Zoom and your privacy

The security of University information is of the utmost importance to Northwestern IT and is closely managed. Software that is purchased and systems contracted to use externally undergo a two-part review process:

• A comprehensive assessment related to the company and its IT controls, which includes data handling
• An Information Security Addendum that addresses: 
  • Network, application, and data security
  • Minimum standards on data depersonalization
  • Storage and transmission restrictions
  • The requirement that any stored data be encrypted
  • The requirement that the data exchanged shall be used for the sole purposes set out and not distributed, repurposed, shared, or used for other purposes
  • End of agreement handling of data: destruction of Northwestern data within 30 days of the termination of the contract
  • Breach notification
  • Other technical control and technical aspects of data controls

The parties in the review process and contracting process include staff in the Northwestern Information Technology information security and contracts offices and the Office of General Counsel.