Google Apps @ Agnes Scott - Security Best Practices
By its nature, email is an unsecured medium for sharing sensitive information. Once you send an email, you're no longer in control of the information it contains. As a rule of thumb, do not provide credit card or financial account information in response to an email message and never share your password with anyone. Google and Agnes Scott will never send you an email asking you for your password, your social security number, or other personal information — so don't send it!
- Review the college’s Acceptable Use Policy. (http://www.agnesscott.edu/its/policies-procedures/acceptable-use-policy.html)
and Appropriate Use of Email
- Agnes Scott has enabled and enforced data encryption in transit for all email going to or being read via the Google Apps @ Agnes Scott service by Web browsers (HTTPS).
- You cannot guarantee that the recipient’s email service is retrieving the information via a secure channel. As a result, it is helpful to think of email as sending a postcard, so you should never include Social Security or credit card numbers or other sensitive information in an unencrypted email message.
- When you leave your desk, lock your computer screen or log off your computer to keep someone from accessing your mailbox or other mailboxes you have access to while you are away.
Data in Relation to Google Apps @ Agnes Scott
- Google does not own your data.
- Google does not share your data.
- Google keeps the data as long as you want them to.
- Google deletes the data when you ask them to.
- Family Educational Rights and Privacy Act (FERPA)
Family Educational Rights and Privacy Act (FERPA) is a federal law that
protects the privacy of student education records. Student data protected by
FERPA is permitted in Google Apps @ Agnes Scott services. It is subject to
access by school officials who have a legitimate educational interest as well
as by other identified officials, as defined and identified by the college’s
FERPA privacy regulation.
To the extent that Google has access to student educational records as a contractor for the college, it is deemed a “school official,” as defined by FERPA, under the Google Apps @ Agnes Scott Agreement and will comply with its obligations under FERPA. Personally identifiable student data should never be made publicly accessible without the student’s signed, written consent.
- Financial Information
Pursuant to Federal laws, Agnes Scott has a duty to safeguard every type of nonpublic, personally identifiable financial information. In addition, Agnes Scott must protect payment/credit card data and related account information. Examples include information provided on an application for a credit card, payment history, and account balance information. In order to continue to safeguard and protect Users’ financial information, Users should not utilize Google Apps @ Agnes Scott to share or transmit any form of financial account or credit card information.
- The Health Insurance Portability Accountability Act (HIPAA) and Protected Health Information (PHI)
Individually-identifiable health information is legally protected by Federal HIPAA Privacy and Security laws as well as Georgia laws related to medical record confidentiality. Email, by its nature, is not a secure medium for sharing sensitive information, and Google Apps @ Agnes Scott should not be used to store or transmit protected health information (PHI) unless appropriate methods for securely transmitting the information can be identified.