Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Gmail, etc. - Forwarding Email to Personal Accounts!

From: "Parker, Ron" <Ron.Parker () BRAZOSPORT EDU>
Date: Wed, 8 Nov 2006 15:04:18 -0600
I could see some FERPA issues with that. As someone else said, you don't
know who besides the employee is reading the e-mail. If a student sends
an e-mail discussing their grades and the faculty member's spouse reads
the e-mail, I think that technically constitutes a FERPA violation. I
recently attended a seminar where our attorney discussed FERPA issues
with us and I was amazed at the myriad ways we can foul up without even
trying. In one example case, a retired faculty member was given a list
of students that he had formerly taught that included some FERPA
protected data items. The faculty member and the institution were sued
by one of the people on the list because the retired faculty member had
no right to the information under FERPA even though he had full access
to it in the past. 
 
As far as getting cooperation, doesn't the threat of the institution
having to spend hundreds of thousands or millions of dollars defending
against FERPA lawsuits get anyone's attention? I don't know how big of
an issue this is in reality but there are plenty of examples of
institutions getting sued. I'd enjoy hearing from anyone with actual
experience on the wrong end of one of these situations.
 
--
Ron Parker, Director of Information Technology, Brazosport College

 


________________________________

        From: Sadler, Connie [mailto:Connie_Sadler () BROWN EDU] 
        Sent: Wednesday, November 08, 2006 2:03 PM
        To: SECURITY () LISTSERV EDUCAUSE EDU
        Subject: [SECURITY] Gmail, etc. - Forwarding Email to Personal
Accounts!
        
        


        Hi, all... we have more and more people (faculty and staff as
well as students) who want to forward their work-related messages, as
well as their personal messages, to one central email account, usually
gmail. Obviously, I am concerned about having potentially sensitive
university email content sitting on a gmail server. What are you folks
doing to manage these sorts of requests? Are you preventing staff or
faculty from doing this? If so, how has that worked? We are rapidly
moving toward expectations people have of having all of their messaging
funneled to one place, and while this is certainly convenient, I'm quite
concerned about how we can ensure a reasonable level of security.

        Thanks - 

        Connie J. Sadler, CM, CISSP, CISM, GIAC GSLC 
        IT Security Officer
        Brown University Box 1885, Providence, RI 02912
        Connie_Sadler () Brown edu <mailto:Connie_Sadler () Brown edu> 
        Office: 401-863-7266
        PGP Key:
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x91E38EFB
<http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x91E38EFB> 
        PGP Fingerprint: DA5F ED84 06D7 1635 4BC7 560D 9A07 80BA 91E3
8EFB
Previous By Date Next
Previous By Thread Next

Current thread: