Re: Gmail, etc. - Forwarding Email to Personal Accounts!

[David Gillett <gillettdavid () FHDA EDU>]

  What will happen if the opposing litigant produces what they
claim is a copy of an email received from one of your officials,
and you *can't* produce your own copy to show that theirs has
been modified.  Just because YOU don't archive it doesn't mean no
archive exists, just that no archive *you have any control over*
exists.
  I'm not a lawyer, but I think I'd rather have a court choosing
between two pieces of evidence that disagree, than between one
bit of damning evidence and nothing to refute it.  If an attorney
advised me otherwise, I'd want it in writing....

David Gillett


> -----Original Message-----
> From: Theresa M Rowe [mailto:rowe () oakland edu]
> Sent: Thursday, November 09, 2006 5:46 AM
> To: SECURITY () LISTSERV EDUCAUSE EDU
> Subject: Re: [SECURITY] Gmail, etc. - Forwarding Email to
> Personal Accounts!
>
> We are waiting for a legal opinion here.  Right now, we have
> a mandate to do no archive and no backup - not even a single
> backup for disaster recovery.  So there is nothing to recover
> if asked, and it appears that is the way our attorneys like it.
> Terrie
>
> ---- Original message ----
> > Date: Wed, 8 Nov 2006 15:21:47 -0800
> > From: David Lundy <dlundy () PACIFIC EDU>
> > Subject: Re: [SECURITY] Gmail, etc. - Forwarding Email to
> Personal Accounts!
> > To: SECURITY () LISTSERV EDUCAUSE EDU
> >
> > All:
> >     I not seen anyone else mention it, but the elephant in the room
> > for us is E-Discovery.  If faculty and staff are allowed to forward
> > email to a non-university personal account, they will no
> doubt use that
> > account for sending official email.  In addition replies to
> emails sent
> > from that account could return directly to that account.  We
> would have
> > no means of archiving that email which could be a serious
> and possibly
> > costly problem if we are sued.  We are looking at archiving
> > possibilities which would have the requisite search tools, possibly
> > hosted by a third-party and requiring all official email (faculty and
> > staff) use the campus email system so the email would be
> archived.  Is
> > anyone else dealing with E-Discovery issues?
> >
> > David Lundy
> >
> > ----
> > David Lundy
> > Acting IT Security Officer
> > University of the Pacific
> > Stockton, CA 95211
> > Email: dlundy () pacific edu
> > Voice: 209-946-3951
> > Fax: 209-946-2898
> >
> > > > > "Sadler, Connie" <Connie_Sadler () BROWN EDU> 11/08/06 12:02 PM >>>
> >
> > Hi, all... we have more and more people (faculty and staff as well as
> > students) who want to forward their work-related messages,
> as well as
> > their personal messages, to one central email account, usually gmail.
> > Obviously, I am concerned about having potentially sensitive
> university
> > email content sitting on a gmail server. What are you folks doing to
> > manage these sorts of requests? Are you preventing staff or faculty
> > from doing this? If so, how has that worked? We are rapidly moving
> > toward expectations people have of having all of their messaging
> > funneled to one place, and while this is certainly convenient, I'm
> > quite concerned about how we can ensure a reasonable level
> of security.
> > Thanks -
> >
> > Connie J. Sadler, CM, CISSP, CISM, GIAC GSLC IT Security
> Officer Brown
> > University Box 1885, Providence, RI 02912 Connie_Sadler () Brown edu
> > Office: 401-863-7266
> > PGP Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x91E38EFB
> > PGP Fingerprint: DA5F ED84 06D7 1635 4BC7 560D 9A07 80BA 91E3 8EFB
> Theresa Rowe
> Assistant Vice President
> University Technology Services
> www.oakland.edu/uts - the latest news from University
> Technology Services