Zoom AI to be enabled Nov. 1

Oct 23, 2024

Dear Colleagues:

UC's systemwide contract with Zoom has the necessary contractual obligations to allow use of its AI features. On November 1, 2024, ANR IT will enable the Zoom AI for ANR users.

Zoom AI Usage Guidelines

* P4 data and sensitive P3 data may not be discussed while AI features are enabled. Please see the Data Classification section below for more information.

* The following Zoom AI features may be used for communications up to and including limited P3 data:
      --Meeting Summary
      --Smart Recording for Meetings
      --Thread Summary for Team Chat

* Other Zoom AI features may be used for discussions involving only P1 and P2. These features may not be used for P3 or P4.

* When using Zoom AI in meetings, the meeting host must inform all meeting attendees of its use. If any attendee prefers not to have Zoom AI active during the meeting, they may request its deactivation. In such cases, the AI will be turned off for the remainder of the meeting. Alternatively, individuals who do not wish to participate under these conditions may choose to leave the meeting.

* A user's refusal to participate in a meeting with Zoom AI features enabled should not, by itself, be the subject of an adverse employment action.

* Review and correct transcripts or summaries promptly to ensure accuracy. Keep in mind that these records may need to be kept for legal or UC policy reasons.

Data Classification Guidelines

UC Institutional Information and IT Resources are classified into one of four Protection Levels based on the level of concern related to confidentiality and integrity. The table below provides some examples of data at each protection level. For additional examples of data classifications, please see https://security.ucop.edu/files/documents/uc-protection-level-classification-guide.pdf.

Protection Level Risk Level Examples
P4 High
  • Social Security numbers (SSN)
  • Driver's license, passport or other government ID numbers
  • Financial, accounting and payroll information
  • Protected health information
  • Credit card data
  • Human subject research data with individual identifiers
  • Controlled Unclassified Information
  • Passwords, PINs and passphrases
P3 (Sensitive) High
  • Privileged communications, including discussions about ongoing investigations or legal risk
  • Gender-affirming care, including internal policies and procedures
  • Abortion services, including internal policies and procedures.
P3 Moderate
  • IT security-related information
  • Individually identifiable human subject research data not containing P4 data elements and that the IRB or Campus Privacy Office have not determined is high risk
  • Staff and academic Personnel Records not containing P4 information
  • Building entry records
P2 Low
  • Public Directory Information
  • Routine emails and calendar information not containing P3 or P4 information
  • De-identified human subject research
  • Research using publicly available data
P1 Minimal
  • Public-facing informational websites
  • Public event calendars
  • Hours of operation
  • Parking regulations
  • Press releases

All records related to UC ANR business, including video, audio, and written, are subject to disclosure under the California Public Records Act and through a subpoena.

Best regards,
Jaki Hsieh Wojan, Deputy CIO and CISO
Bethanie Brown, Interim Executive Director, Human Resources
Robin Sanchez, Director, Policies, Compliance & Programmatic Agreements


By Michael Hsu
Author - Senior Public Information Representative