PLEASE NOTE: These are test pages published only to gather feedback about the design.
Send feedback to gpilot@umn.edu. See the Google Initiative site for current information.
Storing faculty and staff data, and storing data with specific legal requirements for privacy certainly introduces additional security concerns and complexity.
Under our contract, Google will protect University data with the "same standard of care with which it protects its own confidential information." Google will disclose University information only when required by law, and then only after giving the University the opportunity to challenge the disclosure request.
OIT standards and guidelines state:
The University of Minnesota has a responsibility to maintain high standards of security for private/non-public electronic information. University data that is stored on or accessed by computers and other electronic devices must be secured against intentional or unintentional loss of confidentiality, integrity, or availability regardless of location (off-campus, on-campus, home computer, etc.).
See: STANDARD—Securing Private Data (Appendix G).
These guidelines further state that "computers and other devices must be either continuously managed or reviewed on an ongoing basis for appropriate security measures by a full-time information technology professional, such as competent local information technology support staff. These reviews must include adherence to baseline security requirements as well as additional strategies for protecting the information."
The federal Health Insurance Portability and Accountability Act (HIPAA) privacy rule protects the privacy of individually identifiable health information. General information about HIPAA regulations can be found at Health Information Privacy. For more information or questions about how the HIPAA rule applies specifically to University health information, contact the University of Minnesota privacy officer at (612) 624-7447 or privacy@umn.edu.
The Family Educational Rights and Privacy Act (FERPA) is a federal law that protects the privacy of a student’s education records. The law applies to all schools that receive funds under an applicable program of the U.S. Department of Education, and applies to all records directly related to a student and maintained by the University.
For example, highly sensitive information about a student such as Social Security or credit card numbers, and student grades should never be stored in Google, in accordance with FERPA and the University of Minnesota's Acceptable Use of Information Technology Resources policy governing the use, transmission, and storage of highly sensitive information. Student grades, for instance, are best stored in a secure course management system. More information about FERPA rules can be found at Family Educational Rights and Privacy Act (FERPA).
Google does not own your data.
For further reference, see www.google.com/intl/en/privacypolicy.html. For a clearly-worded explanation of Google's privacy and security policies, see www.google.com/support/a/bin/answer.py=60762.