Zoom Communications Inc. has promised to boost its privacy procedures as part of a settlement agreement its Cooley counsel reached with the Federal Trade Commission, according to an announcement Monday. The agreement, signed by Travis LeBlanc, Cooley’s vice chair of its cyber, data and privacy practice, resolves allegations that the videoconferencing technology company misrepresented its security features, including claims that the platform implemented end-to-end encryption when it did not. Zoom has agreed to create an annual report on potential internal and external security risks and procedures for thwarting them, deploy a vulnerability management program and develop safeguards such as multifactor authentication.
The settlement also requires Zoom to complete biennial audits of its security program from an independent third party and report any data breaches to the FTC. “During the pandemic, practically everyone—families, schools, social groups, businesses—is using videoconferencing to communicate, making the security of these platforms more critical than ever,” said Andrew Smith, director of the FTC’s Bureau of Consumer Protection, in a statement. “Zoom’s security practices didn’t line up with its promises, and this action will help to make sure that Zoom meetings and data about Zoom users are protected.”