Using Google Apps
- Getting Started
- Using Gmail
- Using Google Drive
- Using Google Calendar
- Using Google+
- Using Google Groups
- Using Google Sites
In October 2009, the Office of Information Technology (OIT) began to offer Google accounts to University of Minnesota students, faculty, and staff. The information provided below explains the appropriate use of private and sensitive data as it relates to your role at the University.
The University of Minnesota and Google have negotiated contractual terms and conditions that protect the privacy and confidentiality of University student, faculty, staff, and alumni data in the U of M Google Apps suite of services. As a result, you may use Google Apps for the University of Minnesota to conduct University activities that are aligned with your role at the University, provided that you do so according to the University’s Acceptable Use Policy, found at www.policy.umn.edu/Policies/it/Use/ITRESOURCES.html and according to the restrictions that are outlined in this document for certain types of data.
The Family Educational Rights and Privacy Act (FERPA) is a federal law that protects the privacy of student education records. Student data protected by FERPA is permitted in the U of M Google Apps services, provided that the information is shared only between the student and those who have a legitimate education-related interest as defined by University’s Managing Student Records policy. Student data should never be made publicly accessible. www.policy.umn.edu/Policies/Education/Student/STUDENTRECORDS.html.
Email, by its nature, is not a secure medium for sharing sensitive information, and Google Apps should not be used to store or transmit protected health information (PHI). Individually-identifiable health information is legally protected by Federal HIPAA Privacy and Security laws as well as Minnesota State regulations.
Protected health information should remain in a record system designed to contain health information and should be de-identified (stripped of all 18 HIPAA identifiers) before being shared electronically. See the University’s ‘De-Indentifying Data’ procedures. If de-identifying the information is not possible, appropriate methods for securely transmitting the information include:
Additional obligations to remember when sharing PHI:
All questions or concerns regarding HIPAA or protected health information should be directed to:
Privacy and Security Office
University of Minnesota
Export controlled information is not permitted in U of M Google Apps. It can be a federal crime to share export-controlled information with collaborators who are not United States citizens or permanent United States residents. Because the requirements for Export Controlled data are contrary to the University’s Openness in Research Policy, found at www.umn.edu/regents/policies/academic/Openness_in_Research.html, the University of Minnesota takes every reasonable step to avoid receiving or maintaining Export Controlled information.
If you think that you have export controlled restrictions placed on your data, see www.research.umn.edu/regulations/export_controls.html.
Please note that email, by its nature, is an unsecure medium for sharing sensitive information. Just as you wouldn’t include your Social Security number or credit card number in an email message, you should not include export controlled data in email. If this is simply not practical, then you need to de-identify the data to assure its privacy.
Export controlled data are legally protected and of high consequence.
Google Apps users can invite other Google Apps users, both within the University and outside the University, to view data, co-edit documents, and use other collaboration tools. It is the responsibility of each user to ensure appropriate sharing controls are used in order to protect intellectual property placed in Google Apps for the University of Minnesota, as well as to prevent accidental or undesirable file sharing.
* Google does not own your data.
* Google does not share your data.
* Google keeps the data as long as you want them to.
* Google deletes the data when you ask them to.
It's important to remember that there is a difference between University of Minnesota Google Apps accounts and personal Google/Gmail.com accounts. They are totally separate from each other, and fall under separate and different contractual agreements, as well as different terms of service. Institutions that use Google Apps for their email, calendar and the other core applications, have individual contracts with Google that define how data is handled and stored.