Hi, All the Bursars in our region had a meeting with our LA and another LA about a new broadband system they are rolling out. During the conference they were told not to use Google Apps for Education as it is not secure and the data is not held in the UK.
How can they get away with saying this.
It depends on their own risk assessment - every LA and every organisation draw their 'acceptable to use' line differently. For me? I have looked into Google Apps and it is covered by the Safe Harbor agreement in the USA and has been determined to comply with EU data protection laws and UK data protection laws. So, its up to you - but you have to remember that ultimately the blame if something happens falls on you/your school if it goes wrong - which is why LAs lean on the side of caution.
Not to mention that often they have a preferred supplier for such things themselves but that'd never sway their opinion of course...
Do you have to take any notice of what the LA say even if you are not an academy?
Don't know how they can say it is not secure - it is the same product as google apps for business used by thousands of firms worldwide including legal companies.
Well, without saying too much, from experience I have found that LAs can use scare tactics to in an effort to make people use their preferred system.
Ultimately it is up to the school to decide whether they use it or not, but make sure you are aware of potential problems.
No. Schools have their own autonomy to make their own decisions, regardless of whether they're academies or not. However, some areas have more tightly integrated IT with their LEA than other areas. Personally, I'd tell them to keep their advice to themselves!Originally Posted by maark
But to say it was not secure and does not meet uk law is not true and has scared a bursar at one of my schools who has requested we use Office 365 and not Google based on this info.
Ha! I was once told by an LA bod not to use 365 for the very same reasons
Saying it is "not secure" is subjective. No computer system is completely secure. Ask to see their risk assessment.
Saying the data is not held in the UK is correct. However, Google Apps is covered under the Safe Harbor framework, so storing data in Google Apps is not automatically in breach of the Data Protection Act just because the data is held outside the EU. This fact is poorly understood by many, and is probably the most frequent reason for rejection of Google Apps in local government.
In short, the LA probably mean well, but they haven't done their homework. C-, must try harder, etc.
Or they have invested money in providing a platform and want people to use it?
/cynicism
Google Apps (for Business) is now ISO 27001 certified. Would that make them change their minds?
Today we are proud to announce that Google Apps for Business has earned ISO 27001 certification. ISO 27001 is one of the most widely recognized, internationally accepted independent security standards and we have earned it for the systems, technology, processes and data centers serving Google Apps for Business. Our compliance with the ISO standard was certified by Ernst & Young CertifyPoint, an ISO certification body accredited by the Dutch Accreditation Council, a member of the International Accreditation Forum (IAF). Certificates issued by Ernst & Young CertifyPoint are recognized as valid certificates in all countries with an IAF member.
Thanks for the link.Google Apps (for Business) is now ISO 27001 certified.
For me it is not about changing their minds, I don't give a hoot what they think or use. My issue is with incorrect or liable information being given out to a lot of schools who would take it as fact and then pass that info on to other schools.Would that make them change their minds?
The risk assessment has been talked about in other threads around DPA and cloud systems. The issue is partly around the local laws of the data centres.
If the data centre is within the EEA (not EU ... There is a difference) or within the US... People are more acceptable of the risk due to understanding and control on local laws. This is why MS tend to be viewed more acceptable as you can specify the data centre as EU only (therefore it is within the EEA) ... held in Ireland or Netherlands, with no duplication elsewhere.
This is not yet an option with Google Apps, and ISO27001 is superseded by local laws.
Personally I would prefer that folk educate schools about the risk and help them understand why such recommendations are given.
It is generally up to the school on this except where LAs are holding central data exchange agreements or where schools by into specific legal advice (eg they ask for advice, they get it but ignore it ... meaning if something goes wrong they cannot get further advice / cover).
YMMV
So what is the local law?and ISO27001 is superseded by local laws.
The fact they've stated it's not secure, I'd have to agree it's a bogus statement. Would Google really jeopardise their reputation this easily? I very much doubt it.
The data doesn't have to be held in the UK, it has or is recommended to be physically located anywhere in the EU, as all countries in the EU adhere to Data Protection Act(s).
I think the problem will get worse as there's a conflict of interest at heart. LAs have invested money in providing services such as e-mail, however, there are a growing number of cloud services being offered for free such as Office 365 and Google Apps which are far superior. LAs can't compete with this, end of whether they like it or not.
Your data isn't secure anyway because your teachers use terrible passwords, and your pupils use even worse passwords. At least google has free 2 factor auth.
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
LinkBack URL
About LinkBacks
