Educause Security Discussion mailing list archives

Re: E-mail and Data Privacy Issues around Law School and Professional Clinics

From: "Plesco, Todd" <tplesco () CHAPMAN EDU>
Date: Tue, 11 Aug 2009 13:52:44 -0700

This is a great question, Chris.  

 

Do you have a PKI email solution in parts of campus which could augment
that problem?

 

Todd A. Plesco  CISM, CBCP

Chapman University, Director of Information Security

One University Drive, Orange, CA 92866

Phone: (714) 744-7979/Fax: (714) 744-7041

 

From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Gregg, Christopher
S.
Sent: Tuesday, August 11, 2009 11:26 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] E-mail and Data Privacy Issues around Law School and
Professional Clinics

 

I apologize if this has been covered, but I didn't see anything in the
archives.

 

Have any of you run into the issue of trying to provide additional
levels of data privacy, or running a separate e-mail service for
professional clinics, law schools, or similar entities at your
institutions?

 

We're a centralized Exchange shop for the entire university for e-mail
and we're being asked about providing separate e-mail for our
professional clinics and law school as a means of segregating the data
from e-discovery and being able to enforce a different (read that
higher) level of data privacy.  The concerns stem from issues of faculty
and at times law students working as attorney's using university systems
for communications and the need to maintain attorney/client privacy.  

 

The scenarios we're coming up with are not very attractive, and I am
curious to hear if others have already tackled this or opted to address
this in other ways (like living with the risk).  

 

Our scenarios so far are:

 

1.       Outsource this e-mail another provider - lose control to a
degree and cannot retain school domain name

2.       Setup a second non-Exchange system (iMail or something like
that) - separate system to manage and not hooked into automated account
process

3.       Run a separate Exchange environment - costly, overkill, and may
not even be possible in our architecture (at least with our school
domain name)

 

I am also curious if we fall in a unique niche of having a law school
and professional clinic, but being small enough that we have a single
centralized e-mail and account infrastructure.

 

Thanks in advance for any feedback you're willing to share,

 

Chris

 

Chris Gregg
Director of Information Technology
Information Resources and Technologies
University of St. Thomas
2115 Summit Avenue
St. Paul, Minnesota 55105
csgregg () stthomas edu

Current thread:

Re: E-mail and Data Privacy Issues around Law School and Professional Clinics Plesco, Todd (Aug 11)
- <Possible follow-ups>
- Re: E-mail and Data Privacy Issues around Law School and Professional Clinics Gregg, Christopher S. (Aug 12)
- Re: E-mail and Data Privacy Issues around Law School and Professional Clinics Mike Wiseman (Aug 12)