Educause Security Discussion mailing list archives
Re: 3rd Party Spam Services & Data Confidentiality
From: Chad McDonald <chad.mcdonald () GCSU EDU>
Date: Wed, 7 Jun 2006 11:01:47 -0400
DITTO to Graham's statement. You should quickly work with your leadership to find a secure alternative to emailing this type of data. On 6/7/06 10:51 AM, "Graham Toal" <gtoal () UTPA EDU> wrote:
My concern is the integrity and confidentiality of institutional data (FERPA related for example) that passes into the hands of these services and what they may do with it or who may have access to it. What if a piece of mail is quarantined for some reason and it does in fact contain sensitive data? Does the institution have liability for the confidentiality of that data now that it is on the vendors server?The answer to this is very simple, if you are sending data by email that you are worried if it gets on someone else's server, you are already doing the wrong thing. You do not send sensitive data by unencrypted email. The fact that the source and destination of the mail is within your campus, and that these filtering services change that routing - and your expectations - by taking it off campus, is irrelevant. You don't send sensitive information by unencrypted email even if it is on campus. G
Chad McDonald, CISSP Chief Information Security Officer Georgia College & State University Phone 478.445.4473 Cell 478.454.8250 Fax 478.445.1202 Email chad.mcdonald () gcsu edu
Current thread:
- 3rd Party Spam Services & Data Confidentiality Doug Sandford (Jun 07)
- <Possible follow-ups>
- Re: 3rd Party Spam Services & Data Confidentiality Graham Toal (Jun 07)
- Re: 3rd Party Spam Services & Data Confidentiality Chad McDonald (Jun 07)
- Re: 3rd Party Spam Services & Data Confidentiality Mark S. Bruhn (Jun 07)
- Re: 3rd Party Spam Services & Data Confidentiality Pace, Guy (Jun 07)
- Re: 3rd Party Spam Services & Data Confidentiality Graham Toal (Jun 07)