Educause Security Discussion mailing list archives
Re: Policy - Employees using personal storage
From: "Giacobe, Nick" <nxg13 () PSU EDU>
Date: Fri, 19 Jul 2019 15:13:14 +0000
My university has no such policy directly. There are some indirect policies related to software license agreements. We have a difficult-to-enforce requirement that says that employees do not have the authority to bind the university to a contract with an external organization. Only authorized persons have the ability to do that. That includes click-through agreements for things like online services, software, etc. It is extremely difficult for the university to monitor and police such agreements. However, as a faculty member who teaches in security and risk, and in cybersecurity, I am cognizant that my organization will likely pin it all on me if I violate something like FERPA using such “free” or low cost, personal account and services. How would it happen? Let’s say that, as a faculty member, I sign up for Google’s free email service. The click-through agreement says that I “give Google (and those we work with) a worldwide license to use, host, store, reproduce, modify, create derivative works (such as those resulting from translations, adaptations or other changes we make so that your content works better with our Services), communicate, publish, publicly perform, publicly display and distribute such content. The rights you grant in this license are for the limited purpose of operating, promoting, and improving our Services, and to develop new ones. This license continues even if you stop using our Services (for example, for a business listing you have added to Google Maps).” https://policies.google.com/terms?gl=US&hl=en So, let’s say I do that. I sign up for Gmail, and Google “Publicly” displays and performs emails or google drive content to someone else in the world (because I gave them license to do that)…. And that content included the grades of my students. As an employee of the university, I have no authority to bind the university to such agreements. So if I did it… I did it personally. Who is responsible for the FERPA violation? Me. Personally…. And my institution will probably hang me out to dry. --- Nicklaus A. Giacobe, Ph.D. Director of Undergraduate Programs and Assistant Teaching Professor Phone: 814-865-8233 College of Information Sciences and Technology Penn State University E333 Westgate Building University Park, PA 16802 From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Keenan Martinez Sent: Friday, July 19, 2019 5:04 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Policy - Employees using personal storage Good day, Can members advise how they treat with employees who use their personal online storage (Gmail, Hotmail, Dropbox, etc) to store company files instead of company assigned storage? Is there a policy there would guide the restricted use? Thanks in advance. Regards, Keenan Martinez Manager - Information Technology & METS The Arthur Lok Jack Global School of Business 1, Max Richards Drive, Uriah Butler Highway North West, Mt. Hope. Trinidad & Tobago (UTC -4 hours) Mt. Hope, Trinidad, W.I. Tel : (868) 645-6700 ext: 333| (868) 498-0764 | Email : k.martinez () lokjackgsb edu tt|<mailto:k.martinez () lokjackgsb edu tt|> www.lokjackgsb.edu.tt<https://nam01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.lokjackgsb.edu.tt%2F&data=02%7C01%7Cnxg13%40psu.edu%7Cd2ebeff5e61a4650b50408d70c414bc7%7C7cf48d453ddb4389a9c1c115526eb52e%7C0%7C0%7C636991346956547033&sdata=h2SdecS7Z13cBbFmt8mX0ifnbDIr1OfWw2wzHNtBgCQ%3D&reserved=0> [signature_1247171682] Empowering UWI-ALJGSB to thrive in a digital world _____________________________________________________________________ Please note that this message and any attachments may contain confidential and proprietary material and information and are intended only for the use of the intended recipient(s). If you are not the intended recipient, you are hereby notified that any review, use, disclosure, dissemination, distribution or copying of this message and any attachments is strictly prohibited. If you have received this email in error, please immediately notify the sender and destroy this e-mail and any attachments and all copies, whether electronic or printed. Thank you.
Current thread:
- Policy - Employees using personal storage Keenan Martinez (Jul 19)
- Re: Policy - Employees using personal storage Jerry Tylutki (Jul 19)
- Re: Policy - Employees using personal storage Giacobe, Nick (Jul 19)
- <Possible follow-ups>
- Re: Policy - Employees using personal storage King, Ronald A. (Jul 19)
- Re: Policy - Employees using personal storage Jimmy Surrett (Jul 19)
- Re: Policy - Employees using personal storage Jack Suess (Jul 19)
- Re: Policy - Employees using personal storage Jones, Mark B (Jul 21)
- Re: Policy - Employees using personal storage Keenan Martinez (Jul 22)
- Re: Policy - Employees using personal storage King, Ronald A. (Aug 15)