Sunet’s Zoom service uses SWAMID to identify users. SWAMID is a separate login service that works in a way similar to BankID. This means that passwords are not stored in the Zoom service. The cases of hacked Zoom passwords that are discussed in the media do therefore not affect Sunet’s Zoom users.
The problems discussed in the media relating to access to personal data via Zoom do not apply to users of Sunet’s Zoom service. Because Sunet’s Zoom installation is operated in-house, data from HEIs’ Zoom meetings are not sent on to servers in the USA, but instead stored on Nordunet’s servers in the Nordic countries.
A personal data assistant agreement exists between every HEI and Sunet, describing how Sunet manages all personal data. Sunet in turn has a service agreement and a subsidiary data assistant agreement with Nordunet, which delivers the service to Sunet.
‘Zoom bombing’ is when an uninvited person enters and disrupts a Zoom meeting. There are several ways of preventing this – one simple way is to set up a password for the meeting. Each organisation using Zoom will have to review their own recommendations for how meetings should be implemented.