legal entanglements of data retention and interaction with law
enforcement. Now you are not required to retain data until you become
party to a legal proceeding but it is still a hassle we don't need on
our limited budget.
In our case we have simply told law enforcement, on the couple of
occasions that they have come to us, that we do not provide email
services and so there is no data to retain. We then send them on to
the email provider, who ever that may be. Having no email server, or
even a file server in our case, means there is no data to retain and
the obligations then is shifted from our school to the various ISP's
that the families use.
We do not feel it is the duty of the school to be providing such
services to students or faculty they need to learn how to use
computers and the internet independently of the school. The internet
to us is simply a communications medium, like the phone we don't
retain data on the phone and how students and faculty use it (student
access phones cannot make long distance calls.) uses it for what. If
law enforcement wants information on the phones at our school they can
go talk to the phone company.
Greg
On Apr 10, 2008, at 6:30 AM, Johnson, Jason P Mr WRAMC_Wash DC wrote:
> Classification: UNCLASSIFIED
> Caveats: NONE
>
> Any hosted solution, and Google's in particular(as opposed to a
> dedicated hosting of an Exchange box), presents a number of risks. I
> myself, have warned of some of those risks as they relate to enforcing
> data retention policies, interaction with law enforcement, etc.
>
> But just because something has risk does not mean that the benefits do
> not outweigh the risks. Often legal, regulatory, and privacy issues
> are
> a source of big FUD (Fear Uncertainty and Doubt) in school IT because
> there is often a hazy understanding of the risks and consequences.
>
> The school I work with now does not have a strong IT infrastructure.
> They are at far greater risk of physical loss (due to equipment
> failure
> and poor backups), compromised network security (from within and
> without), and they cannot afford to purchase the functionality that
> Google Apps will provide (e.g. web based calendars that can be
> internal
> or external). I believe that Google's mitigation of these risks and
> other benefits far exceed any potential liability and to some degree
> (i.e. if there is a large data breach based on hacking to Google)
> Google
> provides a shield. Circumstances could easily change (e.g. they
> hire a
> full-time IT person) and my opinion would follow.
>
> In terms of risk based on privacy and Google's scanning you can trust
> that the legal, regulatory, and contractual protections are
> sufficient,
> or they are not. In my opinion those privacy risks are largely
> based on
> unknowns and that makes them more FUD than risks I can calculate
> against
> and present to a board as part of a cost-benefit analysis. Go too far
> down that road and it becomes pretty dystopian, pretty fast:
> http://www.radaronline.com/from-the-magazine/2007/09/google_fiction_evil
> _dangerous_surveillance_control_1.php
>
> If you are already experiencing problems that are large enough to
> drive
> users to non-school account for school vendors, I believe you are
> already at far greater risk than you would be with Google apps. But
> again, the details of each situation make all the difference.
>
> _J
> ___________________________________
>
> Jason Johnson - Program Director
> Web Services Branch - Walter Reed Army Medical Center Ingenium (ISO
> 9001:2000 certified)
> Office: 202-782-1047
> Cell: 202-262-0516
> jason.johnson@ingenium.net
> jason.p.johnson2@us.army.mil
>
> Classification: UNCLASSIFIED
> Caveats: NONE
>
> [ For info on ISED-L see http://www.gds.org/ISED-L ]
> Submissions to ISED-L are released under a creative commons,
> attribution, non-commercial, share-alike license.
> RSS Feed, http://listserv.syr.edu/scripts/wa.exe?RSS&L=ISED-L
[ For info on ISED-L see http://www.gds.org/ISED-L ]
Submissions to ISED-L are released under a creative commons, attribution, non-commercial, share-alike license.
RSS Feed, http://listserv.syr.edu/scripts/wa.exe?RSS&L=ISED-L
