Best Practices with Google Apps for Education and Sensitive Data
What should not be stored in Google Docs:
- Personal information (e.g., social security numbers, dates of birth, student records, and financial aid data).
- Proprietary information (e.g., College financial data and donor information).
- Regulated information, the disclosure of which is subject to regulatory compliance (including FERPA and GLBA).
- Tenure related files
- Contract related files
However, files of the above nature can be stored in your department network file share. If you are not sure if you have a department network file share, lack the proper permissions, or would like to have one set up for you, CASIT can help you. Simply email firstname.lastname@example.org and we will take care of the rest.
Click the following link for more information on Oregon University System’s Faculty Records Policy.
Note: This policy will remain intact until notice from the newly appointed UO Board of Trustees.
Google Apps Security Guidelines for CAS Faculty and Staff
While Google Apps for Education @ CAS is appropriate for most communication and collaboration, the sensitivity and nature of the information and any applicable privacy and security policies, laws, regulations or other restrictions must be carefully considered before you choose to store information in Google Apps for Education. If you have any questions about whether Google Apps for Education @ CAS is an appropriate tool for your collaboration or storage needs, contact CASIT.
Whenever technically feasible, sensitive information should be stored on network file space in restricted directories, not on an office computer or a removable storage device (e.g., USB key, CD, or DVD). If a computer must be used to store sensitive information, it must be in a secure location, and each individual authorized to use the computer should have a unique username with a strong password. Sensitive information should not be stored on a laptop unless absolutely necessary. It should also not be stored in the Cloud using Google Apps for Education, Dropbox, or any other service.
Does Gmail and Google Apps for Education meet FERPA guidelines?
Google is contractually and legally responsible to protect information. Google will not share e-mail contents or personal information to outside parties while under contract with the University.
For more information on FERPA guidelines, please see this page.