Re: Google announces privacy changes, no opt out for users

["O'Callaghan, Daniel" <Daniel.OCallaghan () SINCLAIR EDU>]

As I understand it (IANAL), what is collected/covered is determined by domain. If the account is an enterprise/hosted 
domain covered by contract, contract takes precedence; if the account is a 'public' Google account, the new policy 
applies. Our student mail (@my.sinclair.edu) and any apps we contract with Google for use by these domain accounts are 
covered by the privacy provisions of our contract with Google, not the new public policy.  
<Rant>
Of course, the reality is that most of our students and staff also have personal Google accounts not covered by our 
contract, so while Google might not be collecting personal info from @my.sinclair.edu accounts (and the cynical me 
wonders how we would know, if they would really admit if they were, and if push came to shove--could they prove where 
they got the info), they likely get the same or similar info from Google Search, Toolbar, Gmail, Google+, YouTube, 
Android, Maps, Navigation, Earth, Docs, Picasa...

Google is just one of the companies doing this. Look at the policies of all the 'free' service providers. Facebook, 
Linked-in, Yahoo, MS all make money using CRM and similar. Ever read the terms of use on 'free' smartphone apps? 
Do you ever wonder what the contract says that most law-enforcement and state/federal agencies have with Lexis-Nexis to 
warehouse the data they collect on citizens?
IMO, privacy as we traditionally think of it no longer exists, and what little is left is rapidly eroding. If you've 
never seen it, watch the YouTube of Steve Rambam's "Privacy is Dead - Get Over It" presentation.  It's a little dated, 
but still valid.     

Of course, this doesn't mean we abdicate responsibility for protecting the privacy of the data we do have control over, 
but Pandora's Box is already open, and I think we are just beginning to deal with the repercussions.
</Rant>

-Dan

_________________________
Dan O'Callaghan
CISO, Sinclair Community College
937.512.2452


   

-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Bradley, 
Stephen W. Mr.
Sent: Thursday, January 26, 2012 3:15 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Google announces privacy changes, no opt out for users

But Dan, would it affect the individual students at an edu using say Miami or Sinclair mail?  They sign up outside the 
university and wouldn't necessarily be covered unless specifically called out in the contract.  


I love a good cloud.

thx

steve

-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () listserv educause edu] On Behalf Of 
O'Callaghan, Daniel
Sent: Thursday, January 26, 2012 1:33 PM
To: SECURITY () listserv educause edu
Subject: Re: [SECURITY] Google announces privacy changes, no opt out for users

Per this article, contractual agreements are not affected by the updated policy.

"Google's enterprise branch quickly clarified, though, that the new policy does not apply to enterprise systems such as 
Google Apps for Government, Business or Education, which are defined by individual customer contracts."
http://techinsider.nextgov.com/2012/01/former_e-gov_director_calls_new_google_privacy_policy_dangerous.php


___________________________________
 Daniel V. O'Callaghan, Jr., MBA, CISSP, GCFA  Chief Information Security Officer  Sinclair Community College
 444 W Third St, 13-000F
 Dayton, OH 45402
 937.512.2452


-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Jesse 
Thompson
Sent: Thursday, January 26, 2012 12:57 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Google announces privacy changes, no opt out for users

I don't see any indication that the changes to the generic policy are trumped by the edu-apps policy.  But, I'm no 
lawyer.

http://www.google.com/apps/intl/en/edu/privacy.html

Jesse

On 1/26/12 11:08 AM, Joel Rosenblatt wrote:
> I asked the question also and was told (not by google) that this only 
> applies to their consumer apps, not core Google Apps for Edu
>
> Have you contacted google to confirm this?
>
> Joel
>
> --On Wednesday, January 25, 2012 12:56 PM -0500 Morrow Long 
> <morrow.long () YALE EDU> wrote:
>
> > Read it & trying to determine what this means for Yale.
> >
> > We outsource many of our studen
> >
> > Sent from my iPhonet email accts to Google now (though our branded 
> > gmail does not have Google targeted ads shown alongside the messages).
> >
> > Morrow
> >
> > On Jan 25, 2012, at 10:44 AM, Nicole Kegler <nk278 () georgetown edu> wrote:
> >
> > > Has anyone read this article about the privacy changes being 
> > > implemented by Google starting March 1? What are your thoughts?
> > >
> > > http://www.washingtonpost.com/business/economy/google-tracks-consume
> > > rs-across-products-users-cant-opt-out/2012/01/24/gIQArgJHOQ_story.ht
> > > ml?hpid=z3
> > >
> > >
> > > --
> > > Nicole Kegler
> > > Communications Manager
> > > University Information Security Office Georgetown University
> > > 202-687-5784
> > >
> > > Protecting data is a shared responsibility!
> > >
> > > INSTALL antivirus and antispyware software.
> > > USE strong passwords.
> > > KNOW who you are dealing with online.
> > > STORE confidential and sensitive data on encrypted devices only.
> > > SHUT DOWN computers or disconnect from the Internet when it's not in 
> > > use.
>
>
>
> Joel Rosenblatt, Manager Network & Computer Security Columbia 
> Information Security Office (CISO) Columbia University, 612 W 115th 
> Street, NY, NY 10025 / 212 854 3033 http://www.columbia.edu/~joel 
> Public PGP key
> http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x90BD740BCC7326C3