Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Gmail, etc. - Forwarding Email to Personal Accounts!

From: Theresa M Rowe <rowe () OAKLAND EDU>
Date: Thu, 9 Nov 2006 08:46:28 -0500
We are waiting for a legal opinion here.  Right now, we have a mandate to do no archive and no backup - not even a 
single backup for disaster recovery.  So there is nothing to recover if asked, and it appears that is the way our 
attorneys like it.
Terrie

---- Original message ----

Date: Wed, 8 Nov 2006 15:21:47 -0800
From: David Lundy <dlundy () PACIFIC EDU>
Subject: Re: [SECURITY] Gmail, etc. - Forwarding Email to Personal Accounts!
To: SECURITY () LISTSERV EDUCAUSE EDU

All:
    I not seen anyone else mention it, but the elephant in the room
for us is E-Discovery.  If faculty and staff are allowed to forward
email to a non-university personal account, they will no doubt use that
account for sending official email.  In addition replies to emails sent
from that account could return directly to that account.  We would have
no means of archiving that email which could be a serious and possibly
costly problem if we are sued.  We are looking at archiving
possibilities which would have the requisite search tools, possibly
hosted by a third-party and requiring all official email (faculty and
staff) use the campus email system so the email would be archived.  Is
anyone else dealing with E-Discovery issues?

David Lundy

----
David Lundy
Acting IT Security Officer
University of the Pacific
Stockton, CA 95211
Email: dlundy () pacific edu
Voice: 209-946-3951
Fax: 209-946-2898


"Sadler, Connie" <Connie_Sadler () BROWN EDU> 11/08/06 12:02 PM >>>


Hi, all... we have more and more people (faculty and staff as well as
students) who want to forward their work-related messages, as well as
their personal messages, to one central email account, usually gmail.
Obviously, I am concerned about having potentially sensitive
university
email content sitting on a gmail server. What are you folks doing to
manage these sorts of requests? Are you preventing staff or faculty
from
doing this? If so, how has that worked? We are rapidly moving toward
expectations people have of having all of their messaging funneled to
one place, and while this is certainly convenient, I'm quite concerned
about how we can ensure a reasonable level of security.

Thanks -

Connie J. Sadler, CM, CISSP, CISM, GIAC GSLC
IT Security Officer
Brown University Box 1885, Providence, RI 02912
Connie_Sadler () Brown edu
Office: 401-863-7266
PGP Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x91E38EFB
PGP Fingerprint: DA5F ED84 06D7 1635 4BC7 560D 9A07 80BA 91E3 8EFB

Theresa Rowe
Assistant Vice President
University Technology Services
www.oakland.edu/uts - the latest news from University Technology Services
Previous By Date Next
Previous By Thread Next

Current thread: