Re: 3rd Party Spam Services & Data Confidentiality

[Chad McDonald <chad.mcdonald () GCSU EDU>]

DITTO to Graham's statement.  You should quickly work with your leadership
to find a secure alternative to emailing this type of data.


On 6/7/06 10:51 AM, "Graham Toal" <gtoal () UTPA EDU> wrote:

> > My concern is the integrity and confidentiality of
> > institutional data (FERPA related for example) that passes
> > into the hands of these services and what they may do with it
> > or who may have access to it.
> > What if a piece of mail is quarantined for some reason and it
> > does in fact contain sensitive data? Does the institution
> > have liability for the confidentiality of that data now that
> > it is on the vendors server?
>
> The answer to this is very simple, if you are sending data
> by email that you are worried if it gets on someone else's
> server, you are already doing the wrong thing.  You do not
> send sensitive data by unencrypted email.
>
> The fact that the source and destination of the mail is
> within your campus, and that these filtering services
> change that routing - and your expectations - by taking it
> off campus, is irrelevant.
>
> You don't send sensitive information by unencrypted email
> even if it is on campus.
>
> G

Chad McDonald, CISSP
Chief Information Security Officer
Georgia College & State University
Phone   478.445.4473
Cell       478.454.8250
Fax       478.445.1202
Email   chad.mcdonald () gcsu edu