Skip to main content

Nixon Peabody LLP

  • People
  • Capabilities
  • Insights
  • About
Trending Topics
    • People
    • Capabilities
    • Insights
    • About
    • Locations
    • Events
    • Careers
    • Alumni
    Practices

    View All

    • Affordable Housing
    • Community Development Finance
    • Corporate & Finance
    • Cybersecurity & Privacy
    • Entertainment & Media
    • Environmental
    • Franchising & Distribution
    • Government Investigations & White Collar Defense
    • Healthcare
    • Intellectual Property
    • International Services
    • Labor, Employment, and Benefits
    • Litigation
    • Private Wealth & Advisory
    • Project Finance
    • Public Finance
    • Real Estate
    • Regulatory & Government Relations
    Industries

    View All

    • Aviation
    • Cannabis
    • Consumer
    • Energy
    • Financial Services
    • Healthcare
    • Higher Education
    • Infrastructure
    • Manufacturing
    • Nonprofit Organizations
    • Real Estate
    • Sports & Stadiums
    • Technology
    Value-Added Services

    View All

    • Alternative Fee Arrangements

      Developing innovative pricing structures and alternative fee agreement models that deliver additional value for our clients.

    • Continuing Education

      Advancing professional knowledge and offering credits for attorneys, staff and other professionals.

    • Crisis Advisory

      Helping clients respond correctly when a crisis occurs.

    • DEI Strategic Services

      Providing our clients with legal, strategic, and practical advice to make transformational changes in their organizations.

    • eDiscovery

      Leveraging law and technology to deliver sound solutions.

    • Environmental, Social, and Governance (ESG)

      We help clients create positive return on investments in people, products, and the planet.

    • Global Services

      Delivering seamless service through partnerships across the globe.

    • Innovation

      Leveraging leading-edge technology to guide change and create seamless, collaborative experiences for clients and attorneys.

    • IPED

      Industry-leading conferences focused on affordable housing, tax credits, and more.

    • Legal Project Management

      Providing actionable information to support strategic decision-making.

    • Legally Green

      Teaming with clients to advance sustainable projects, mitigate the effects of climate change, and protect our planet.

    • Nixon Peabody Trust Company

      Offering a range of investment management and fiduciary services.

    • NP Capital Connector

      Bringing together companies and investors for tomorrow’s new deals.

    • NP Second Opinion

      Offering fresh insights on cases that are delayed, over budget, or off-target from the desired resolution.

    • NP Trial

      Courtroom-ready lawyers who can resolve disputes early on clients’ terms or prevail at trial before a judge or jury.

    • Social Impact

      Creating positive impact in our communities through increasing equity, access, and opportunity.

    • Women in Dealmaking

      We provide strategic counsel on complex corporate transactions and unite dynamic women in the dealmaking arena.

    1. Home
    2. Insights
    3. Articles
    4. Federal Trade Commission settles data security complaint against Zoom

      Articles

    Article

    Federal Trade Commission settles data security complaint against Zoom

    Nov 17, 2020

    LinkedInX (Twitter)EmailCopy URL
    The FTC announced last week that it had settled claims with Zoom Video Communications, Inc. relating to a variety of allegedly false and misleading representations made by Zoom about the security features of Zoom videoconferencing platform.

    The Federal Trade Commission (FTC) announced last week that it had settled claims with Zoom Video Communications, Inc. (Zoom) relating to a variety of allegedly false and misleading representations made by Zoom about the security features of Zoom’s videoconferencing platform. The case is of interest because of the platform’s widespread use for corporate and personal videoconferencing, which has exploded during the COVID-19 pandemic. The FTC’s complaint, for example, noted that Zoom videoconferencing had increased from 10 million per day to 300 million per day during the pandemic.

    Among other things, the FTC alleged that Zoom had failed to:

    • Test its systems for security vulnerabilities prior to releasing software updates
    • Secure remote access to its networks through multi-factor authentication
    • Properly monitor Zoom’s networks and systems, configure firewalls, and segment its networks
    • Implement a systematic incident response process
    • Implement a systematic process for inventorying, classifying, and deleting user data

    In contrast to these failings, the FTC alleged that Zoom had touted its supposedly robust security protocols. For example, the FTC alleged that Zoom had:

    • Represented in blogs and white papers that its security features included an end-to-end Advanced Encryption Standard 256-bit encryption
    • Led consumers to believe that meeting recordings were encrypted when stored by Zoom

    Despite making these representations, Zoom later acknowledged that it was not using end-to-end encryption, as that term is typically understood. Further, according to the FTC, Zoom was not using 256-bit encryption but was instead using a less secure 128-bit encryption. Finally, the FTC’s complaint asserted that Zoom had taken active measures to avoid the security safeguards imposed on Apple’s Safari application, which exposed users to additional vulnerabilities.

    Last week, the FTC announced that Zoom had settled the FTC’s complaint. Under the settlement agreement, Zoom must avoid any further misrepresentations regarding its platform’s security features and adopt new measures to enhance the security of its systems, including:

    • Implementing an information security program that imposes documented security policies and procedures, assesses system vulnerabilities, requires training of Zoom employees on security procedures, addresses incident response, and requires additional protections, such as encryption and tokenization for data collected by Zoom (The program must be reevaluated annually by Zoom and subject to review by independent third parties.)
    • Reporting to the FTC any incidents involving unauthorized access that would be required to be reported under federal, state, or local law and maintaining records for five years of any security complaints
    • Providing sworn compliance reports to the FTC within one year of the settlement and voluntarily submitting to interviews with the FTC to assess Zoom’s compliance with the agreement

    A full copy of the settlement agreement can be located here: https://www.ftc.gov/system/files/documents/cases/1923167zoomacco2.pdf.

    As data security takes on increasing importance in the marketplace, the FTC’s action against Zoom is a reminder that companies should not only implement prudent data security measures but should also ensure that any descriptions of such protocols in its marketing materials are accurate and not misleading.

    The foregoing has been prepared for the general information of clients and friends of the firm. It is not meant to provide legal advice with respect to any specific matter and should not be acted upon without professional counsel. If you have any questions or require any further information regarding these or other related matters, please contact your regular Nixon Peabody LLP representative. This material may be considered advertising under certain rules of professional conduct.

    Subscribe to stay informed of the latest legal news, alerts, and business trends.Subscribe

    • People
    • Capabilities
    • Insights
    • About
    • Locations
    • Events
    • Careers
    • Alumni
    • Cookie Preferences
    • Privacy Policy
    • Terms of Use
    • Accessibility Statement
    • Statement of Client Rights
    • Purchase Order Terms & Conditions
    • Nixon Peabody International LLC
    • PAL
    © 2025 Nixon Peabody. All rights reserved