Is it me [ again ] or do I get the impression that teaching staff have a very blase attitude towards AUPS and data privacy ?
Tell me if you think I'm over reacting but if a school wishes to use google docs and it's applications [ including mail ] - do you think it would be wise to include in your ICT policy and to protect your own ass, what google actually does with the data ?
I'm talking about their terms and conditions etc - what info they gather on the documents and mail the school uses - along with anything else. [ As on checking it is quite a bit and some people [ especially parents ] may not be happy with that sort of thing.
I would like to think it's a good idea to make parents aware of this or even get them to sign something to indicate they are happy with this type of scanning that google does. It only takes something small and all sorts of legal aspects can come to the light and a school finding itself in legal wranglings
Would be interesting to hear others views and of course experiences.
I think you're correct to raise it, but Google is not as unsafe in terms of data protection as some (*cough* MS *cough*) might suggest.
When a Google account is first accessed, the user has to accept the T&Cs themselves. This is true even of Apps accounts. Personally, I doubt they are any more likely to read your own AUP than the Google one they have to accept, so I don't think putting it in your user AUP would accomplish much. Also, if you disable ads on a Google Apps for Business or Education account, they don't do any ad-related scanning or processing.
I would think about notifying parents if sensitive data was being routinely held on Google's servers, but I would be inclined to simply point them at Google privacy policies. I wouldn't go as far as getting a signature, mainly because without proper legal wording, such an agreement could easily be contested in court anyway if push came to shove.
Thanks for the links - that is the sort of thing we can point to in regards to info for the parents. Just to make them aware [ as I feel that is important ] as there is a always a few which will ask questions. [ If we ever went down this route ]
I also would raise the questions in regards to who would be liable if say illegal content was passed around on Gmail accounts [ Education ] - would it be the school still or Google ?
If it came a legal problem would the school still be involved even though the data was being held elsewhere ? The same sort of questions pop into my head when it comes to those nasty E-mails that sometimes get posted around - is there any sort of 'vetting' that staff can do ?
Having this sort of thing is all fine and as we know teachers & schools tend to jump straight in without really thinking about it first and looking at the wider picture. Personally I would rather keep E-mail and files / data etc in house than trusting it with 'The cloud' - it makes management of the ICT in school easier [ even though it may cost more in regards to storage and equipment ] - to me having this sort of thing is a 'bonus' if your usual tools are not available but not a proper solution.
Regarding illegal content: since each user has to agree to the T&Cs themselves, they would be individually liable. Not sure how that applies to minors, however. I suspect if a police investigation needed access to data, it could be tricky (for them) because the data is in another jurisdiction, but it would actually be less of a headache for you since they shouldn't need to seize any of the school's equipment.
For monitoring accounts, you can use Postini to set up watchlists for particular words/phrases, though it's not the easiest thing to set up. In our case, we are one-way syncing passwords from our AD, so if I need to look at a pupil's mailbox, I can reset the password in the Google Apps console, log in, then resync the password from the AD again to put it back to what it was before. We don't use Gmail for staff, but the same procedure would work for them too.