Zoom. 

These standards and guidelines provide important information about how to responsibly use enabled features of Zoom AI Companion

Accessibility

Please Review Zoom’s support page on accessibility for more information about the accessibility features of Zoom AI Companion.

Privacy and Security

When using any of the features included with Zoom AI Companion, please be aware of the following restrictions and requirements:

  • Public records
    • Like other UNC Charlotte meeting summaries and/or recordings, those created using AI tools may be considered public records. They are subject to public records requests and discovery during litigation. Handle information generated by Zoom AI Companion pursuant to University Policy 605.8, Public Records Requests.
  • Accuracy and completeness
    • If you enable any of the Zoom AI Companion features, it is your responsibility to review all recordings and summaries generated by Zoom for accuracy and completeness, and to correct any obvious errors or inaccuracies.
  • Data Protection
    • In general, do not record meetings where any sensitive Personal Identifiable Information (PII) or Protected Health Information (PHI) is shared or discussed. This includes social security numbers (SSNs), student education records, dates of birth, medical records, or personal contact information. (See further guidance below.)
    • Follow the Guidelines for Data Handling, and be aware of the data protection level of topics discussed in meetings. Zoom AI Companion features are approved at UNC Charlotte only for meetings where non-sensitive information will be discussed. 
  • Data Handling
    • Do not discuss any Level 2 (Confidential/Sensitive) or Level 3 (Highly Restricted) data when Zoom AI Companion features are being used (smart recording, meeting summaries, etc.).
      • Level 2 (Confidential/Sensitive) data includes but is not limited to:
        • student data that is not designated as directory information
        • passport data
        • personal financial information 
        • certain research data (e.g., proprietary or otherwise protected)
        • personally identifiable information (PII) such as name, birthdate, address, employee or student ID, etc. where the information is held in combination and could lead to identity theft or other misuse. 
      • Regulations and laws that affect data in Level 2 include, but are not limited to, the Family Educational Rights & Privacy Act (FERPA), the State Human Resources Act (SHRA), and the Gramm-Leach-Bliley Act (GLBA); 
      • Level 3 (Highly Restricted) data includes, but is not limited to:
        • Social Security Numbers 
        • payment card numbers
        • medical records
        • restricted information protected by nondisclosure agreements
        • restricted research data. 
      • Regulations and laws that affect Level 3 data include, but are not limited to, the Health Insurance Portability and Accountability Act (HIPAA) and the Payment Card Industry Data Security Standard (PCI DSS).
    • Take care when discussing candid or sensitive matters e.g., privileged legal matters, sensitive employee, or supplier related discussion, etc. when Zoom AI Companion features are enabled. If it becomes necessary to discuss sensitive matters, the meeting host must:
      • Stop the Meeting Summary tool by selecting ‘Stop Summary’ on the Zoom toolbar, or
      • Stop the Smart Recording tool by selecting ‘Stop Recording’ on the Zoom toolbar.
    • If Level 2 (Confidential/Sensitive) or Level 3 (Highly Restricted) information is inadvertently shared before the AI Summary or recording is stopped by the meeting host, the host should redact this information from the meeting summary and/or recording prior to distribution.
    • Familiarize yourself with University Policy 311, Information Security, and the related OneIT Standards and Guidelines (including especially the Guideline for Data Handling) as well as the FAQs for Classroom Recordings & FERPA.
    • Review Zoom’s support article on how Zoom AI Companion features handle your data.
  • Research integrity
    • If the Zoom AI Companion will be used in any Human Subjects Research (HSR) project, the HSR project must have an approved  IRB protocol and the protocol will/may need to include use of the Companion. If you have any questions about HSR requirements, please contact the Office of Research Protections and Integrity (ORPI).

Best Practices

  • Consider the nature of your meeting
    • When deciding whether to use any of the Zoom AI Companion features, remember that any recordings or summaries generated using these tools may be subject to the North Carolina Public Records Act or discoverable in the event of any dispute or litigation to which UNC Charlotte is a party. 
    • Use caution in deciding whether to use the Zoom AI Companion features (i.e. Smart Recording, Meeting Summary, or In-Meeting Questions) in meetings where particularly sensitive, privileged, or confidential data or information may be discussed. 
    • Do not use the Zoom AI Companion in any clinical, telemedicine, or healthcare settings (e.g., during any patient encounters).
  • Consider the audience
    • Be cognizant of the audience with which meeting summaries and smart recordings will be shared.
    • Be aware of and use the Zoom AI accessibility features when appropriate.
  • Preview and Proofread
    • Proofread Zoom AI Companion generated meeting summaries, highlights, smart chapters, next steps, etc. for accuracy and proper content and edit accordingly before sharing with others, especially when information is sensitive.
  • Respect
    • At the beginning of any meeting where the use of Zoom AI Companion is intended by the host, the host should verbally notify attendees and allow for objections. There may be situations in which a mandatory attendee elects to opt out. In such cases, the host should not use the Zoom AI Companion features.
    • The Zoom Meeting Summary can be enabled/disabled by the meeting Host, Alternate Host or Co-Host at any time.
    • An attendee’s request to opt out of the use of Zoom AI Companion may not be used as a basis to exclude the attendee from that or other meetings, discipline the attendee, or otherwise treat the attendee differently than those who consent to the recording (e.g., by excluding the attendee from future meetings, or challenging the attendee’s opinion). 
    • Be aware of both faculty and student copyright rights in materials that may be recorded or shared using Zoom AI Companion.
  • AI Bots, including Otter.ai and Read.ai
    • UNC Charlotte cautions against using third-party AI bots such as Otter.ai or Read.ai due to privacy and data security issues. Meeting hosts can expel unwanted bots from meetings by placing them in a waiting room or removing them from the meeting. 
    • When conducting a meeting or webinar where the host has control of attendees, hosts should not allow third-party AI bots to attend meetings; a best practice is to permit only attendees with charlotte.edu or uncc.edu email addresses for any internal UNC Charlotte meetings or webinars.
    • Meeting or webinar hosts who would like to prohibit the use of third-party AI bots such as Otter.ai or Read.ai by attendees should make an announcement at the beginning of the meeting or webinar instructing the attendees not to use such bots.

Data Security and Privacy

These standards and guidelines include important considerations and disclaimers related to Zoom AI Companion data security and privacy.

The use of Zoom AI Companion is governed by UNC Charlotte information security standards and guidelines, including the Standard for Responsible Use, which establishes the University’s standards for acceptable use of information resources and assets.

Zoom Disclaimer on Data Usage: 

Zoom does not use any customer audio, video, chat, screen sharing, attachments or other communications-like content (such as poll results, whiteboard and reactions) to train Zoom’s or its third-party AI models.

We evaluate and update our models periodically and those used to support Zoom AI Companion may change from time to time. For features in AI Companion that use third-party AI model providers, we will share relevant data with those third-parties when you use the feature. Data may be processed within U.S. based data centers.

Learn more about how Zoom uses data to provide Zoom AI Companion features, or view the Zoom AI Companion Security and Privacy Whitepaper.

Related Resources

Revision History

Initially approved by the AI Steering Committee 06/17/2024
Updated 06/19/2024