Re: Personal Email and other Services

["King, Ronald A." <raking () NSU EDU>]

Own in the sense that the 3rd party assumes the rights to do with the data as they see fit without adhering to the 
institutions applicable state, local and internal laws, policies and standards. It is a slippery slope that our 
users/customers do not get.

Ronald King
Chief Information Security Officer
 
Office of Information Technology
(757) 823-2916 (Office)
raking () nsu edu
www.nsu.edu
@NSUCISO (Twitter)



-----Original Message-----
From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Valdis Kletnieks
Sent: Monday, May 6, 2019 11:04 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Personal Email and other Services

On Mon, 06 May 2019 20:53:39 -0000, "King, Ronald A." said:
>  Unless there has been a major shift in the T&Cs, these third parties 
> own the data once transferred.

Literally own, or merely claim permission to use and monetize the data without your consent?  There's a big difference. 
 For example, I'm pretty sure that no court would view the mere act of uploading as being a valid transfer of copyright 
- SCO's lawsuit against IBM tanked because they couldn't produce a written transfer or copyright for the AT&T source 
code.

And the provider's lawyers would be totally backpedalling the "owned" thing if data that had legal issues attached got 
uploaded - somebody parks a pirated copy of Ariana Grande's not-yet-released video and the provider is in a world of 
hurt.

Even more so it was data that had exposure to criminal legal liability....