Video-Conferencing for Teaching and Learning:
Acceptable Use and Best Practices
General Considerations for the Appropriate Use of Video-Conferencing Tools for Teaching and Learning
Depending on how it is used and what functions are activated, video-conferencing raises different kinds of privacy and data security questions and concerns. Users are advised to be mindful of the many ways that personal information and/or other confidential information may be collected, created or shared within the platform and ensure that this is done in accordance with these guidelines and the Freedom of Information and Protection of Privacy Act of BC (“FIPPA”). For examples of personal information, please see “What is Personal Information?” below.
KPU and its employees have privacy obligations under FIPPA, including but not limited to Canadian data residency. The purpose of these guidelines is to make KPU's use of video-conferencing tools FIPPA compliant.
KPU’s institutional Zoom, Big Blue Button (“BBB”) and MS Teams accounts are hosted in Canada, thereby meeting FIPPA’s data residency requirement. You must not require students to create free Zoom accounts, as free Zoom accounts would not fall within KPU’s educational license, and those accounts will be hosted on servers outside of Canada. Students should log in with a single sign-on and will therefore reside in KPU’s installation.
Zoom, BBB, and MS Teams are secure videoconferencing services that allow participants to meet, collaborate, share screens or conduct group activities from nearly any device. These are provided for teaching and learning purposes and are available at no cost to faculty and students. (In the event that KPU adopts additional, similar platforms in future, these guidelines will apply to those as well.)
- Video and/or audio sessions by computer or phone
- Instant messaging “chats” within sessions
- Screen sharing
- File sharing (i.e. Adobe, Microsoft Office, weblinks, videos)
- Virtual whiteboard
- Break out spaces for small group work
- Internal session invitees log in with single sign-on
- KPU-specific session security measures
- Temporary access for external invitees for sessions (in Zoom - needs to be requested in advance)
- Externals may be added to a specific BBB session via a link sent by the session host (in BBB)
- Guest access from an invitation within the session (in BBB)
- Screen sharing with annotation (in Zoom)
- Internal session invitees log in with Moodle (in BBB)
Choosing a conferencing tool:
- The BigBlueButton platform is integrated with Moodle and allows guests to be invited into the session once it is open. It has the unique functionality of shared note-taking if this is a teaching strategy you like to use with students.
- The Zoom platform is not integrated with Moodle and is set up to allow internal KPU users only unless arrangements are made in advance. It has the unique feature of shared annotation if this is a teaching strategy you like to use with students.
- MS Teams is primarily used for KPU business; students are viewed as guests on this platform. It can be used for office hours or group sessions where the faculty member invites participants to a meeting. It does not have shared note-taking, annotation or break-out rooms at this time.
KPU is prioritizing the data security and privacy of all faculty, staff, and students while configuring KPU’s system-wide settings in each platform, which will be more restrictive to start. As conversations progress and KPU continues adjusting to adopt recommended practices to balance risk mitigation with meeting community needs, changes may occur to the availability of features and functions. Updates will be published on this page as new details are confirmed. The settings from one platform to another are made uniform as much as our platform control allows; variations are noted in brackets where applicable.
- At KPU, your video-conferencing accounts will have different features unlocked or locked, depending on your role. These features are meant to promote the session and data security and enhance the privacy of all video-conferencing sessions being held at the University.
- Default settings that have been implemented across KPU Zoom, Big Blue Button, and MS Teams accounts to reduce privacy and data security risks include the following. (Platform-specific settings or limitations are noted in parentheses).
- Requiring a password to join all sessions (Zoom) and direct secure access from inside the learning management system (BBB), the host may add a password in MS Teams (recommended).
- Waiting room to enable the host to monitor attendees (Zoom only; session host can choose to override this setting)
- Phone number masking (not available in Teams)
- Disabling of file transfers within chats, files should be shared in your course site (not available in Teams)
- Only the host can initiate a recording.
- Screen Share – host or internal participants can share, but the host can remove shared content.
- Disabling of the ability to allow others to take control of someone’s camera during a session
- Participants’ ability to change their names is disabled to ensure you can recognize all participants.
- Break-out rooms can only be initiated by the host (no break-out rooms in Teams)
- Video sharing is optional for participants.
- Chat Auto-Save – this feature is turned off.
- Option for virtual backgrounds to protect the privacy of participants’ environments (not available in BBB)
Zoom Session Host
In addition to the above Default Settings, below are recommended settings that can be applied by the session host when scheduling and conducting a session in Zoom to enhance session and data security and privacy:
- If a Zoom session link is shared publicly, anyone (within or outside of KPU) could potentially enter the session. To protect your session from unauthorized attendees:
- If possible, share your link to the Zoom session in your password-protected course (in Moodle, so it is only accessed by students enrolled in your class)
- If you have to send the Zoom session invite by email, create a passcode for the session that you can share with attendees by separate means and only send email invitations to students via their KPU-issued email accounts.
- If you plan to use Zoom for office hours, all students need an invitation to that recurring session.
- Allow only authenticated users to host.
- Only session hosts can initiate polls.
- Students can organize their own sessions with their KPU account.
BBB Session Host
In addition to the above Default Settings, below are recommended settings that can be applied by the session host when scheduling and conducting a session in BBB to enhance session and data security and privacy:
- Create the Big Blue Button activity in your password-protected course (in Moodle, so it is only accessed by students enrolled in your class)
- · If you have to send the Big Blue Button session invite by email, create a passcode for the session that you can share with attendees by separate means
- Only session hosts can initiate polls.
Other recommended session management features (for any platform):
- Disable join before host
- Use Waiting Room to manage entrance to your session.
- Lock a session when all attendees are present
- Allow only the host to share their screen and/or approve screen sharing requests from attendees.
- Get familiar with how to mute audio and disable video of attendees, how to remove attendees, and other session management options to enhance privacy and session and data security.
- Familiarize yourself with using breakout rooms
The chat conversations created during a session can only be downloaded by the session host. If a host chooses to download a session’s chat transcript, all chat content for that session, including private chat contents, will be included in the transcript. Please note: when a chat transcript from a video-conference session is downloaded, it creates a “record” that is subject to privacy, access and retention provisions of FIPPA. Chat transcripts should be anonymized by the host before sharing by removing personal information and timestamps to share only relevant content for review. This refers to:
- Chats that are public and can be viewed by anyone in the session
- Private chats between two attendees
- Chat transcripts are saved on a user’s local computer by default when downloaded. Once downloaded, chat transcripts must be moved to a KPU-provisioned or approved storage location per the Records Management section below.
- Please note that the host is required to let participants know before saving chat transcripts.
- Users must not provide personal information about third parties (other people) without their consent.
- Ensure that personal information is not provided where unnecessary for the activity or assignment.
Recordings of Video-Conferencing Sessions
KPU has strict obligations under FIPPA relative to the collection, use, access, disclosure, storage, retention and disposal of personal information. When a session is recorded in a video-conferencing platform, it creates a “record” that is subject to the privacy, access to information, and records retention provisions of FIPPA.
While, in general, for reasons noted below, KPU strongly recommends that video-conferencing sessions are not recorded, instructors may record lectures as outlined below.
It is important to be aware that a major concern of recording video-conferencing sessions is the potential that personal information may be discussed or disclosed – even unintentionally. Staff meetings, academic advising sessions, student meetings, job interviews, etc., have not typically been recorded at the University in the past, and unless a specific rationale exists to justify a recording, it would not be appropriate to record such events now. Administrative convenience, or ease of recording meeting minutes or notes, would not be an appropriate rationale to record a video-conferencing session.
Only the host can initiate a recording.
In the event a video-conference session is to be recorded, all participants should be made aware and have the option to turn off the camera during recording.
FIPPA requires that KPU present a Collection Notice to an individual before their personal information is collected. It is not FIPPA compliant to provide this notice after personal information has already been collected. Please see “FIPPA Collection Notice” below for more information.
When sessions are recorded:
Zoom recordings are saved in the platform’s Cloud space. Recordings in the Zoom Cloud are accessible for 90 days. To make Zoom recordings available for authorized access and to allow KPU to meet its FIPPA obligations, they must be downloaded to a KPU-provisioned or approved storage location only (i.e. KPU Onedrive or Kaltura).
Big Blue Button recordings are saved on the Canadian vendor server and linked in the Moodle course where the BBB activity is created.
Please note: in order to meet FIPPA obligations, local recordings are not enabled.
Links to recordings should only be posted in the password-protected course space (Moodle).
Instructors can find more detailed information about recording video-conferencing sessions in this FAQ
FIPPA Collection Notice
As noted above, FIPPA requires that KPU present a Collection Notice to an individual before their personal information is collected (i.e. recorded). It is not FIPPA compliant to provide this notice after personal information has already been collected.
The following Collection Notice must be provided before the recording begins, either posted along with the session link in Moodle or included in the email invitation to the session, as applicable:
The video-conferencing sessions for this course may be recorded. As a result, Kwantlen Polytechnic University (“KPU”) may collect your name, email address, image, voice, and any information shared during the session. This information is collected under the authority of the University Act and s. 26(c) of the Freedom of Information and Protection of Privacy Act of BC (“FIPPA”). The recording of this session and any information shared within it will be used for the purposes of teaching and learning or for assessment and grading at KPU. The personal information may be disclosed for the teaching and learning purposes for which it was obtained or compiled (i.e. to make lectures available for review, to promote individual or group learning), in accordance with FIPPA. When participating in a video-conferencing session, do not share personal information about others or personal information about yourself that is not necessary for class participation. Please direct any questions about the collection of personal information to your instructor.
Please note: under FIPPA, personal information may only be used for the purpose for which it was obtained or compiled or for a use consistent with that purpose (as set out in FIPPA). Secondary uses of personal information (including recordings) are not permitted without the written consent of individuals whose personal information it is.
Communicating with Students/Session Attendees
It is recommended that the guidelines below are added to your syllabus/course presentation and that instructors review these expectations with students in their initial sessions:
- If possible, use a headset or directional mic to limit the amount of ambient noise that can be heard by others in the session and to protect the privacy of your personal environment.
- Set the virtual background feature to protect the privacy of your surroundings (Zoom)
- Do not take screenshots, photos, or any other recordings of the sessions.
- Do not post information about or from sessions to social media.
- Participation in video-conferencing sessions is encouraged, where applicable, but please be sure you are comfortable sharing the personal information you share about yourself during these sessions.
- Do not share personal information about others.
University records are potentially created through the use of any video-conferencing platform. All records, including recordings and transcriptions, are subject to FIPPA and KPU's records management policies and procedures (as amended from time to time). Please bear in mind that KPU’s FIPPA obligations include access to information requests and the protection of privacy of records in KPU’s custody or control. To allow KPU to meet its FIPPA obligations, records must be saved or downloaded to KPU-provisioned or approved storage locations only. Under FIPPA, records containing personal information must be retained for a minimum of one year if they are used to make decisions that directly affect individuals. Do not share records outside KPU unless authorized to do so.
What is Personal Information?
For your reference, examples of personal information are listed below. Please note, this is not an exhaustive list.
- Email address (including KPU email address for students but not including KPU email address of KPU employees)
- “Unique identifiers” such as Banner numbers, SIN, driver’s license etc.
- Date of birth
- Home address
- Phone number
- Video or voice recording
- Employment and/or educational history (including grades)
- Financial information (including credit card number)
- Medical, psychiatric or psychological information
- Sexual orientation and/or gender
- Biometric data
- Racial or ethnic origin
- Course work/user content or participation information
- Reflections, opinions, thoughts, feelings
- Religious or political beliefs or associations
Please note that, as KPU’s use of video-conferencing tools or best practices for their use evolves, these guidelines may be amended from time to time.