Companies operate for profit, you just need to stay in their profit margin and you'll probably be fine but drop out of the scope of profit and your for it. This is not limited to Google or even companies, large groups will also send you packing for some market share, Ubuntu anyone.
Last edited by SYNACK; 31st January 2013 at 11:40 AM.
As mentioned by many above, it's about risk management and an understanding of what the risk is, how likely it is to occur and what the impact would be should the identified risk occur is poorly understood as a concept, never mind applying to a specific situation. This goes for everything in school, from Data Protection, to allowing children to run in the playground. For DP, you need to consider the benefits of the facility you are providing, alongside the degree of risk you are currently exposing yourselves to with whatever system you currently have in place.
If it helps to make your case, a specific example of use of Google is Norfolk County Council. They use them widely in schools and for County Council business.
Google will be secure as anyone is these days, but its things like this that they are scared of.
BBC News - Experts warn on wire-tapping of the cloud
Leading privacy expert Caspar Bowden has warned Europeans using US cloud services that their data could be snooped on.
Indeed, Microsoft have in fact confirmed in the past that because they are a US company, the Patriot Act can be used by the US government to access any data they store, even in the Ireland datacentre.
Microsoft admits Patriot Act can access EU-based cloud data | ZDNet
Thanks for all the info and links. Very handy.
Safe Harbor is trumpted by the PATRIOT Act. But the UK ICO has a view on that scenario:
Basically: every government anywhere has provision to snoop. Don't worry about it..... ....however if you have strong audit requirements surrounding your storage and use of data and you use a cloud provider that wont customize their T+C's to meet your audit requirements, then you do have a problem.
My reading of the advice (and IANAL) is that the Safe Harbor and various external security certifications google have submitted themselves to should be adequate for Education.
What is more interesting (and potentially troublesome) is that accessing your MIS/email while you are abroad qualifies as a data transfer... and so if you are outside of the EEA you need a policy in place to cover it.
It appears that the crucial thing is that you have policies in place and that you have documented evidence that you have taken steps to ensure that they and the local relevent laws, protect the data as per EU Directives covering them.
Last edited by psydii; 1st February 2013 at 01:40 PM.
There are currently 1 users browsing this thread. (0 members and 1 guests)