Re: Gmail, etc. - Forwarding Email to Personal Accounts!

[Theresa M Rowe <rowe () OAKLAND EDU>]

Yes, no issue - I agree completely that legal opinion is needed (we are a state institution). The key is getting the 
legal opinion and acting in accordance with that opinion- and keeping the written order on file.  That's what we are 
doing, but so far our attorneys seem to be at odds with the directions that others are getting.
Theresa

---- Original message ----
> Date: Thu, 9 Nov 2006 13:32:16 -0500
> From: "Mclaughlin, Kevin L (mclaugkl)" <mclaugkl () UCMAIL UC EDU>
> Subject: Re: [SECURITY] Gmail, etc. - Forwarding Email to Personal Accounts!
> To: SECURITY () LISTSERV EDUCAUSE EDU
>
> I'll add to David's message that if you are a state institution you need
> to have your legal folks check relevant state statutes.  In Ohio the
> city of Akron was recently found "guilty" of not being able to produce
> time sheets for a couple of individuals (either hard copy or email) -
> the result was 860K in fines.
>
> We are "struggling" with what email retention looks like here at UC as
> well. So far our legal resources are leaning towards it being necessary
> but we haven't come up with what overall timings and policies should be.
>
> Here's a quote I recently received from our office of General Counsel:
>
> "Records retention is an important question with real consequences.  The
> city of Akron was recently ordered to pay $1000 per sheet for destroying
> and not being able to produce timesheets of two former employees--860
> sheets. Do the math."
>
>
> -Kevin
>
>
> Kevin L. McLaughlin
> CISM, CISSP, PMP, ITIL Master Certified
> Director, Information Security
> University of Cincinnati
> 513-556-9177 (w)
> 513-703-3211 (m)
> mclaugkl () ucmail uc edu
>
>
>
>
> CONFIDENTIALITY NOTICE: This e-mail message and its content is
> confidential, intended solely for the addressee, and may be legally
> privileged. Access to this message and its content by any individual or
> entity other than those identified in this message is unauthorized. If
> you are not the intended recipient, any disclosure, copying or
> distribution of this e-mail may be unlawful. Any action taken or omitted
> due to the content of this message is prohibited and may be unlawful.
>
>
> -----Original Message-----
> From: David Gillett [mailto:gillettdavid () FHDA EDU]
> Sent: Thursday, November 09, 2006 12:41 PM
> To: SECURITY () LISTSERV EDUCAUSE EDU
> Subject: Re: [SECURITY] Gmail, etc. - Forwarding Email to Personal
> Accounts!
>
>  What will happen if the opposing litigant produces what they
> claim is a copy of an email received from one of your officials,
> and you *can't* produce your own copy to show that theirs has
> been modified.  Just because YOU don't archive it doesn't mean no
> archive exists, just that no archive *you have any control over*
> exists.
>  I'm not a lawyer, but I think I'd rather have a court choosing
> between two pieces of evidence that disagree, than between one
> bit of damning evidence and nothing to refute it.  If an attorney
> advised me otherwise, I'd want it in writing....
>
> David Gillett
>
>
> > -----Original Message-----
> > From: Theresa M Rowe [mailto:rowe () oakland edu]
> > Sent: Thursday, November 09, 2006 5:46 AM
> > To: SECURITY () LISTSERV EDUCAUSE EDU
> > Subject: Re: [SECURITY] Gmail, etc. - Forwarding Email to
> > Personal Accounts!
> >
> > We are waiting for a legal opinion here.  Right now, we have
> > a mandate to do no archive and no backup - not even a single
> > backup for disaster recovery.  So there is nothing to recover
> > if asked, and it appears that is the way our attorneys like it.
> > Terrie
> >
> > ---- Original message ----
> > > Date: Wed, 8 Nov 2006 15:21:47 -0800
> > > From: David Lundy <dlundy () PACIFIC EDU>
> > > Subject: Re: [SECURITY] Gmail, etc. - Forwarding Email to
> > Personal Accounts!
> > > To: SECURITY () LISTSERV EDUCAUSE EDU
> > >
> > > All:
> > >     I not seen anyone else mention it, but the elephant in the room
> > > for us is E-Discovery.  If faculty and staff are allowed to forward
> > > email to a non-university personal account, they will no
> > doubt use that
> > > account for sending official email.  In addition replies to
> > emails sent
> > > from that account could return directly to that account.  We
> > would have
> > > no means of archiving that email which could be a serious
> > and possibly
> > > costly problem if we are sued.  We are looking at archiving
> > > possibilities which would have the requisite search tools, possibly
> > > hosted by a third-party and requiring all official email (faculty and
> > > staff) use the campus email system so the email would be
> > archived.  Is
> > > anyone else dealing with E-Discovery issues?
> > >
> > > David Lundy
> > >
> > > ----
> > > David Lundy
> > > Acting IT Security Officer
> > > University of the Pacific
> > > Stockton, CA 95211
> > > Email: dlundy () pacific edu
> > > Voice: 209-946-3951
> > > Fax: 209-946-2898
> > >
> > > > > > "Sadler, Connie" <Connie_Sadler () BROWN EDU> 11/08/06 12:02 PM >>>
> > >
> > > Hi, all... we have more and more people (faculty and staff as well as
> > > students) who want to forward their work-related messages,
> > as well as
> > > their personal messages, to one central email account, usually gmail.
> > > Obviously, I am concerned about having potentially sensitive
> > university
> > > email content sitting on a gmail server. What are you folks doing to
> > > manage these sorts of requests? Are you preventing staff or faculty
> > > from doing this? If so, how has that worked? We are rapidly moving
> > > toward expectations people have of having all of their messaging
> > > funneled to one place, and while this is certainly convenient, I'm
> > > quite concerned about how we can ensure a reasonable level
> > of security.
> > > Thanks -
> > >
> > > Connie J. Sadler, CM, CISSP, CISM, GIAC GSLC IT Security
> > Officer Brown
> > > University Box 1885, Providence, RI 02912 Connie_Sadler () Brown edu
> > > Office: 401-863-7266
> > > PGP Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x91E38EFB
> > > PGP Fingerprint: DA5F ED84 06D7 1635 4BC7 560D 9A07 80BA 91E3 8EFB
> > Theresa Rowe
> > Assistant Vice President
> > University Technology Services
> > www.oakland.edu/uts - the latest news from University
> > Technology Services
Theresa Rowe
Assistant Vice President
University Technology Services
www.oakland.edu/uts - the latest news from University Technology Services