From: Tom Siu (CISO) and Peter Poulos (University Counsel)
There exist several general concepts regarding the interpretation of the privacy standards of our CWRU Google Apps for Education written agreement with Google. This posting is the result of a consultation with Peter Poulos and Tom Siu with contributions from FSCICT. It is presented in a FAQ format.
Q1: What is the overall stance on privacy and email for the University?
A: The university addresses privacy in the IT realm under the Acceptable Use of Information Technology Resources (the AUP for short). The AUP drives three high-level directives with respect to privacy:
Note that the terms are very employee friendly compared to the corporate world where auditing email is common.
Q2: What does the Google Apps Agreement say with regard to privacy of information?
A: The Agreement, as a contract, states in essence, that CWRU will not disclose any intellectual property of Google, and Google will not disclose any intellectual property of CWRU. This means that Google takes reasonable steps to ensure the confidentiality of any information contained in, or associated with, email communications. This also means that Google is not searching for juicy tidbits of our user email, or spam, or mailing lists, etc. Similarly, CWRU will not disclose any of features, limitations, or flaws we find in the Google Apps for Education product other than directly to Google. Note there are public forums for these issues, and that is the optimal means to communicate with Google. In two recent phishing incidents affecting CWRU users, it should be noted that Google was able to provide support for the general Google (a Google user created a phishing form) resources, but they would not provide information from a Google Apps customer, where a different phishing form was found.
Q3: If I delete data from Google Apps email, is it really gone?
A: The answer is yes, after 30 days post deletion. In the Google Apps webmail interface, a user deletes a message by placing it in the Trash folder. The Trash folder is automatically purged every 30 days. The user may also initiate an on-demand "empty" of the Trash folder. New practices are being published regarding when to save or delete email messages, in accordance with the Email Retention Policy of Feb 15, 2012. Also, university records retention policies that specify how long documents are to be kept and their destruction dates carry over to email.
Q4. Can I use my CWRU email account for personal email?
A. Yes, the AUP and the FAQ for the AUP define limitations to personal use of CWRU email. It is understood that in an academic environment, professional and personal interests overlap. A sound approach to avoid violation of the AUP is to use a separate email account for private email. It should be noted, however, a free personal email account at Google, Yahoo, Hotmail, and other services is subject to the privacy questions that cannot be addressed by the University. It is our opinion that you have greater privacy protections in the CWRU Google Applications email services than you would have in free email services.
Q5. Can I forward my CWRU email to another email account that I have so I can read all my email in one place?
A. Yes, but there are better approaches to achieving this effect. We recommend that you keep CWRU email within the Google Apps system which provides a high level of privacy and security that could protect intellectual property (Q2). You can configure your email client, including Google browser interface, to check email from multiple email accounts.
Meetings and News >