If you haven't had Friday knock-off drinks on Zoom yet, are you even doing #iso properly? The video conferencing app is having a moment. On one hand, it has been keeping people connected while working from home and practising social distancing. On the other, it has been raising eyebrows in privacy and security circles.

In California, a user launched a class action against Zoom, claiming the company did not receive consent from users to transfer data to Facebook (including data about the user's device, city, time zone and a unique advertising code (a code used to identify users and devices for targeted advertising)). In New York, the Attorney General issued a letter to the company, requesting information about its privacy and security practices, including categories of data that Zoom collects, entities that Zoom discloses such information to and the purposes of such disclosure.

There has also been a broader expression of concern regarding a myriad of data issues and security vulnerabilities in the app. These include surreptitious access to user video calls (yep, the scary trend that has been labelled 'ZoomBombing'), a data-mining feature that matches and displays a user's LinkedIn profile and sharing of emails and profile pictures of users with others that share an email domain (with the exception of larger domains, such as Gmail, Yahoo, Outlook.com, etc.).

On April 1, the company's CEO and founder Eric S. Yuan acknowledged these issues and stated that the company would put regular development of the platform on hold and instead focus on fixing these security and privacy issues.

This may be the case of a company clawing to keep up with a shift in how and by whom its product is being used in a COVID-19 world, or it could just be what we're learning to expect from many tech platforms' shoddy security practices, only acknowledging the issues once there is a public outcry (speaking of, Facebook is facing more legal action, this time in Australia: the OAIC has commenced proceedings in the Federal Court for alleged privacy breaches of over 300,000 Aussies during the Cambridge Analytica saga).

What we can learn from Zoom, and shoddy security practices in general, is that companies need to continue to find ways to keep up with consumer (and legal) expectations of security, product safety and transparency, including keeping users of their products safe and informed.

We do not disclaim anything about this article. We're quite proud of it really.