Re: 3rd Party Spam Services & Data Confidentiality

[Graham Toal <gtoal () UTPA EDU>]

> My concern is the integrity and confidentiality of 
> institutional data (FERPA related for example) that passes 
> into the hands of these services and what they may do with it 
> or who may have access to it. 
> What if a piece of mail is quarantined for some reason and it 
> does in fact contain sensitive data? Does the institution 
> have liability for the confidentiality of that data now that 
> it is on the vendors server? 

The answer to this is very simple, if you are sending data
by email that you are worried if it gets on someone else's
server, you are already doing the wrong thing.  You do not
send sensitive data by unencrypted email.

The fact that the source and destination of the mail is
within your campus, and that these filtering services
change that routing - and your expectations - by taking it
off campus, is irrelevant.

You don't send sensitive information by unencrypted email
even if it is on campus.

G