Educause Security Discussion mailing list archives
Re: Faculty & Staff E-mail Forwarding to Outside Providers
From: Bob Kalal <kalal.1 () OSU EDU>
Date: Fri, 30 Jan 2009 13:25:16 -0500
A quick poll after reading Frank's note ...Does your public institution operate under state or local laws, rules, or policies that:
- Prohibit the storage of state or institution data or sensitive information on non-state/institution or personal computers or devices?
- Require encryption of state or institution data or sensitive information during transmission in a non-secured telecommunications environment?
Thanks, I'll summarize for the list. Bob Kalal Director, IT Policy THE Ohio State University On Jan 29, 2009, at 2:58 PM, Moore, Frank wrote:
Michael,We are a state University within the Commonwealth of Virginia. The state does not allow Commonwealth data on non-Commonwealth machines. The one possible exception to this is when a vendor needs the data to set up a server we are buying/using. In that case there is a data disclosure (read “breach”) part of the contract. As a result, we do not allow faculty/staff to forward their e-mail to a non Longwood University account.Thanks, Frank Moore F. X. Moore III, Ph.D. Vice President and CIO Longwood University 201 High Street Farmville, VA 23909 [voice] 434.395.2034 [fax] 434.395.2035 moorefx () longwood edu http://www.longwood.edu IITS will never ask for your password in an email. Don't ever email your password to anyone! On 1/29/09 1:01 PM, "Miller, Don C." <donm () UIDAHO EDU> wrote:Michael, we do allow employees to forward e-mail without assistance from IT (we are using exchange 2003). There have been forwarding loop issues in the past but as you mention the biggest concern we have, which has not been brought to our counsel, is not only FERPA guidelines but public records requests; record retention/archiving; personnel action, investigation and review; intellectual property rights and control, etc. We have around 2500 employees and we have to “freeze” accounts for review about 20 times a year and we usually have at least 1 major request to archive records for multiple users. Our administrative procedures manual is vague on the topic other than the ownership of all data (including e-mail) is retained by the institution regardless of where it is stored.Don Miller University of IdahoFrom: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU ] On Behalf Of Stanclift, MichaelSent: Thursday, January 29, 2009 7:12 AM To: SECURITY () LISTSERV EDUCAUSE EDUSubject: [SECURITY] Faculty & Staff E-mail Forwarding to Outside ProvidersJust curious how many of you permit employees to forward their work email to non-campus managed email providers. We will periodically setup forwards for them as requested, but have started to wonder if this may be a FERPA violation since students are not aware their information is being released to a third party service, where as if the professor asks them to use a non-campus email, at least they’re aware of it when sending it.We’ve always disliked the practice because it’s just additional overhead for us and makes it difficult to track down messages sent to people, or recover them if they delete them. But is there a legal reason behind not doing it?Michael Stanclift Network Analyst Rockhurst University http://help.rockhurst.edu <http://help.rockhurst.edu/> (816) 501-4231
Current thread:
- Faculty & Staff E-mail Forwarding to Outside Providers Stanclift, Michael (Jan 29)
- <Possible follow-ups>
- Re: Faculty & Staff E-mail Forwarding to Outside Providers Ken Connelly (Jan 29)
- Re: Faculty & Staff E-mail Forwarding to Outside Providers Stanclift, Michael (Jan 29)
- Re: Faculty & Staff E-mail Forwarding to Outside Providers Tupker, Mike (Jan 29)
- Re: Faculty & Staff E-mail Forwarding to Outside Providers Sabo, Eric (Jan 29)
- Re: Faculty & Staff E-mail Forwarding to Outside Providers Ken Connelly (Jan 29)
- Re: Faculty & Staff E-mail Forwarding to Outside Providers Stanclift, Michael (Jan 29)
- Re: Faculty & Staff E-mail Forwarding to Outside Providers Miller, Don C. (Jan 29)
- Re: Faculty & Staff E-mail Forwarding to Outside Providers Moore, Frank (Jan 29)
- Re: Faculty & Staff E-mail Forwarding to Outside Providers Bob Kalal (Jan 30)