The coronavirus shutdown was a blessing to Zoom. Their subscriber base went from 10 million in December 2019 to 300 million in April 2020. Then the problems began: negative headlines about privacy and security, "Zoom bombings", bans by governments, companies and schools. In the 15 days from March 26 to April 9, Zoom was sued 17 times with five class actions, and more problems continuing into June.
In a Forbes article published July 14, Jody Westby lists ten actions directors and officers should take to avoid Zoom's mistakes in privacy and security governance:
- Adhere to best practices and standards.
- Establish a culture of respect for privacy and security.
- Assign key roles for privacy and security to senior management.
- Issue a code of conduct to employees, contractors, vendors and business partners.
- Ensure that privacy and security compliance issues are identified and incorporated into operational policies and procedures.
- Require that all systems and code be designed, developed, tested and maintained with privacy and security considered.
- Ensure that software and code undergoes regular reviews and risk assessments.
- Ensure that all privacy policies and public-facing information accurately reflects operational practice.
- Serious privacy and security incidents must be reported to the board and senior management.
- Identify key information flows to keep the board informed; have an oversight process to monitor key risks.